version 1.3, 2003/11/04 16:01:21 |
version 1.4, 2003/11/10 04:58:33 |
|
|
<li><font color="#009000"><strong>010: RELIABILITY FIX: November 4, 2003</strong></font><br> |
<li><font color="#009000"><strong>010: RELIABILITY FIX: November 4, 2003</strong></font><br> |
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. |
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch">A source code patch exists which remedies the problem</a>.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch"> |
|
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<a name=httpd></a> |
<a name=httpd></a> |
<li><font color="#009000"><strong>009: RELIABILITY FIX: October 29, 2003</strong></font><br> |
<li><font color="#009000"><strong>009: RELIABILITY FIX: October 29, 2003</strong></font><br> |
|
|
or potentially run arbitrary code as the user <tt>www</tt> (although it |
or potentially run arbitrary code as the user <tt>www</tt> (although it |
is believed that ProPolice will prevent code execution). |
is believed that ProPolice will prevent code execution). |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch">A source code patch exists which remedies the problem</a>.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch"> |
|
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<a name=arp></a> |
<a name=arp></a> |
<li><font color="#009000"><strong>008: RELIABILITY FIX: October 1, 2003</strong></font><br> |
<li><font color="#009000"><strong>008: RELIABILITY FIX: October 1, 2003</strong></font><br> |
It is possible for a local user to cause a system panic by flooding it with spoofed ARP |
It is possible for a local user to cause a system panic by flooding it with spoofed ARP |
requests.<br> |
requests.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch">A source code patch exists which remedies the problem</a>.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch"> |
|
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<a name=asn1></a> |
<a name=asn1></a> |
<li><font color="#009000"><strong>007: SECURITY FIX: October 1, 2003</strong></font><br> |
<li><font color="#009000"><strong>007: SECURITY FIX: October 1, 2003</strong></font><br> |
|
|
attacker to mount a denial of service attack against applications linked with |
attacker to mount a denial of service attack against applications linked with |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>. |
This does not affect OpenSSH.<br> |
This does not affect OpenSSH.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch">A source code patch exists which remedies the problem</a>.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch"> |
|
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<a name=pfnorm></a> |
<a name=pfnorm></a> |
<li><font color="#009000"><strong>006: SECURITY FIX: September 24, 2003</strong></font><br> |
<li><font color="#009000"><strong>006: SECURITY FIX: September 24, 2003</strong></font><br> |
Three cases of potential access to freed memory have been found in |
Three cases of potential access to freed memory have been found in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
At least one of them could be used to panic pf with active scrub rules remotely.<br> |
At least one of them could be used to panic pf with active scrub rules remotely.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch">A source code patch exists which remedies the problem</a>.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch"> |
|
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<a name=sendmail></a> |
<a name=sendmail></a> |
<li><font color="#009000"><strong>005: SECURITY FIX: September 17, 2003</strong></font><br> |
<li><font color="#009000"><strong>005: SECURITY FIX: September 17, 2003</strong></font><br> |
A buffer overflow in the address parsing in |
A buffer overflow in the address parsing in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
may allow an attacker to gain root privileges.<br> |
may allow an attacker to gain root privileges.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch">A source code patch exists which remedies the problem</a>.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch"> |
|
A source code patch exists which remedies the problem</a>.<br> |
NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
problem. |
problem. |
<p> |
<p> |
|
|
<li><font color="#009000"><strong>003: SECURITY FIX: September 10, 2003</strong></font><br> |
<li><font color="#009000"><strong>003: SECURITY FIX: September 10, 2003</strong></font><br> |
Root may be able to reduce the security level by taking advantage of |
Root may be able to reduce the security level by taking advantage of |
an integer overflow when the semaphore limits are made very large.<br> |
an integer overflow when the semaphore limits are made very large.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch">A |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch"> |
source code patch exists which remedies the problem</a>. |
A source code patch exists which remedies the problem</a>. |
<p> |
<p> |
<a name=semget></a> |
<a name=semget></a> |
<li><font color="#009000"><strong>002: RELIABILITY FIX: August 20, 2003</strong></font><br> |
<li><font color="#009000"><strong>002: RELIABILITY FIX: August 20, 2003</strong></font><br> |
An improper bounds check in the |
An improper bounds check in the |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semget&sektion=2">semget(2)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semget&sektion=2">semget(2)</a> |
system call can allow a local user to cause a kernel panic.<br> |
system call can allow a local user to cause a kernel panic.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch">A |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch"> |
source code patch exists which remedies the problem</a>. |
A source code patch exists which remedies the problem</a>. |
<a name=realpath></a> |
<a name=realpath></a> |
<p> |
<p> |
<li><font color="#009000"><strong>001: SECURITY FIX: August 4, 2003</strong></font><br> |
<li><font color="#009000"><strong>001: SECURITY FIX: August 4, 2003</strong></font><br> |
|
|
Since this same bug resulted in a root compromise in the wu-ftpd ftp server |
Since this same bug resulted in a root compromise in the wu-ftpd ftp server |
it is possible that this bug may allow an attacker to gain escalated privileges |
it is possible that this bug may allow an attacker to gain escalated privileges |
on OpenBSD.<br> |
on OpenBSD.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch">A |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch"> |
source code patch exists which remedies the problem</a>. |
A source code patch exists which remedies the problem</a>. |
<p> |
<p> |
</ul> |
</ul> |
<p> |
<p> |