=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata30.html,v retrieving revision 1.87 retrieving revision 1.88 diff -u -r1.87 -r1.88 --- www/errata30.html 2016/02/20 14:18:42 1.87 +++ www/errata30.html 2016/03/21 05:46:19 1.88 @@ -87,7 +87,7 @@ 036: SECURITY FIX: November 14, 2002   All architectures
A buffer overflow in -named(8) +named(8) could allow an attacker to execute code with the privileges of named. On OpenBSD, named runs as a non-root user in a chrooted environment which mitigates the effects of this bug.
@@ -98,7 +98,7 @@ 035: SECURITY FIX: November 6, 2002   All architectures
Incorrect argument checking in the -getrlimit(2) +getrlimit(2) system call may allow an attacker to crash the kernel.
A source code patch exists which remedies this problem. @@ -107,7 +107,7 @@ 034: SECURITY FIX: November 6, 2002   All architectures
An attacker can bypass the restrictions imposed by sendmail's restricted shell, -smrsh(8), +smrsh(8), and execute arbitrary commands with the privileges of his own account.
A source code patch exists which remedies this problem. @@ -116,7 +116,7 @@ 033: SECURITY FIX: October 21, 2002   All architectures
A buffer overflow can occur in the -kadmind(8) +kadmind(8) daemon, leading to possible remote crash or exploit.
A source code patch exists which remedies this problem. @@ -125,7 +125,7 @@ 032: SECURITY FIX: October 7, 2002   All architectures
Incorrect argument checking in the -setitimer(2) system call may allow an attacker to write to kernel memory.
+setitimer(2) system call may allow an attacker to write to kernel memory.
A source code patch exists which remedies this problem.

@@ -133,7 +133,7 @@ 031: SECURITY FIX: August 11, 2002   All architectures
An insufficient boundary check in the -select(2) +select(2) system call allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.
@@ -143,9 +143,9 @@ 030: SECURITY FIX: July 30, 2002   All architectures
Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the -ssl(8) +ssl(8) library, as in the ASN.1 parser code in the -crypto(3) +crypto(3) library, all of them being potentially remotely exploitable.
A source code patch exists which remedies this problem. @@ -156,7 +156,7 @@ 029: SECURITY FIX: July 29, 2002   All architectures
A buffer overflow can occur in the -xdr_array(3) +xdr_array(3) RPC code, leading to possible remote crash.
A source code patch exists which remedies this problem. @@ -167,7 +167,7 @@ 028: SECURITY FIX: July 29, 2002   All architectures
A race condition exists in the -pppd(8) +pppd(8) daemon which may cause it to alter the file permissions of an arbitrary file.
A source code patch exists which remedies this problem. @@ -176,7 +176,7 @@ 027: RELIABILITY FIX: July 5, 2002   All architectures
Receiving IKE payloads out of sequence can cause -isakmpd(8) to crash.
+isakmpd(8) to crash.
A source code patch exists which remedies this problem.
@@ -185,7 +185,7 @@

  • 026: SECURITY FIX: June 27, 2002   All architectures
    -The kernel would let any user ktrace(2) set[ug]id processes.
    +The kernel would let any user ktrace(2) set[ug]id processes.
    A source code patch exists which remedies this problem.

    @@ -233,7 +233,7 @@

  • 020: SECURITY FIX: April 25, 2002   All architectures
    -A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
    +A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
    A source code patch exists which remedies this problem.

    @@ -241,7 +241,7 @@ 019: SECURITY FIX: April 22, 2002   All architectures
    A local user can gain super-user privileges due to a buffer overflow -in sshd(8) +in sshd(8) if AFS has been configured on the system or if KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled @@ -252,7 +252,7 @@

  • 018: SECURITY FIX: April 11, 2002   All architectures
    -mail(1) +mail(1) will process tilde escapes even in non-interactive mode. This can lead to a local root compromise.
    @@ -262,7 +262,7 @@
  • 017: RELIABILITY FIX: March 26, 2002   All architectures
    -isakmpd(8) +isakmpd(8) will crash when receiving a zero length IKE packet due to a too-late length check.
    @@ -273,14 +273,14 @@   All architectures
    Under certain conditions, on systems using YP with netgroups in the password database, it is possible for the -    rexecd(8) +rexecd(8) and -rshd(8) +rshd(8) daemons to execute the shell from a different user's password entry. Due to a similar problem, -atrun(8) +atrun(8) may change to the wrong home directory when running -at(1) +at(1) jobs.
    A source code patch exists which remedies this problem. @@ -290,7 +290,7 @@   All architectures
    Under some circumstances the zlib compression library can free dynamically allocated memory twice. This is not a security issue on OpenBSD since the BSD -free(3) +free(3) function detects this. There is also a kernel zlib component that may be used by pppd and IPsec. The feasibility of attacking the kernel this way is currently unknown.
    @@ -377,7 +377,7 @@
  • 006: SECURITY FIX: November 13, 2001   All architectures
    -pf(4) +pf(4) was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
    @@ -412,7 +412,7 @@
  • 002: SECURITY FIX: November 12, 2001   All architectures
    -    sshd(8) +sshd(8) is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems: