Return to errata30.html CVS log | Up to [local] / www |
version 1.34, 2002/10/21 20:36:10 | version 1.35, 2002/11/06 23:37:17 | ||
---|---|---|---|
|
|
||
<a name=all></a> | <a name=all></a> | ||
<li><h3><font color=#e00000>All architectures</font></h3> | <li><h3><font color=#e00000>All architectures</font></h3> | ||
<ul> | <ul> | ||
<a name=kernresource></a> | |||
<li><font color=#009000><strong>035: SECURITY FIX: November 6, 2002</strong></font><br> | |||
Incorrect argument checking in the | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getrlimit&sektion=2">getrlimit(2)</a> | |||
system call may allow an attacker to crash the kernel.<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/035_kernresource.patch">A | |||
source code patch exists which remedies the problem</a>. | |||
<p> | |||
<a name=smrsh></a> | |||
<li><font color=#009000><strong>034: SECURITY FIX: November 6, 2002</strong></font><br> | |||
An attacker can bypass the restrictions imposed by sendmail's restricted shell, | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>, | |||
and execute arbitrary commands with the privileges of his own account.<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/034_smrsh.patch">A | |||
source code patch exists which remedies the problem</a>. | |||
<p> | |||
<a name=kadmin></a> | <a name=kadmin></a> | ||
<li><font color=#009000><strong>033: SECURITY FIX: October 21, 2002</strong></font><br> | <li><font color=#009000><strong>033: SECURITY FIX: October 21, 2002</strong></font><br> | ||
A buffer overflow can occur in the | A buffer overflow can occur in the |