===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata29.html,v
retrieving revision 1.85
retrieving revision 1.86
diff -c -r1.85 -r1.86
*** www/errata29.html 2016/08/15 02:22:06 1.85
--- www/errata29.html 2016/10/16 19:11:29 1.86
***************
*** 70,76 ****
!
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
--- 70,76 ----
!
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
***************
*** 90,96 ****
027: SECURITY FIX: June 25, 2002
All architectures
A potential buffer overflow in the DNS resolver has been found.
!
A source code patch exists which remedies this problem.
--- 90,96 ----
027: SECURITY FIX: June 25, 2002
All architectures
A potential buffer overflow in the DNS resolver has been found.
!
A source code patch exists which remedies this problem.
***************
*** 99,112 ****
A race condition exists where an attacker could fill the file descriptor
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
setuid or setgid process.
!
A source code patch exists which remedies this problem.
025: SECURITY FIX: April 25, 2002
All architectures
A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
!
A source code patch exists which remedies this problem.
--- 99,112 ----
A race condition exists where an attacker could fill the file descriptor
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
setuid or setgid process.
!
A source code patch exists which remedies this problem.
025: SECURITY FIX: April 25, 2002
All architectures
A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
!
A source code patch exists which remedies this problem.
***************
*** 118,124 ****
KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
!
A source code patch exists which remedies this problem.
--- 118,124 ----
KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
!
A source code patch exists which remedies this problem.
***************
*** 128,134 ****
will process tilde escapes even in non-interactive mode.
This can lead to a local root compromise.
!
A source code patch exists which remedies this problem.
--- 128,134 ----
will process tilde escapes even in non-interactive mode.
This can lead to a local root compromise.
!
A source code patch exists which remedies this problem.
***************
*** 140,146 ****
function detects this.
There is also a kernel zlib component that may be used by pppd and IPsec.
The feasibility of attacking the kernel this way is currently unknown.
!
A source code patch exists which remedies this problem.
--- 140,146 ----
function detects this.
There is also a kernel zlib component that may be used by pppd and IPsec.
The feasibility of attacking the kernel this way is currently unknown.
!
A source code patch exists which remedies this problem.
***************
*** 148,154 ****
All architectures
A local user can gain super-user privileges due to an off-by-one check
in the channel forwarding code of OpenSSH.
!
A source code patch exists which remedies this problem.
--- 148,154 ----
All architectures
A local user can gain super-user privileges due to an off-by-one check
in the channel forwarding code of OpenSSH.
!
A source code patch exists which remedies this problem.
***************
*** 157,163 ****
A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
could lead to compromise of the super-user account.
!
A source code patch exists which remedies this problem.
--- 157,163 ----
A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
could lead to compromise of the super-user account.
!
A source code patch exists which remedies this problem.
***************
*** 171,177 ****
ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes
the mailer an environment that is not subject to influence from the
invoking user.
!
A source code patch exists which remedies this problem.
--- 171,177 ----
ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes
the mailer an environment that is not subject to influence from the
invoking user.
!
A source code patch exists which remedies this problem.
***************
*** 180,188 ****
missing files can be added manually from the sparc tarballs after the
installation:
Grab the
! xbase29.tgz
and
! xshare29.tgz
files found in the 2.9/sparc directory on the CD, or any FTP site. The missing
files can be installed by using the following commands:
--- 180,188 ----
missing files can be added manually from the sparc tarballs after the
installation:
Grab the
! xbase29.tgz
and
! xshare29.tgz
files found in the 2.9/sparc directory on the CD, or any FTP site. The missing
files can be installed by using the following commands:
***************
*** 200,206 ****
/etc/hosts.equiv) may be used to mount an attack and the attacker
must have root access on the machine. OpenBSD does not start lpd
in the default installation.
!
A source code patch exists which remedies this problem.
--- 200,206 ----
/etc/hosts.equiv) may be used to mount an attack and the attacker
must have root access on the machine. OpenBSD does not start lpd
in the default installation.
!
A source code patch exists which remedies this problem.
***************
*** 209,215 ****
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
!
A source code patch exists which remedies this problem.
--- 209,215 ----
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
!
A source code patch exists which remedies this problem.
***************
*** 223,229 ****
some UUCP commands are run as root (and daemon) from cron it is possible
to leverage compromise of the UUCP user to gain root.
!
A source code patch exists which remedies this problem.
--- 223,229 ----
some UUCP commands are run as root (and daemon) from cron it is possible
to leverage compromise of the UUCP user to gain root.
!
A source code patch exists which remedies this problem.
***************
*** 236,242 ****
access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
may be used to mount an attack.
!
A source code patch exists which remedies this problem.
--- 236,242 ----
access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
may be used to mount an attack.
!
A source code patch exists which remedies this problem.
***************
*** 246,252 ****
that may allow an attacker on the local host to gain root privileges by
specifying out-of-bounds debug parameters.
!
A source code patch exists which remedies this problem.
--- 246,252 ----
that may allow an attacker on the local host to gain root privileges by
specifying out-of-bounds debug parameters.
!
A source code patch exists which remedies this problem.
***************
*** 258,264 ****
privileges can initiate this attack. In default installs, only super-user has
mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges.
!
A source code patch exists which remedies this problem.
--- 258,264 ----
privileges can initiate this attack. In default installs, only super-user has
mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges.
!
A source code patch exists which remedies this problem.
***************
*** 270,276 ****
packages-specs(7)
for details).
!
A source code patch exists which remedies this problem.
by forcing /usr/sbin/pkg
to be more careful in checking
version numbers.
--- 270,276 ----
packages-specs(7)
for details).
!
A source code patch exists which remedies this problem.
by forcing /usr/sbin/pkg
to be more careful in checking
version numbers.
***************
*** 279,289 ****
010: RELIABILITY FIX: Jul 9, 2001
The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text
mode palette upon exit of the X server.
A source code patch exists which remedies this problem.
To avoid rebuilding the whole XFree86 tree, an updated binary driver
is also available
! here.
Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and
restart your X server.
--- 279,289 ----
010: RELIABILITY FIX: Jul 9, 2001
The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text
mode palette upon exit of the X server.
A source code patch exists which remedies this problem.
To avoid rebuilding the whole XFree86 tree, an updated binary driver
is also available
! here.
Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and
restart your X server.
***************
*** 291,297 ****
009: RELIABILITY FIX: Jun 23, 2001
The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing
corrupted /etc/XF86Config files.
!
A source code patch exists which remedies this problem.
It does so by linking XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a.
--- 291,297 ----
009: RELIABILITY FIX: Jun 23, 2001
The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing
corrupted /etc/XF86Config files.
!
A source code patch exists which remedies this problem.
It does so by linking XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a.
***************
*** 310,316 ****
and
dump(8).
!
A source code patch exists which remedies this problem.
This is the second version of the patch.
--- 310,316 ----
and
dump(8).
!
A source code patch exists which remedies this problem.
This is the second version of the patch.
***************
*** 319,325 ****
All architectures
A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
!
A source code patch exists which remedies this problem.
--- 319,325 ----
All architectures
A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
!
A source code patch exists which remedies this problem.
***************
*** 329,335 ****
allows users to delete arbitrary files named "cookies" if X11
forwarding is enabled. X11 forwarding is disabled by default.
!
A source code patch exists which remedies this problem.
--- 329,335 ----
allows users to delete arbitrary files named "cookies" if X11
forwarding is enabled. X11 forwarding is disabled by default.
!
A source code patch exists which remedies this problem.
***************
*** 338,344 ****
pwd_mkdb(8)
corrupts /etc/pwd.db when modifying an existing user.
!
A source code patch exists which remedies this problem.
--- 338,344 ----
pwd_mkdb(8)
corrupts /etc/pwd.db when modifying an existing user.
!
A source code patch exists which remedies this problem.
***************
*** 348,354 ****
will fail to use a certificate with an identity string that is
exactly N * 8 bytes long.
!
A source code patch exists which remedies this problem.
--- 348,354 ----
will fail to use a certificate with an identity string that is
exactly N * 8 bytes long.
!
A source code patch exists which remedies this problem.
***************
*** 369,375 ****
the old fts bug but happens when popping out of directories, as
opposed to descending into them.
!
A source code patch exists which remedies this problem.
This is the second version of the patch.
--- 369,375 ----
the old fts bug but happens when popping out of directories, as
opposed to descending into them.
!
A source code patch exists which remedies this problem.
This is the second version of the patch.
***************
*** 380,386 ****
context of a signal handler. This leads to potentially serious
race conditions. At the moment this is a theoretical attack only
and can only be exploited on the local host (if at all).
!
A source code patch exists which remedies this problem.
--- 380,386 ----
context of a signal handler. This leads to potentially serious
race conditions. At the moment this is a theoretical attack only
and can only be exploited on the local host (if at all).
!
A source code patch exists which remedies this problem.