Return to errata29.html CVS log | Up to [local] / www |
version 1.18, 2002/04/19 09:51:42 | version 1.19, 2002/04/23 20:52:52 | ||
---|---|---|---|
|
|
||
<a name=all></a> | <a name=all></a> | ||
<li><h3><font color=#e00000>All architectures</font></h3> | <li><h3><font color=#e00000>All architectures</font></h3> | ||
<ul> | <ul> | ||
<a name=sshafs></a> | |||
<li><font color=#009000><strong>024: SECURITY FIX: April 22, 2002</strong></font><br> | |||
A local user can gain super-user privileges due to a buffer overflow | |||
in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> | |||
if AFS has been configured on the system or if | |||
KerberosTgtPassing or AFSTokenPassing has been enabled | |||
in the sshd_config file. Ticket and token passing is not enabled | |||
by default.<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/024_sshafs.patch">A source code patch exists which remedies the problem</a>. | |||
<p> | |||
<a name=mail></a> | <a name=mail></a> | ||
<li><font color=#009000><strong>023: SECURITY FIX: April 11, 2002</strong></font><br> | <li><font color=#009000><strong>023: SECURITY FIX: April 11, 2002</strong></font><br> | ||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mail&sektion=1">mail(1)</a> | <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mail&sektion=1">mail(1)</a> |