Return to errata31.html CVS log | Up to [local] / www |
version 1.6, 2002/10/22 13:53:27 | version 1.7, 2002/11/06 23:37:17 | ||
---|---|---|---|
|
|
||
<a name=all></a> | <a name=all></a> | ||
<li><h3><font color=#e00000>All architectures</font></h3> | <li><h3><font color=#e00000>All architectures</font></h3> | ||
<ul> | <ul> | ||
<a name=kernresource></a> | |||
<li><font color=#009000><strong>018: SECURITY FIX: November 6, 2002</strong></font><br> | |||
Incorrect argument checking in the | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getrlimit&sektion=2">getrlimit(2)</a> | |||
system call may allow an attacker to crash the kernel.<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/018_kernresource.patch">A | |||
source code patch exists which remedies the problem</a>. | |||
<p> | |||
<a name=smrsh></a> | |||
<li><font color=#009000><strong>017: SECURITY FIX: November 6, 2002</strong></font><br> | |||
An attacker can bypass the restrictions imposed by sendmail's restricted shell, | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>, | |||
and execute arbitrary commands with the privileges of his own account.<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/017_smrsh.patch">A | |||
source code patch exists which remedies the problem</a>. | |||
<p> | |||
<a name=kadmin></a> | <a name=kadmin></a> | ||
<li><font color=#009000><strong>016: SECURITY FIX: October 21, 2002</strong></font><br> | <li><font color=#009000><strong>016: SECURITY FIX: October 21, 2002</strong></font><br> | ||
A buffer overflow can occur in the | A buffer overflow can occur in the |