=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata28.html,v retrieving revision 1.94 retrieving revision 1.95 diff -u -r1.94 -r1.95 --- www/errata28.html 2019/05/27 22:55:19 1.94 +++ www/errata28.html 2019/05/28 16:32:41 1.95 @@ -84,144 +84,186 @@
-
-
-
-
-
++ UKC> disable pcibios + UKC> quit
+ +
+ # cd /; tar xvfpz xshare28.tgz + # cd /; tar xvfpz xfont28.tgz ++
+ +
+1. A symlink problem was discovered in the KerberosIV password checking +routines /usr/bin/su and /usr/bin/login, which makes it possible for a +local user to overwrite any file on the local machine.
+2. It is possible to specify environment variables in telnet +which will be passed over the to the remote host. This makes it +possible to set environment variables on the remote side, including +ones that have special meaning on the server. It is not clear at this +time what the impact is, but we recommend everyone to upgrade their +machines immediately.
+ A source code patch exists which remedies this problem. -It updates sendmail to version 8.11.4.
-
-
-
-
-
-
-
+
+ +
-
-
+
-
-
-
-
-In addition to a source code patch, new xlock binaries have been created for each architecture listed below. Place these binaries at /usr/X11R6/bin/xlock - and chmod 4755 /usr/X11R6/bin/xlock. -
-
-
-
-
-
-
-
-1. A symlink problem was discovered in the KerberosIV password checking -routines /usr/bin/su and /usr/bin/login, which makes it possible for a -local user to overwrite any file on the local machine.
-2. It is possible to specify environment variables in telnet -which will be passed over the to the remote host. This makes it -possible to set environment variables on the remote side, including -ones that have special meaning on the server. It is not clear at this -time what the impact is, but we recommend everyone to upgrade their -machines immediately.
-
+The signal handlers in sendmail(8) contain code that is unsafe in the
+context of a signal handler. This leads to potentially serious
+race conditions. At the moment this is a theoretical attack only
+and can only be exploited on the local host (if at all).
+
A source code patch exists which remedies this problem.
+It updates sendmail to version 8.11.4.
-
- # cd /; tar xvfpz xshare28.tgz - # cd /; tar xvfpz xfont28.tgz --
-
-- UKC> disable pcibios - UKC> quit
-
-
-
-
-