| version 1.2, 2001/04/25 14:10:53 |
version 1.3, 2001/05/30 04:04:54 |
|
|
| <a name=all></a> |
<a name=all></a> |
| <li><h3><font color=#e00000>All architectures</font></h3> |
<li><h3><font color=#e00000>All architectures</font></h3> |
| <ul> |
<ul> |
| |
<a name=sendmail></a> |
| |
<li><font color=#009000><strong>028: SECURITY FIX: May 29, 2001</strong></font><br> |
| |
The signal handlers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sen |
| |
dmail&sektion=8&format=html">sendmail(8)</a> contain code that is unsafe in the |
| |
context of a signal handler. This leads to potentially serious |
| |
race conditions. At the moment this is a theoretical attack only |
| |
and can only be exploited on the local host (if at all).<br> |
| |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/028_sendmail.patch">A source code patch exists</a> which remedies the problem by updating sendmail to version 8.11.4. |
| |
<p> |
| <a name=ipf_frag></a> |
<a name=ipf_frag></a> |
| <li><font color=#009000><strong>027: SECURITY FIX: Apr 23, 2001</strong></font><br> |
<li><font color=#009000><strong>027: SECURITY FIX: Apr 23, 2001</strong></font><br> |
| IPF has a serious problem with fragment cacheing, the bug is triggered if you use the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=5">ipf(5)</a> syntax "keep state".<br> |
IPF has a serious problem with fragment cacheing, the bug is triggered if you use the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=5">ipf(5)</a> syntax "keep state".<br> |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata28.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www