===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata31.html,v
retrieving revision 1.88
retrieving revision 1.89
diff -u -r1.88 -r1.89
--- www/errata31.html 2019/05/27 22:55:19 1.88
+++ www/errata31.html 2019/05/28 16:32:41 1.89
@@ -84,129 +84,143 @@
--
-027: SECURITY FIX: March 31, 2003
+
+
-
+001: SECURITY FIX: April 22, 2002
All architectures
-A buffer overflow in the address parsing in
-sendmail(8)
-may allow an attacker to gain root privileges.
-
+A local user can gain super-user privileges due to a buffer overflow
+in sshd(8)
+if AFS has been configured on the system or if
+KerberosTgtPassing or AFSTokenPassing has been enabled
+in the sshd_config file. Ticket and token passing is not enabled
+by default.
+
A source code patch exists which remedies this problem.
-
-
-026: SECURITY FIX: March 24, 2003
+
+
-
+002: SECURITY FIX: April 25, 2002
All architectures
-The cryptographic weaknesses in the Kerberos v4 protocol can be exploited
-on Kerberos v5 as well.
-
-
+A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
+
A source code patch exists which remedies this problem.
-
-
-025: SECURITY FIX: March 19, 2003
+
+
-
+003: SECURITY FIX: May 8, 2002
All architectures
-OpenSSL is vulnerable to an extension of the "Bleichenbacher" attack designed
-by Czech researchers Klima, Pokorny and Rosa.
-
-
+A race condition exists where an attacker could fill the file descriptor
+table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
+setuid or setgid process.
+
A source code patch exists which remedies this problem.
-
-
-024: SECURITY FIX: March 18, 2003
+
+
-
+004: SECURITY FIX: May 22, 2002
All architectures
-Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.
-
-
+Under certain conditions, on systems using YP with netgroups in the
+password database, it is possible that
+sshd(8)
+does ACL checks for the requested user name but uses the password
+database entry of a different user for authentication. This means
+that denied users might authenticate successfully while permitted
+users could be locked out.
+
A source code patch exists which remedies this problem.
-
-
-023: SECURITY FIX: March 5, 2003
+
+
-
+005: SECURITY FIX: June 19, 2002
All architectures
-A fix for an
-lprm(1)
-bug made in 1996 contains an error that could lead to privilege escalation.
-
-
+A buffer overflow can occur during the interpretation of chunked
+encoding in the http daemon, leading to possible remote crash or exploit.
+
A source code patch exists which remedies this problem.
-
-
-022: SECURITY FIX: March 3, 2003
+
+
-
+006: SECURITY FIX: June 24, 2002
All architectures
-A buffer overflow in the envelope comments processing in
-sendmail(8)
-may allow an attacker to gain root privileges.
-
-A source code patch exists which remedies this problem.
+All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation
+error that can result in an integer overflow and privilege escalation.
+This problem is fixed in OpenSSH
+3.4, and a patch for the vulnerable releases is available as part of the
+security advisory.
-
-
-021: SECURITY FIX: February 23, 2003
+
+
-
+007: SECURITY FIX: June 25, 2002
All architectures
-In
-ssl(8) an information leak can occur via timing by performing a MAC computation
-even if incorrect block cipher padding has been found, this is a
-countermeasure. Also, check for negative sizes in memory allocation routines.
-
-A source code patch exists which fixes these two issues.
+A potential buffer overflow in the DNS resolver has been found.
+
+A source code patch exists which remedies this problem.
-
-
-020: SECURITY FIX: January 20, 2003
+
+
-
+008: SECURITY FIX: June 26, 2002
All architectures
-A double free in
-cvs(1)
-could allow an attacker to execute code with the privileges of the
-user running cvs. This is only an issue when the cvs command is
-being run on a user's behalf as a different user. This means that,
-in most cases, the issue only exists for cvs configurations that use
-the pserver client/server connection method.
-
+A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd
+module, leading to possible remote crash or exploit.
+
A source code patch exists which remedies this problem.
-
-
-019: SECURITY FIX: November 14, 2002
+
+
-
+009: SECURITY FIX: June 27, 2002
All architectures
-A buffer overflow in
-named(8)
-could allow an attacker to execute code with the privileges of named.
-On OpenBSD, named runs as a non-root user in a chrooted environment
-which mitigates the effects of this bug.
-
+The kernel would let any user ktrace(2) set[ug]id processes.
+
A source code patch exists which remedies this problem.
-
-
-018: SECURITY FIX: November 6, 2002
+
+
-
+010: RELIABILITY FIX: July 5, 2002
All architectures
-Incorrect argument checking in the
-getrlimit(2)
-system call may allow an attacker to crash the kernel.
-
+Receiving IKE payloads out of sequence can cause
+isakmpd(8) to crash.
+
A source code patch exists which remedies this problem.
+
+This is the second version of the patch.
-
-
-017: SECURITY FIX: November 6, 2002
+
+
-
+011: SECURITY FIX: July 29, 2002
All architectures
-An attacker can bypass the restrictions imposed by sendmail's restricted shell,
-smrsh(8),
-and execute arbitrary commands with the privileges of his own account.
-
+A race condition exists in the
+pppd(8)
+daemon which may cause it to alter the file permissions of an arbitrary file.
+
A source code patch exists which remedies this problem.
-
-
-016: SECURITY FIX: October 21, 2002
+
+
-
+012: SECURITY FIX: July 29, 2002
All architectures
A buffer overflow can occur in the
-kadmind(8)
-daemon, leading to possible remote crash or exploit.
-
+xdr_array(3)
+RPC code, leading to possible remote crash.
+
A source code patch exists which remedies this problem.
+
+This is the second version of the patch.
-
-
-015: SECURITY FIX: October 2, 2002
+
+
-
+013: SECURITY FIX: July 30, 2002
All architectures
-Incorrect argument checking in the
-setitimer(2) system call may allow an attacker to write to kernel memory.
-
+Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the
+ssl(8)
+library, as in the ASN.1 parser code in the
+crypto(3)
+library, all of them being potentially remotely exploitable.
+
A source code patch exists which remedies this problem.
+
+This is the second version of the patch.
+
-
014: SECURITY FIX: August 11, 2002
All architectures
@@ -217,127 +231,140 @@
A source code patch exists which remedies this problem.
-
-
-013: SECURITY FIX: July 30, 2002
+
+
-
+015: SECURITY FIX: October 2, 2002
All architectures
-Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the
-ssl(8)
-library, as in the ASN.1 parser code in the
-crypto(3)
-library, all of them being potentially remotely exploitable.
-
+Incorrect argument checking in the
+setitimer(2) system call may allow an attacker to write to kernel memory.
+
A source code patch exists which remedies this problem.
-
-This is the second version of the patch.
-
-
-012: SECURITY FIX: July 29, 2002
+
+
-
+016: SECURITY FIX: October 21, 2002
All architectures
A buffer overflow can occur in the
-xdr_array(3)
-RPC code, leading to possible remote crash.
-
+kadmind(8)
+daemon, leading to possible remote crash or exploit.
+
A source code patch exists which remedies this problem.
-
-This is the second version of the patch.
-
-
-011: SECURITY FIX: July 29, 2002
+
+
-
+017: SECURITY FIX: November 6, 2002
All architectures
-A race condition exists in the
-pppd(8)
-daemon which may cause it to alter the file permissions of an arbitrary file.
-
+An attacker can bypass the restrictions imposed by sendmail's restricted shell,
+smrsh(8),
+and execute arbitrary commands with the privileges of his own account.
+
A source code patch exists which remedies this problem.
-
-
-010: RELIABILITY FIX: July 5, 2002
+
+
-
+018: SECURITY FIX: November 6, 2002
All architectures
-Receiving IKE payloads out of sequence can cause
-isakmpd(8) to crash.
-
+Incorrect argument checking in the
+getrlimit(2)
+system call may allow an attacker to crash the kernel.
+
A source code patch exists which remedies this problem.
-
-This is the second version of the patch.
-
-
-009: SECURITY FIX: June 27, 2002
+
+
-
+019: SECURITY FIX: November 14, 2002
All architectures
-The kernel would let any user ktrace(2) set[ug]id processes.
-
+A buffer overflow in
+named(8)
+could allow an attacker to execute code with the privileges of named.
+On OpenBSD, named runs as a non-root user in a chrooted environment
+which mitigates the effects of this bug.
+
A source code patch exists which remedies this problem.
-
-
-008: SECURITY FIX: June 26, 2002
+
+
-
+020: SECURITY FIX: January 20, 2003
All architectures
-A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd
-module, leading to possible remote crash or exploit.
-
+A double free in
+cvs(1)
+could allow an attacker to execute code with the privileges of the
+user running cvs. This is only an issue when the cvs command is
+being run on a user's behalf as a different user. This means that,
+in most cases, the issue only exists for cvs configurations that use
+the pserver client/server connection method.
+
A source code patch exists which remedies this problem.
-
-
-007: SECURITY FIX: June 25, 2002
+
+
-
+021: SECURITY FIX: February 23, 2003
All architectures
-A potential buffer overflow in the DNS resolver has been found.
-
-A source code patch exists which remedies this problem.
+In
+ssl(8) an information leak can occur via timing by performing a MAC computation
+even if incorrect block cipher padding has been found, this is a
+countermeasure. Also, check for negative sizes in memory allocation routines.
+
+A source code patch exists which fixes these two issues.
-
-
-006: SECURITY FIX: June 24, 2002
+
+
-
+022: SECURITY FIX: March 3, 2003
All architectures
-All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation
-error that can result in an integer overflow and privilege escalation.
-This problem is fixed in OpenSSH
-3.4, and a patch for the vulnerable releases is available as part of the
-security advisory.
+A buffer overflow in the envelope comments processing in
+sendmail(8)
+may allow an attacker to gain root privileges.
+
+A source code patch exists which remedies this problem.
-
-
-005: SECURITY FIX: June 19, 2002
+
+
-
+023: SECURITY FIX: March 5, 2003
All architectures
-A buffer overflow can occur during the interpretation of chunked
-encoding in the http daemon, leading to possible remote crash or exploit.
-
+A fix for an
+lprm(1)
+bug made in 1996 contains an error that could lead to privilege escalation.
+
+
A source code patch exists which remedies this problem.
-
-
-004: SECURITY FIX: May 22, 2002
+
+
-
+024: SECURITY FIX: March 18, 2003
All architectures
-Under certain conditions, on systems using YP with netgroups in the
-password database, it is possible that
-sshd(8)
-does ACL checks for the requested user name but uses the password
-database entry of a different user for authentication. This means
-that denied users might authenticate successfully while permitted
-users could be locked out.
-
+Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.
+
+
A source code patch exists which remedies this problem.
-
-
-003: SECURITY FIX: May 8, 2002
+
+
-
+025: SECURITY FIX: March 19, 2003
All architectures
-A race condition exists where an attacker could fill the file descriptor
-table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
-setuid or setgid process.
-
+OpenSSL is vulnerable to an extension of the "Bleichenbacher" attack designed
+by Czech researchers Klima, Pokorny and Rosa.
+
+
A source code patch exists which remedies this problem.
-
-
-002: SECURITY FIX: April 25, 2002
+
+
-
+026: SECURITY FIX: March 24, 2003
All architectures
-A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
-
+The cryptographic weaknesses in the Kerberos v4 protocol can be exploited
+on Kerberos v5 as well.
+
+
A source code patch exists which remedies this problem.
-
-
-001: SECURITY FIX: April 22, 2002
+
+
-
+027: SECURITY FIX: March 31, 2003
All architectures
-A local user can gain super-user privileges due to a buffer overflow
-in sshd(8)
-if AFS has been configured on the system or if
-KerberosTgtPassing or AFSTokenPassing has been enabled
-in the sshd_config file. Ticket and token passing is not enabled
-by default.
-
+A buffer overflow in the address parsing in
+sendmail(8)
+may allow an attacker to gain root privileges.
+
A source code patch exists which remedies this problem.