-036: SECURITY FIX: November 14, 2002
+036: SECURITY FIX: November 14, 2002All architectures
A buffer overflow in
named(8)
@@ -98,7 +96,7 @@
A source code patch exists which remedies this problem.
-035: SECURITY FIX: November 6, 2002
+035: SECURITY FIX: November 6, 2002All architectures
Incorrect argument checking in the
getrlimit(2)
@@ -107,7 +105,7 @@
A source code patch exists which remedies this problem.
-034: SECURITY FIX: November 6, 2002
+034: SECURITY FIX: November 6, 2002All architectures
An attacker can bypass the restrictions imposed by sendmail's restricted shell,
smrsh(8),
@@ -116,7 +114,7 @@
A source code patch exists which remedies this problem.
-033: SECURITY FIX: October 21, 2002
+033: SECURITY FIX: October 21, 2002All architectures
A buffer overflow can occur in the
kadmind(8)
@@ -125,7 +123,7 @@
A source code patch exists which remedies this problem.
-032: SECURITY FIX: October 7, 2002
+032: SECURITY FIX: October 7, 2002All architectures
Incorrect argument checking in the
setitimer(2) system call may allow an attacker to write to kernel memory.
@@ -133,7 +131,7 @@
A source code patch exists which remedies this problem.
-031: SECURITY FIX: August 11, 2002
+031: SECURITY FIX: August 11, 2002All architectures
An insufficient boundary check in the
select(2)
@@ -143,7 +141,7 @@
A source code patch exists which remedies this problem.
-030: SECURITY FIX: July 30, 2002
+030: SECURITY FIX: July 30, 2002All architectures
Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the
ssl(8)
@@ -156,7 +154,7 @@
This is the second version of the patch.
-029: SECURITY FIX: July 29, 2002
+029: SECURITY FIX: July 29, 2002All architectures
A buffer overflow can occur in the
xdr_array(3)
@@ -167,7 +165,7 @@
This is the second version of the patch.
-028: SECURITY FIX: July 29, 2002
+028: SECURITY FIX: July 29, 2002All architectures
A race condition exists in the
pppd(8)
@@ -176,7 +174,7 @@
A source code patch exists which remedies this problem.
-027: RELIABILITY FIX: July 5, 2002
+027: RELIABILITY FIX: July 5, 2002All architectures
Receiving IKE payloads out of sequence can cause
isakmpd(8) to crash.
@@ -186,21 +184,21 @@
This is the second version of the patch.
-024: SECURITY FIX: June 24, 2002
+024: SECURITY FIX: June 24, 2002All architectures
All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation
error that can result in an integer overflow and privilege escalation.
@@ -209,7 +207,7 @@
security advisory.
-023: SECURITY FIX: June 24, 2002
+023: SECURITY FIX: June 24, 2002All architectures
A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd
module, leading to possible remote crash or exploit.
@@ -217,7 +215,7 @@
A source code patch exists which remedies this problem.
-022: SECURITY FIX: June 19, 2002
+022: SECURITY FIX: June 19, 2002All architectures
A buffer overflow can occur during the interpretation of chunked
encoding in the http daemon, leading to possible remote crash or exploit.
@@ -225,7 +223,7 @@
A source code patch exists which remedies this problem.
-021: SECURITY FIX: May 8, 2002
+021: SECURITY FIX: May 8, 2002All architectures
A race condition exists where an attacker could fill the file descriptor
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
@@ -234,14 +232,14 @@
A source code patch exists which remedies this problem.
-019: SECURITY FIX: April 22, 2002
+019: SECURITY FIX: April 22, 2002All architectures
A local user can gain super-user privileges due to a buffer overflow
in sshd(8)
@@ -253,7 +251,7 @@
A source code patch exists which remedies this problem.
-018: SECURITY FIX: April 11, 2002
+018: SECURITY FIX: April 11, 2002All architectures mail(1)
will process tilde escapes even in non-interactive mode.
@@ -263,7 +261,7 @@
A source code patch exists which remedies this problem.
-017: RELIABILITY FIX: March 26, 2002
+017: RELIABILITY FIX: March 26, 2002All architectures isakmpd(8)
will crash when receiving a zero length IKE packet due to a too-late length check.
@@ -272,7 +270,7 @@
A source code patch exists which remedies this problem.
-016: SECURITY FIX: March 19, 2002
+016: SECURITY FIX: March 19, 2002All architectures
Under certain conditions, on systems using YP with netgroups in the password
database, it is possible for the
@@ -289,7 +287,7 @@
A source code patch exists which remedies this problem.
-015: RELIABILITY FIX: March 13, 2002
+015: RELIABILITY FIX: March 13, 2002All architectures
Under some circumstances the zlib compression library can free dynamically
allocated memory twice. This is not a security issue on OpenBSD since the BSD
@@ -301,7 +299,7 @@
A source code patch exists which remedies this problem.
-014: SECURITY FIX: March 8, 2002
+014: SECURITY FIX: March 8, 2002All architectures
A local user can gain super-user privileges due to an off-by-one check
in the channel forwarding code of OpenSSH.
@@ -309,14 +307,14 @@
A source code patch exists which remedies this problem.
-012: SECURITY FIX: January 21, 2002
+012: SECURITY FIX: January 21, 2002All architectures
A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
@@ -325,7 +323,7 @@
A source code patch exists which remedies this problem.
-011: SECURITY FIX: January 17, 2002
+011: SECURITY FIX: January 17, 2002All architectures
If the Postfix sendmail replacement is installed on a system an
attacker may be able to gain root privileges on the local host via
@@ -339,7 +337,7 @@
A source code patch exists which remedies this problem.
-010: RELIABILITY FIX: December 13, 2001
+010: RELIABILITY FIX: December 13, 2001All architectures
Systems running with IP-in-IP encapsulation can be made to crash by
malformed packets.
@@ -347,7 +345,7 @@
A source code patch exists which remedies this problem.
-009: INSTALLATION FIX: December 11, 2001
+009: INSTALLATION FIX: December 11, 2001
The 3.0 CD2 was created with an error which means that the instructions
for booting this architecture will not work. Instead, to boot the
@@ -357,7 +355,7 @@
boot cd:,OFWBOOT /3.0/macppc/bsd.rd
-008: SECURITY FIX: November 28, 2001
+008: SECURITY FIX: November 28, 2001All architectures
A security issue exists in the lpd daemon that may allow an attacker
to create arbitrary new files in the root directory. Only machines
@@ -369,7 +367,7 @@
A source code patch exists which remedies this problem.
-007: SECURITY FIX: November 13, 2001
+007: SECURITY FIX: November 13, 2001All architectures
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
@@ -378,7 +376,7 @@
A source code patch exists which remedies this problem.
-006: SECURITY FIX: November 13, 2001
+006: SECURITY FIX: November 13, 2001All architectures pf(4)
was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
@@ -387,7 +385,7 @@
A source code patch exists which remedies this problem.
-005: RELIABILITY FIX: November 12, 2001
+005: RELIABILITY FIX: November 12, 2001
Execution of Altivec instructions will crash the kernel.
@@ -395,7 +393,7 @@
A source code patch exists which remedies this problem.
-004: RELIABILITY FIX: November 12, 2001
+004: RELIABILITY FIX: November 12, 2001
Hifn7751 based cards may stop working on certain motherboards due to
DMA errors.
@@ -404,7 +402,7 @@
A source code patch exists which remedies this problem.
-003: RELIABILITY FIX: November 12, 2001
+003: RELIABILITY FIX: November 12, 2001
Access to a CD drive on the PCI ultrasparc machines results in a continuous stream
of bogus interrupt messages, causing great user anguish.
@@ -413,7 +411,7 @@
A source code patch exists which remedies this problem.
-002: SECURITY FIX: November 12, 2001
+002: SECURITY FIX: November 12, 2001All architectures sshd(8)
is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems:
@@ -441,15 +439,15 @@
This is the second version of this patch.
-001: INSTALL ISSUE: November 12, 2001
+001: INSTALL ISSUE: November 12, 2001All architectures
-A small bug in the installation script causes the /etc/hosts file to
+A small bug in the installation script causes the /etc/hosts file to
be incorrectly formed.
The resulting file contains a line which reads like: