===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata29.html,v
retrieving revision 1.85
retrieving revision 1.86
diff -u -r1.85 -r1.86
--- www/errata29.html 2016/08/15 02:22:06 1.85
+++ www/errata29.html 2016/10/16 19:11:29 1.86
@@ -70,7 +70,7 @@
-
+
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
@@ -90,7 +90,7 @@
027: SECURITY FIX: June 25, 2002
All architectures
A potential buffer overflow in the DNS resolver has been found.
-
+
A source code patch exists which remedies this problem.
@@ -99,14 +99,14 @@
A race condition exists where an attacker could fill the file descriptor
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
setuid or setgid process.
-
+
A source code patch exists which remedies this problem.
025: SECURITY FIX: April 25, 2002
All architectures
A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
-
+
A source code patch exists which remedies this problem.
@@ -118,7 +118,7 @@
KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
-
+
A source code patch exists which remedies this problem.
@@ -128,7 +128,7 @@
will process tilde escapes even in non-interactive mode.
This can lead to a local root compromise.
-
+
A source code patch exists which remedies this problem.
@@ -140,7 +140,7 @@
function detects this.
There is also a kernel zlib component that may be used by pppd and IPsec.
The feasibility of attacking the kernel this way is currently unknown.
-
+
A source code patch exists which remedies this problem.
@@ -148,7 +148,7 @@
All architectures
A local user can gain super-user privileges due to an off-by-one check
in the channel forwarding code of OpenSSH.
-
+
A source code patch exists which remedies this problem.
@@ -157,7 +157,7 @@
A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
could lead to compromise of the super-user account.
-
+
A source code patch exists which remedies this problem.
@@ -171,7 +171,7 @@
ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes
the mailer an environment that is not subject to influence from the
invoking user.
-
+
A source code patch exists which remedies this problem.
@@ -180,9 +180,9 @@
missing files can be added manually from the sparc tarballs after the
installation:
Grab the
-xbase29.tgz
+xbase29.tgz
and
-xshare29.tgz
+xshare29.tgz
files found in the 2.9/sparc directory on the CD, or any FTP site. The missing
files can be installed by using the following commands:
@@ -200,7 +200,7 @@
/etc/hosts.equiv) may be used to mount an attack and the attacker
must have root access on the machine. OpenBSD does not start lpd
in the default installation.
-
+
A source code patch exists which remedies this problem.
@@ -209,7 +209,7 @@
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
-
+
A source code patch exists which remedies this problem.
@@ -223,7 +223,7 @@
some UUCP commands are run as root (and daemon) from cron it is possible
to leverage compromise of the UUCP user to gain root.
-
+
A source code patch exists which remedies this problem.
@@ -236,7 +236,7 @@
access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
may be used to mount an attack.
-
+
A source code patch exists which remedies this problem.
@@ -246,7 +246,7 @@
that may allow an attacker on the local host to gain root privileges by
specifying out-of-bounds debug parameters.
-
+
A source code patch exists which remedies this problem.
@@ -258,7 +258,7 @@
privileges can initiate this attack. In default installs, only super-user has
mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges.
-
+
A source code patch exists which remedies this problem.
@@ -270,7 +270,7 @@
packages-specs(7)
for details).
-
+
A source code patch exists which remedies this problem.
by forcing /usr/sbin/pkg
to be more careful in checking
version numbers.
@@ -279,11 +279,11 @@
010: RELIABILITY FIX: Jul 9, 2001
The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text
mode palette upon exit of the X server.
+href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/010_nvidia.patch">
A source code patch exists which remedies this problem.
To avoid rebuilding the whole XFree86 tree, an updated binary driver
is also available
-here.
+here.
Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and
restart your X server.
@@ -291,7 +291,7 @@
009: RELIABILITY FIX: Jun 23, 2001
The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing
corrupted /etc/XF86Config files.
-
+
A source code patch exists which remedies this problem.
It does so by linking XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a.
@@ -310,7 +310,7 @@
and
dump(8).
-
+
A source code patch exists which remedies this problem.
This is the second version of the patch.
@@ -319,7 +319,7 @@
All architectures
A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
-
+
A source code patch exists which remedies this problem.
@@ -329,7 +329,7 @@
allows users to delete arbitrary files named "cookies" if X11
forwarding is enabled. X11 forwarding is disabled by default.
-
+
A source code patch exists which remedies this problem.
@@ -338,7 +338,7 @@
pwd_mkdb(8)
corrupts /etc/pwd.db when modifying an existing user.
-
+
A source code patch exists which remedies this problem.
@@ -348,7 +348,7 @@
will fail to use a certificate with an identity string that is
exactly N * 8 bytes long.
-
+
A source code patch exists which remedies this problem.
@@ -369,7 +369,7 @@
the old fts bug but happens when popping out of directories, as
opposed to descending into them.
-
+
A source code patch exists which remedies this problem.
This is the second version of the patch.
@@ -380,7 +380,7 @@
context of a signal handler. This leads to potentially serious
race conditions. At the moment this is a theoretical attack only
and can only be exploited on the local host (if at all).
-
+
A source code patch exists which remedies this problem.