! 026: SECURITY FIX: May 8, 2002All architectures
A race condition exists where an attacker could fill the file descriptor
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
--- 85,98 ----
! 026: SECURITY FIX: May 8, 2002All architectures
A race condition exists where an attacker could fill the file descriptor
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
***************
*** 103,116 ****
A source code patch exists which remedies this problem.
! 024: SECURITY FIX: April 22, 2002All architectures
A local user can gain super-user privileges due to a buffer overflow
in sshd(8)
--- 101,114 ----
A source code patch exists which remedies this problem.
! 024: SECURITY FIX: April 22, 2002All architectures
A local user can gain super-user privileges due to a buffer overflow
in sshd(8)
***************
*** 122,128 ****
A source code patch exists which remedies this problem.
! 023: SECURITY FIX: April 11, 2002All architectures mail(1)
will process tilde escapes even in non-interactive mode.
--- 120,126 ----
A source code patch exists which remedies this problem.
! 023: SECURITY FIX: April 11, 2002All architectures mail(1)
will process tilde escapes even in non-interactive mode.
***************
*** 132,138 ****
A source code patch exists which remedies this problem.
! 022: RELIABILITY FIX: March 13, 2002All architectures
Under some circumstances the zlib compression library can free dynamically
allocated memory twice. This is not a security issue on OpenBSD since the BSD
--- 130,136 ----
A source code patch exists which remedies this problem.
! 022: RELIABILITY FIX: March 13, 2002All architectures
Under some circumstances the zlib compression library can free dynamically
allocated memory twice. This is not a security issue on OpenBSD since the BSD
***************
*** 144,150 ****
A source code patch exists which remedies this problem.
! 021: SECURITY FIX: March 8, 2002All architectures
A local user can gain super-user privileges due to an off-by-one check
in the channel forwarding code of OpenSSH.
--- 142,148 ----
A source code patch exists which remedies this problem.
! 021: SECURITY FIX: March 8, 2002All architectures
A local user can gain super-user privileges due to an off-by-one check
in the channel forwarding code of OpenSSH.
***************
*** 152,158 ****
A source code patch exists which remedies this problem.
! 020: SECURITY FIX: February 20, 2002All architectures
A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
--- 150,156 ----
A source code patch exists which remedies this problem.
! 020: SECURITY FIX: February 20, 2002All architectures
A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
***************
*** 161,167 ****
A source code patch exists which remedies this problem.
! 019: SECURITY FIX: January 17, 2002All architectures
If the Postfix sendmail replacement is installed on a system an
attacker may be able to gain root privileges on the local host via
--- 159,165 ----
A source code patch exists which remedies this problem.
! 019: SECURITY FIX: January 17, 2002All architectures
If the Postfix sendmail replacement is installed on a system an
attacker may be able to gain root privileges on the local host via
***************
*** 175,181 ****
A source code patch exists which remedies this problem.
! 018: INSTALL PROBLEM: Dec 11, 2001
The X binary sets shipped with OpenBSD 2.9 do not contain several files. These
missing files can be added manually from the sparc tarballs after the
installation:
--- 173,179 ----
A source code patch exists which remedies this problem.
! 018: INSTALL PROBLEM: Dec 11, 2001
The X binary sets shipped with OpenBSD 2.9 do not contain several files. These
missing files can be added manually from the sparc tarballs after the
installation:
***************
*** 192,198 ****
! 017: SECURITY FIX: November 28, 2001All architectures
A security issue exists in the lpd daemon that may allow an attacker
to create arbitrary new files in the root directory. Only machines
--- 190,196 ----
! 017: SECURITY FIX: November 28, 2001All architectures
A security issue exists in the lpd daemon that may allow an attacker
to create arbitrary new files in the root directory. Only machines
***************
*** 204,210 ****
A source code patch exists which remedies this problem.
! 016: SECURITY FIX: November 13, 2001All architectures
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
--- 202,208 ----
A source code patch exists which remedies this problem.
! 016: SECURITY FIX: November 13, 2001All architectures
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
***************
*** 213,219 ****
A source code patch exists which remedies this problem.
! 015: SECURITY FIX: September 11, 2001All architectures
A security hole exists in uuxqt(8)
that may allow an attacker to run arbitrary commands as user uucp and
--- 211,217 ----
A source code patch exists which remedies this problem.
! 015: SECURITY FIX: September 11, 2001All architectures
A security hole exists in uuxqt(8)
that may allow an attacker to run arbitrary commands as user uucp and
***************
*** 227,233 ****
A source code patch exists which remedies this problem.
! 014: SECURITY FIX: August 29, 2001All architectures
A security hole exists in lpd(8)
that may allow an attacker with line printer access to gain root
--- 225,231 ----
A source code patch exists which remedies this problem.
! 014: SECURITY FIX: August 29, 2001All architectures
A security hole exists in lpd(8)
that may allow an attacker with line printer access to gain root
***************
*** 240,246 ****
A source code patch exists which remedies this problem.
! 013: SECURITY FIX: August 21, 2001All architectures
A security hole exists in sendmail(8)
that may allow an attacker on the local host to gain root privileges by
--- 238,244 ----
A source code patch exists which remedies this problem.
! 013: SECURITY FIX: August 21, 2001All architectures
A security hole exists in sendmail(8)
that may allow an attacker on the local host to gain root privileges by
***************
*** 250,256 ****
A source code patch exists which remedies this problem.
! 012: SECURITY FIX: July 30, 2001All architectures
A kernel buffer overflow exists in the NFS mount code. An attacker may
use this overflow to execute arbitrary code in kernel mode. However,
--- 248,254 ----
A source code patch exists which remedies this problem.
! 012: SECURITY FIX: July 30, 2001All architectures
A kernel buffer overflow exists in the NFS mount code. An attacker may
use this overflow to execute arbitrary code in kernel mode. However,
***************
*** 262,268 ****
A source code patch exists which remedies this problem.
! 011: RELIABILITY FIX: July 15, 2001All architectures
The
packages(7)
--- 260,266 ----
A source code patch exists which remedies this problem.
! 011: RELIABILITY FIX: July 15, 2001All architectures
The
packages(7)
***************
*** 276,282 ****
version numbers.
! 010: RELIABILITY FIX: Jul 9, 2001
The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text
mode palette upon exit of the X server.
--- 274,280 ----
version numbers.
! 008: RELIABILITY FIX: June 15, 2001All architectures twe(4)
mishandles the DMA mapping resulting in a kernel panic on unaligned data
***************
*** 315,321 ****
This is the second version of the patch.
! 007: SECURITY FIX: June 15, 2001All architectures
A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
--- 313,319 ----
This is the second version of the patch.
! 007: SECURITY FIX: June 15, 2001All architectures
A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
***************
*** 323,329 ****
A source code patch exists which remedies this problem.
! 006: SECURITY FIX: June 12, 2001All architectures sshd(8)
allows users to delete arbitrary files named "cookies" if X11
--- 321,327 ----
A source code patch exists which remedies this problem.
! 006: SECURITY FIX: June 12, 2001All architectures sshd(8)
allows users to delete arbitrary files named "cookies" if X11
***************
*** 333,339 ****
A source code patch exists which remedies this problem.
! 005: RELIABILITY FIX: June 7, 2001All architectures pwd_mkdb(8)
corrupts /etc/pwd.db when modifying an existing user.
--- 331,337 ----
A source code patch exists which remedies this problem.
! 005: RELIABILITY FIX: June 7, 2001All architectures pwd_mkdb(8)
corrupts /etc/pwd.db when modifying an existing user.
***************
*** 342,348 ****
A source code patch exists which remedies this problem.
! 004: RELIABILITY FIX: June 5, 2001All architectures isakmpd(8)
will fail to use a certificate with an identity string that is
--- 340,346 ----
A source code patch exists which remedies this problem.
! 004: RELIABILITY FIX: June 5, 2001All architectures isakmpd(8)
will fail to use a certificate with an identity string that is
***************
*** 352,358 ****
A source code patch exists which remedies this problem.
! 003: DOCUMENTATION FIX: June 1, 2001All architectures
The 2.9 CD cover states that XFree86 3.3.6-current is included. This is only half-true.
In fact, the XFree86 included for all architectures is 4.0.3. On the i386, the
--- 350,356 ----
A source code patch exists which remedies this problem.
! 003: DOCUMENTATION FIX: June 1, 2001All architectures
The 2.9 CD cover states that XFree86 3.3.6-current is included. This is only half-true.
In fact, the XFree86 included for all architectures is 4.0.3. On the i386, the
***************
*** 360,366 ****
some devices which 3.3.6 supported better.
! 002: SECURITY FIX: May 30, 2001All architectures
Programs using the fts(3)
routines (such as rm, find, and most programs that take a -R
--- 358,364 ----
some devices which 3.3.6 supported better.
! 002: SECURITY FIX: May 30, 2001All architectures
Programs using the fts(3)
routines (such as rm, find, and most programs that take a -R
***************
*** 374,380 ****
This is the second version of the patch.
! 001: SECURITY FIX: May 29, 2001All architectures
The signal handlers in sendmail(8) contain code that is unsafe in the
context of a signal handler. This leads to potentially serious
--- 372,378 ----
This is the second version of the patch.
! 001: SECURITY FIX: May 29, 2001All architectures
The signal handlers in sendmail(8) contain code that is unsafe in the
context of a signal handler. This leads to potentially serious
***************
*** 387,392 ****