=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata28.html,v retrieving revision 1.29 retrieving revision 1.30 diff -u -r1.29 -r1.30 --- www/errata28.html 2002/10/17 21:38:38 1.29 +++ www/errata28.html 2003/03/06 21:44:07 1.30 @@ -1,8 +1,8 @@ - +
-
-
@@ -193,31 +193,31 @@
-A security hole exists in lpd(8)
+
+A security hole exists in lpd(8)
that may allow an attacker with line printer access to gain root
privileges. A machine must be running lpd to be vulnerable (OpenBSD
does not start lpd by default). Only machines with line printer
@@ -76,23 +76,23 @@
A source code patch exists which remedies the problem
-A security hole exists in sendmail(8)
+
+A security hole exists in sendmail(8)
that may allow an attacker on the local host to gain root privileges by
specifying out-of-bounds debug parameters.
A source code patch exists which remedies the problem
-A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
+A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
A source code patch exists which remedies the problem.
-Programs using the fts(3)
+
+Programs using the fts(3)
routines (such as rm, find, and most programs that take a -R
flag) can be tricked into changing into the wrong directory if the
parent dir is changed out from underneath it. This is similar to
@@ -102,80 +102,80 @@
This is the second version of the patch.
+
The signal handlers in sendmail(8) contain code that is unsafe in the
+dmail&sektion=8&format=html">sendmail(8)
A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.
+
IPF has a serious problem with fragment caching, the bug is triggered if you use the ipf(5) syntax "keep state".
A source code patch exists which remedies the problem.
-ftpd(8) has a potential DoS related to glob(3). This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have 025_glob.patch installed before installing this patch.
+
+ftpd(8) has a potential DoS related to glob(3). This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have 025_glob.patch installed before installing this patch.
A source code patch exists which remedies the problem.
-glob(3) contains multiple buffer overflows.
+
+glob(3) contains multiple buffer overflows.
A source code patch exists which remedies the problem.
+
The readline library shipped with OpenBSD allows history files creation
with a permissive
-umask(2).
+umask(2).
This can lead to the leakage of sensitive information in applications
that use passwords and the like during user interaction (one such
application is mysql).
A source code patch exists which remedies the problem.
+
Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun leading to a remote DoS. This option is not on by default.
A source code patch exists which remedies the problem.
+
There is an exploitable heap corruption bug in
-sudo.
+sudo.
A source code patch exists which remedies the problem.
-Client side ident protocol was broken in libwrap, affecting anything using libwrap including tcpd. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.
+
+Client side ident protocol was broken in libwrap, affecting anything using libwrap including tcpd. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.
A source code patch exists which remedies the problem.
-Fix memory allocation in the PCI LANCE driver, le. A side effect of this is that OpenBSD under VMWare now works again.
+
+Fix memory allocation in the PCI LANCE driver, le. A side effect of this is that OpenBSD under VMWare now works again.
A source code patch exists which remedies the problem.
-Merge named
+
+Merge named
with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities (actually it appears
that these were already impossible to exploit beforehand).
A source code patch exists which remedies the problem.
-The rnd(4) device does not use all of its input when data is written to it.
+
+The rnd(4) device does not use all of its input when data is written to it.
A source code patch exists which remedies the problem.
+
Allow ThunderLAN cards to share interrupts nicely.
A source code patch exists which remedies the problem.
+
Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.
A source code patch exists which remedies the problem.
1. A symlink problem was discovered in the KerberosIV password checking routines /usr/bin/su and /usr/bin/login, which makes it possible for a @@ -232,42 +232,42 @@ A source code patch exists which remedies the problem.
-