| version 1.64, 2016/02/20 14:18:42 |
version 1.65, 2016/03/21 05:46:20 |
|
|
| <font color="#009000"><strong>022: SECURITY FIX: May 5, 2004</strong></font> |
<font color="#009000"><strong>022: SECURITY FIX: May 5, 2004</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Pathname validation problems have been found in |
Pathname validation problems have been found in |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">cvs(1)</a>, |
<a href="http://man.openbsd.org?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">cvs(1)</a>, |
| allowing malicious clients to create files outside the repository, allowing |
allowing malicious clients to create files outside the repository, allowing |
| malicious servers to overwrite files outside the local CVS tree on |
malicious servers to overwrite files outside the local CVS tree on |
| the client and allowing clients to check out files outside the CVS |
the client and allowing clients to check out files outside the CVS |
|
|
| <font color="#009000"><strong>021: RELIABILITY FIX: March 17, 2004</strong></font> |
<font color="#009000"><strong>021: RELIABILITY FIX: March 17, 2004</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A missing check for a NULL-pointer dereference has been found in |
A missing check for a NULL-pointer dereference has been found in |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&apropos=0&sektion=3&manpath=OpenBSD+Current&arch=i386&format=html">ssl(3)</a>. |
<a href="http://man.openbsd.org?query=ssl&apropos=0&sektion=3&manpath=OpenBSD+Current&arch=i386&format=html">ssl(3)</a>. |
| A remote attacker can use the bug to cause an OpenSSL application to crash; |
A remote attacker can use the bug to cause an OpenSSL application to crash; |
| this may lead to a denial of service. |
this may lead to a denial of service. |
| <br> |
<br> |
|
|
| <font color="#009000"><strong>020: RELIABILITY FIX: March 17, 2004</strong></font> |
<font color="#009000"><strong>020: RELIABILITY FIX: March 17, 2004</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Defects in the payload validation and processing functions of |
Defects in the payload validation and processing functions of |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a> |
<a href="http://man.openbsd.org?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a> |
| have been discovered. An attacker could send malformed ISAKMP messages and |
have been discovered. An attacker could send malformed ISAKMP messages and |
| cause isakmpd to crash or to loop endlessly. This patch fixes these problems |
cause isakmpd to crash or to loop endlessly. This patch fixes these problems |
| and removes some memory leaks. |
and removes some memory leaks. |
|
|
| <font color="#009000"><strong>019: SECURITY FIX: March 13, 2004</strong></font> |
<font color="#009000"><strong>019: SECURITY FIX: March 13, 2004</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Due to a bug in the parsing of Allow/Deny rules for |
Due to a bug in the parsing of Allow/Deny rules for |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)'s</a> |
<a href="http://man.openbsd.org?query=httpd&sektion=8">httpd(8)'s</a> |
| access module, using IP addresses without a netmask on big endian 64-bit |
access module, using IP addresses without a netmask on big endian 64-bit |
| platforms causes the rules to fail to match. This only affects sparc64. |
platforms causes the rules to fail to match. This only affects sparc64. |
| <br> |
<br> |
|
|
| <font color="#009000"><strong>015: SECURITY FIX: February 5, 2004</strong></font> |
<font color="#009000"><strong>015: SECURITY FIX: February 5, 2004</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A reference counting bug exists in the |
A reference counting bug exists in the |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=shmat&apropos=0&sektion=2&manpath=OpenBSD+Current&format=html">shmat(2)</a> |
<a href="http://man.openbsd.org?query=shmat&apropos=0&sektion=2&manpath=OpenBSD+Current&format=html">shmat(2)</a> |
| system call that could be used by an attacker to write to kernel memory |
system call that could be used by an attacker to write to kernel memory |
| under certain circumstances. |
under certain circumstances. |
| <br> |
<br> |
|
|
| <font color="#009000"><strong>014: SECURITY FIX: January 15, 2004</strong></font> |
<font color="#009000"><strong>014: SECURITY FIX: January 15, 2004</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Several message handling flaws in |
Several message handling flaws in |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a> |
<a href="http://man.openbsd.org?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a> |
| have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs. |
have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/014_isakmpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/014_isakmpd.patch"> |
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| An improper bounds check makes it possible for a local user to cause a crash |
An improper bounds check makes it possible for a local user to cause a crash |
| by passing the |
by passing the |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semctl&apropos=0&sektion=2&manpath=OpenBSD+Current&arch=i386&format=html">semctl(2)</a> and |
<a href="http://man.openbsd.org?query=semctl&apropos=0&sektion=2&manpath=OpenBSD+Current&arch=i386&format=html">semctl(2)</a> and |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semop&apropos=0&sektion=2&manpath=OpenBSD+Current&arch=i386&format=html">semop(2)</a> functions |
<a href="http://man.openbsd.org?query=semop&apropos=0&sektion=2&manpath=OpenBSD+Current&arch=i386&format=html">semop(2)</a> functions |
| certain arguments. |
certain arguments. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch"> |
|
|
| <font color="#009000"><strong>012: RELIABILITY FIX: November 20, 2003</strong></font> |
<font color="#009000"><strong>012: RELIABILITY FIX: November 20, 2003</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| It is possible for a local user to cause a crash via |
It is possible for a local user to cause a crash via |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&apropos=0&sektion=3&manpath=OpenBSD+Current&arch=i386&format=html">sysctl(3)</a> with certain arguments.<br> |
<a href="http://man.openbsd.org?query=sysctl&apropos=0&sektion=3&manpath=OpenBSD+Current&arch=i386&format=html">sysctl(3)</a> with certain arguments.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
|
|
| <i>i386 only</i><br> |
<i>i386 only</i><br> |
| It is possible for a local user to execute arbitrary code resulting in escalation of |
It is possible for a local user to execute arbitrary code resulting in escalation of |
| privileges due to a stack overrun in |
privileges due to a stack overrun in |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compat_ibcs2&sektion=8&apropos=0&manpath=OpenBSD+Current&arch=i386">compat_ibcs2(8)</a>.<br> |
<a href="http://man.openbsd.org?query=compat_ibcs2&sektion=8&apropos=0&manpath=OpenBSD+Current&arch=i386">compat_ibcs2(8)</a>.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A user with write permission to <tt>httpd.conf</tt> or a <tt>.htaccess</tt> |
A user with write permission to <tt>httpd.conf</tt> or a <tt>.htaccess</tt> |
| file can crash |
file can crash |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> |
<a href="http://man.openbsd.org?query=httpd&sektion=8">httpd(8)</a> |
| or potentially run arbitrary code as the user <tt>www</tt> (although it |
or potentially run arbitrary code as the user <tt>www</tt> (although it |
| is believed that ProPolice will prevent code execution). |
is believed that ProPolice will prevent code execution). |
| <br> |
<br> |
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| The use of certain ASN.1 encodings or malformed public keys may allow an |
The use of certain ASN.1 encodings or malformed public keys may allow an |
| attacker to mount a denial of service attack against applications linked with |
attacker to mount a denial of service attack against applications linked with |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>. |
<a href="http://man.openbsd.org?query=ssl&sektion=3">ssl(3)</a>. |
| This does not affect OpenSSH.<br> |
This does not affect OpenSSH.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
|
|
| <font color="#009000"><strong>006: SECURITY FIX: September 24, 2003</strong></font> |
<font color="#009000"><strong>006: SECURITY FIX: September 24, 2003</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Three cases of potential access to freed memory have been found in |
Three cases of potential access to freed memory have been found in |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
<a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>. |
| At least one of them could be used to panic pf with active scrub rules remotely.<br> |
At least one of them could be used to panic pf with active scrub rules remotely.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
|
|
| <font color="#009000"><strong>005: SECURITY FIX: September 17, 2003</strong></font> |
<font color="#009000"><strong>005: SECURITY FIX: September 17, 2003</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A buffer overflow in the address parsing in |
A buffer overflow in the address parsing in |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
<a href="http://man.openbsd.org?query=sendmail&sektion=8">sendmail(8)</a> |
| may allow an attacker to gain root privileges.<br> |
may allow an attacker to gain root privileges.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
|
|
| <font color="#009000"><strong>002: RELIABILITY FIX: August 20, 2003</strong></font> |
<font color="#009000"><strong>002: RELIABILITY FIX: August 20, 2003</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| An improper bounds check in the |
An improper bounds check in the |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semget&sektion=2">semget(2)</a> |
<a href="http://man.openbsd.org?query=semget&sektion=2">semget(2)</a> |
| system call can allow a local user to cause a kernel panic.<br> |
system call can allow a local user to cause a kernel panic.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
|
|
| <font color="#009000"><strong>001: SECURITY FIX: August 4, 2003</strong></font> |
<font color="#009000"><strong>001: SECURITY FIX: August 4, 2003</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| An off-by-one error exists in the C library function |
An off-by-one error exists in the C library function |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realpath&sektion=3">realpath(3)</a>. |
<a href="http://man.openbsd.org?query=realpath&sektion=3">realpath(3)</a>. |
| Since this same bug resulted in a root compromise in the wu-ftpd ftp server |
Since this same bug resulted in a root compromise in the wu-ftpd ftp server |
| it is possible that this bug may allow an attacker to gain escalated privileges |
it is possible that this bug may allow an attacker to gain escalated privileges |
| on OpenBSD.<br> |
on OpenBSD.<br> |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata33.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www