=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata28.html,v retrieving revision 1.32 retrieving revision 1.33 diff -c -r1.32 -r1.33 *** www/errata28.html 2003/10/24 22:12:40 1.32 --- www/errata28.html 2003/11/21 16:55:16 1.33 *************** *** 8,13 **** --- 8,14 ---- +
*************** *** 50,61 **** consult the OpenBSD FAQ.
!
!
!
!
!
!
!
!
!
!
!
!
!
--- 137,183 ----
application is mysql).
!
!
!
!
!
!
!
!
***************
*** 194,225 ****
A security hole exists in lpd(8)
that may allow an attacker with line printer access to gain root
privileges. A machine must be running lpd to be vulnerable (OpenBSD
--- 66,73 ----
A source code patch exists which remedies the problem
A security hole exists in lpd(8)
that may allow an attacker with line printer access to gain root
privileges. A machine must be running lpd to be vulnerable (OpenBSD
***************
*** 77,99 ****
A source code patch exists which remedies the problem
A security hole exists in sendmail(8)
that may allow an attacker on the local host to gain root privileges by
specifying out-of-bounds debug parameters.
A source code patch exists which remedies the problem
A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
A source code patch exists which remedies the problem.
Programs using the fts(3)
routines (such as rm, find, and most programs that take a -R
flag) can be tricked into changing into the wrong directory if the
--- 77,99 ----
A source code patch exists which remedies the problem
A security hole exists in sendmail(8)
that may allow an attacker on the local host to gain root privileges by
specifying out-of-bounds debug parameters.
A source code patch exists which remedies the problem
A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
A source code patch exists which remedies the problem.
Programs using the fts(3)
routines (such as rm, find, and most programs that take a -R
flag) can be tricked into changing into the wrong directory if the
***************
*** 103,110 ****
A source code patch exists which remedies the problem.
This is the second version of the patch.
The signal handlers in sendmail(8) contain code that is unsafe in the
context of a signal handler. This leads to potentially serious
--- 103,110 ----
A source code patch exists which remedies the problem.
This is the second version of the patch.
The signal handlers in sendmail(8) contain code that is unsafe in the
context of a signal handler. This leads to potentially serious
***************
*** 112,134 ****
and can only be exploited on the local host (if at all).
A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.
IPF has a serious problem with fragment caching, the bug is triggered if you use the ipf(5) syntax "keep state".
A source code patch exists which remedies the problem.
ftpd(8) has a potential DoS related to glob(3). This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have 025_glob.patch installed before installing this patch.
A source code patch exists which remedies the problem.
glob(3) contains multiple buffer overflows.
A source code patch exists which remedies the problem.
The readline library shipped with OpenBSD allows history files creation
with a permissive
umask(2).
--- 112,134 ----
and can only be exploited on the local host (if at all).
A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.
IPF has a serious problem with fragment caching, the bug is triggered if you use the ipf(5) syntax "keep state".
A source code patch exists which remedies the problem.
ftpd(8) has a potential DoS related to glob(3). This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have 025_glob.patch installed before installing this patch.
A source code patch exists which remedies the problem.
glob(3) contains multiple buffer overflows.
A source code patch exists which remedies the problem.
The readline library shipped with OpenBSD allows history files creation
with a permissive
umask(2).
***************
*** 137,183 ****
application is mysql).
A source code patch exists which remedies the problem.
Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun leading to a remote DoS. This option is not on by default.
A source code patch exists which remedies the problem.
There is an exploitable heap corruption bug in
sudo.
A source code patch exists which remedies the problem.
Client side ident protocol was broken in libwrap, affecting anything using libwrap including tcpd. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.
A source code patch exists which remedies the problem.
Fix memory allocation in the PCI LANCE driver, le. A side effect of this is that OpenBSD under VMWare now works again.
A source code patch exists which remedies the problem.
Merge named
with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities (actually it appears
that these were already impossible to exploit beforehand).
A source code patch exists which remedies the problem.
The rnd(4) device does not use all of its input when data is written to it.
A source code patch exists which remedies the problem.
Allow ThunderLAN cards to share interrupts nicely.
A source code patch exists which remedies the problem.
Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.
A source code patch exists which remedies the problem.
A source code patch exists which remedies the problem.
Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun leading to a remote DoS. This option is not on by default.
A source code patch exists which remedies the problem.
There is an exploitable heap corruption bug in
sudo.
A source code patch exists which remedies the problem.
Client side ident protocol was broken in libwrap, affecting anything using libwrap including tcpd. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.
A source code patch exists which remedies the problem.
Fix memory allocation in the PCI LANCE driver, le. A side effect of this is that OpenBSD under VMWare now works again.
A source code patch exists which remedies the problem.
Merge named
with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities (actually it appears
that these were already impossible to exploit beforehand).
A source code patch exists which remedies the problem.
The rnd(4) device does not use all of its input when data is written to it.
A source code patch exists which remedies the problem.
Allow ThunderLAN cards to share interrupts nicely.
A source code patch exists which remedies the problem.
Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.
A source code patch exists which remedies the problem.
1. A symlink problem was discovered in the KerberosIV password checking routines /usr/bin/su and /usr/bin/login, which makes it possible for a --- 194,225 ----
!
!
!
!
!
1. A symlink problem was discovered in the KerberosIV password checking routines /usr/bin/su and /usr/bin/login, which makes it possible for a *************** *** 233,247 **** A source code patch exists which remedies the problem.
!
!
!
!
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz !
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz !
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz !
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz !
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz !
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz !
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz !
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz !
!
!
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz !
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz !
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz !
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz !