===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata33.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -c -r1.3 -r1.4
*** www/errata33.html 2003/11/04 16:01:21 1.3
--- www/errata33.html 2003/11/10 04:58:33 1.4
***************
*** 59,65 ****
010: RELIABILITY FIX: November 4, 2003
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
! A source code patch exists which remedies the problem.
009: RELIABILITY FIX: October 29, 2003
--- 59,66 ----
010: RELIABILITY FIX: November 4, 2003
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
!
! A source code patch exists which remedies the problem.
009: RELIABILITY FIX: October 29, 2003
***************
*** 69,81 ****
or potentially run arbitrary code as the user www (although it
is believed that ProPolice will prevent code execution).
! A source code patch exists which remedies the problem.
008: RELIABILITY FIX: October 1, 2003
It is possible for a local user to cause a system panic by flooding it with spoofed ARP
requests.
! A source code patch exists which remedies the problem.
007: SECURITY FIX: October 1, 2003
--- 70,84 ----
or potentially run arbitrary code as the user www (although it
is believed that ProPolice will prevent code execution).
!
! A source code patch exists which remedies the problem.
008: RELIABILITY FIX: October 1, 2003
It is possible for a local user to cause a system panic by flooding it with spoofed ARP
requests.
!
! A source code patch exists which remedies the problem.
007: SECURITY FIX: October 1, 2003
***************
*** 83,103 ****
attacker to mount a denial of service attack against applications linked with
ssl(3).
This does not affect OpenSSH.
! A source code patch exists which remedies the problem.
006: SECURITY FIX: September 24, 2003
Three cases of potential access to freed memory have been found in
pf(4).
At least one of them could be used to panic pf with active scrub rules remotely.
! A source code patch exists which remedies the problem.
005: SECURITY FIX: September 17, 2003
A buffer overflow in the address parsing in
sendmail(8)
may allow an attacker to gain root privileges.
! A source code patch exists which remedies the problem.
NOTE: this is the second revision of the patch that fixes an additional
problem.
--- 86,109 ----
attacker to mount a denial of service attack against applications linked with
ssl(3).
This does not affect OpenSSH.
!
! A source code patch exists which remedies the problem.
006: SECURITY FIX: September 24, 2003
Three cases of potential access to freed memory have been found in
pf(4).
At least one of them could be used to panic pf with active scrub rules remotely.
!
! A source code patch exists which remedies the problem.
005: SECURITY FIX: September 17, 2003
A buffer overflow in the address parsing in
sendmail(8)
may allow an attacker to gain root privileges.
!
! A source code patch exists which remedies the problem.
NOTE: this is the second revision of the patch that fixes an additional
problem.
***************
*** 114,129 ****
003: SECURITY FIX: September 10, 2003
Root may be able to reduce the security level by taking advantage of
an integer overflow when the semaphore limits are made very large.
! A
! source code patch exists which remedies the problem.
002: RELIABILITY FIX: August 20, 2003
An improper bounds check in the
semget(2)
system call can allow a local user to cause a kernel panic.
! A
! source code patch exists which remedies the problem.
001: SECURITY FIX: August 4, 2003
--- 120,135 ----
003: SECURITY FIX: September 10, 2003
Root may be able to reduce the security level by taking advantage of
an integer overflow when the semaphore limits are made very large.
!
! A source code patch exists which remedies the problem.
002: RELIABILITY FIX: August 20, 2003
An improper bounds check in the
semget(2)
system call can allow a local user to cause a kernel panic.
!
! A source code patch exists which remedies the problem.
001: SECURITY FIX: August 4, 2003
***************
*** 132,139 ****
Since this same bug resulted in a root compromise in the wu-ftpd ftp server
it is possible that this bug may allow an attacker to gain escalated privileges
on OpenBSD.
! A
! source code patch exists which remedies the problem.
--- 138,145 ----
Since this same bug resulted in a root compromise in the wu-ftpd ftp server
it is possible that this bug may allow an attacker to gain escalated privileges
on OpenBSD.
!
! A source code patch exists which remedies the problem.
***************
*** 223,229 ****
www@openbsd.org
!
$OpenBSD: errata33.html,v 1.3 2003/11/04 16:01:21 brad Exp $