-026: SECURITY FIX: May 8, 2002
+026: SECURITY FIX: May 8, 2002All architectures
A race condition exists where an attacker could fill the file descriptor
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
@@ -103,14 +101,14 @@
A source code patch exists which remedies this problem.
-024: SECURITY FIX: April 22, 2002
+024: SECURITY FIX: April 22, 2002All architectures
A local user can gain super-user privileges due to a buffer overflow
in sshd(8)
@@ -122,7 +120,7 @@
A source code patch exists which remedies this problem.
-023: SECURITY FIX: April 11, 2002
+023: SECURITY FIX: April 11, 2002All architectures mail(1)
will process tilde escapes even in non-interactive mode.
@@ -132,7 +130,7 @@
A source code patch exists which remedies this problem.
-022: RELIABILITY FIX: March 13, 2002
+022: RELIABILITY FIX: March 13, 2002All architectures
Under some circumstances the zlib compression library can free dynamically
allocated memory twice. This is not a security issue on OpenBSD since the BSD
@@ -144,7 +142,7 @@
A source code patch exists which remedies this problem.
-021: SECURITY FIX: March 8, 2002
+021: SECURITY FIX: March 8, 2002All architectures
A local user can gain super-user privileges due to an off-by-one check
in the channel forwarding code of OpenSSH.
@@ -152,7 +150,7 @@
A source code patch exists which remedies this problem.
-020: SECURITY FIX: February 20, 2002
+020: SECURITY FIX: February 20, 2002All architectures
A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
@@ -161,7 +159,7 @@
A source code patch exists which remedies this problem.
-019: SECURITY FIX: January 17, 2002
+019: SECURITY FIX: January 17, 2002All architectures
If the Postfix sendmail replacement is installed on a system an
attacker may be able to gain root privileges on the local host via
@@ -175,7 +173,7 @@
A source code patch exists which remedies this problem.
-018: INSTALL PROBLEM: Dec 11, 2001
+018: INSTALL PROBLEM: Dec 11, 2001
The X binary sets shipped with OpenBSD 2.9 do not contain several files. These
missing files can be added manually from the sparc tarballs after the
installation:
@@ -192,7 +190,7 @@
-017: SECURITY FIX: November 28, 2001
+017: SECURITY FIX: November 28, 2001All architectures
A security issue exists in the lpd daemon that may allow an attacker
to create arbitrary new files in the root directory. Only machines
@@ -204,7 +202,7 @@
A source code patch exists which remedies this problem.
-016: SECURITY FIX: November 13, 2001
+016: SECURITY FIX: November 13, 2001All architectures
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
@@ -213,7 +211,7 @@
A source code patch exists which remedies this problem.
-015: SECURITY FIX: September 11, 2001
+015: SECURITY FIX: September 11, 2001All architectures
A security hole exists in uuxqt(8)
that may allow an attacker to run arbitrary commands as user uucp and
@@ -227,7 +225,7 @@
A source code patch exists which remedies this problem.
-014: SECURITY FIX: August 29, 2001
+014: SECURITY FIX: August 29, 2001All architectures
A security hole exists in lpd(8)
that may allow an attacker with line printer access to gain root
@@ -240,7 +238,7 @@
A source code patch exists which remedies this problem.
-013: SECURITY FIX: August 21, 2001
+013: SECURITY FIX: August 21, 2001All architectures
A security hole exists in sendmail(8)
that may allow an attacker on the local host to gain root privileges by
@@ -250,7 +248,7 @@
A source code patch exists which remedies this problem.
-012: SECURITY FIX: July 30, 2001
+012: SECURITY FIX: July 30, 2001All architectures
A kernel buffer overflow exists in the NFS mount code. An attacker may
use this overflow to execute arbitrary code in kernel mode. However,
@@ -262,7 +260,7 @@
A source code patch exists which remedies this problem.
-011: RELIABILITY FIX: July 15, 2001
+011: RELIABILITY FIX: July 15, 2001All architectures
The
packages(7)
@@ -276,7 +274,7 @@
version numbers.
-010: RELIABILITY FIX: Jul 9, 2001
+010: RELIABILITY FIX: Jul 9, 2001
The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text
mode palette upon exit of the X server.
@@ -288,7 +286,7 @@
restart your X server.
-007: SECURITY FIX: June 15, 2001
+007: SECURITY FIX: June 15, 2001All architectures
A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
@@ -323,7 +321,7 @@
A source code patch exists which remedies this problem.
-006: SECURITY FIX: June 12, 2001
+006: SECURITY FIX: June 12, 2001All architectures sshd(8)
allows users to delete arbitrary files named "cookies" if X11
@@ -333,7 +331,7 @@
A source code patch exists which remedies this problem.
-005: RELIABILITY FIX: June 7, 2001
+005: RELIABILITY FIX: June 7, 2001All architectures pwd_mkdb(8)
corrupts /etc/pwd.db when modifying an existing user.
@@ -342,7 +340,7 @@
A source code patch exists which remedies this problem.
-004: RELIABILITY FIX: June 5, 2001
+004: RELIABILITY FIX: June 5, 2001All architectures isakmpd(8)
will fail to use a certificate with an identity string that is
@@ -352,7 +350,7 @@
A source code patch exists which remedies this problem.
-003: DOCUMENTATION FIX: June 1, 2001
+003: DOCUMENTATION FIX: June 1, 2001All architectures
The 2.9 CD cover states that XFree86 3.3.6-current is included. This is only half-true.
In fact, the XFree86 included for all architectures is 4.0.3. On the i386, the
@@ -360,7 +358,7 @@
some devices which 3.3.6 supported better.
-002: SECURITY FIX: May 30, 2001
+002: SECURITY FIX: May 30, 2001All architectures
Programs using the fts(3)
routines (such as rm, find, and most programs that take a -R
@@ -374,7 +372,7 @@
This is the second version of the patch.
-001: SECURITY FIX: May 29, 2001
+001: SECURITY FIX: May 29, 2001All architectures
The signal handlers in sendmail(8) contain code that is unsafe in the
context of a signal handler. This leads to potentially serious
@@ -387,6 +385,3 @@