=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata30.html,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- www/errata30.html 2003/10/24 22:12:40 1.43 +++ www/errata30.html 2003/11/21 16:55:16 1.44 @@ -8,6 +8,7 @@ +
@@ -51,9 +52,8 @@ consult the OpenBSD FAQ.
-
-
-
-
-
-
-
-
-
-
-
-
@@ -316,8 +316,8 @@
a source code patch exists which remedies these problems.
This is the second version of this patch.
-
-
@@ -335,11 +335,11 @@
+
If the Postfix sendmail replacement is installed on a system an
attacker may be able to gain root privileges on the local host via
sudo(8) which runs the mailer as root with an environment inherited
@@ -259,14 +259,14 @@
invoking user.
A source code patch exists which remedies the problem.
+
Systems running with IP-in-IP encapsulation can be made to crash by
malformed packets.
A source code patch exists which remedies the problem.
+
A security issue exists in the lpd daemon that may allow an attacker
to create arbitrary new files in the root directory. Only machines
with line printer access (ie: listed in either /etc/hosts.lpd or
@@ -275,23 +275,23 @@
in the default installation.
A source code patch exists which remedies the problem.
+
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
A source code patch exists which remedies the problem.
pf(4)
was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
A source code patch exists which remedies the problem.
+
sshd(8)
is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems:
+
A small bug in the installation script causes the /etc/hosts file to
be incorrectly formed.
The resulting file contains a line which reads like:
boot cd:,OFWBOOT /3.0/macppc/bsd.rd