www/errata33.html - diff

Return to errata33.html CVS log

Up to [local] / www

Diff for /www/errata33.html between version 1.39 and 1.40

version 1.39, 2010/03/08 21:53:37

version 1.40, 2010/07/08 19:00:07

Line 54

<hr>

You can also fetch a tar.gz file containing all the following patches</a>.

This file is updated once a day.

Line 79

the client and allowing clients to check out files outside the CVS

repository.

A source code patch exists which remedies this problem</a>.

Line 90

A remote attacker can use the bug to cause an OpenSSL application to crash;

this may lead to a denial of service.

A source code patch exists which remedies this problem</a>.

Line 102

cause isakmpd to crash or to loop endlessly. This patch fixes these problems

and removes some memory leaks.

A source code patch exists which remedies this problem</a>.

Line 113

access module, using IP addresses without a netmask on big endian 64-bit

platforms causes the rules to fail to match. This only affects sparc64.

A source code patch exists which remedies the problem</a>.

Line 124

send out-of-order TCP segments and trick the system into using all

available memory buffers.

A source code patch exists which remedies the problem</a>.

Line 134

font.aliases files in XFree86. Thanks to ProPolice, these cannot be

exploited to gain privileges, but they can cause the X server to abort.

A source code patch exists which remedies the problem</a>.

Line 143

to cause a denial of service attack against hosts with reachable IPv6

TCP ports.

A source code patch exists which remedies the problem</a>.

Line 153

system call that could be used by an attacker to write to kernel memory

under certain circumstances.

A source code patch exists which remedies the problem</a>.

Line 162

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a>

have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.

A source code patch exists which remedies these problems</a>.

Line 173

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semop&apropos=0&sektion=2&manpath=OpenBSD+Current&arch=i386&format=html">semop(2)</a> functions

certain arguments.

A source code patch exists which remedies the problem</a>.

012: RELIABILITY FIX: November 20, 2003

It is possible for a local user to cause a crash via

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&apropos=0&sektion=3&manpath=OpenBSD+Current&arch=i386&format=html">sysctl(3)</a> with certain arguments.

A source code patch exists which remedies the problem</a>.

010: RELIABILITY FIX: November 4, 2003

It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.

A source code patch exists which remedies the problem</a>.

Line 198

or potentially run arbitrary code as the user <tt>www</tt> (although it

is believed that ProPolice will prevent code execution).

A source code patch exists which remedies the problem</a>.

008: RELIABILITY FIX: October 1, 2003

It is possible for a local user to cause a system panic by flooding it with spoofed ARP

requests.

A source code patch exists which remedies the problem</a>.

Line 214

attacker to mount a denial of service attack against applications linked with

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>.

This does not affect OpenSSH.

A source code patch exists which remedies the problem</a>.

Line 222

Three cases of potential access to freed memory have been found in

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.

At least one of them could be used to panic pf with active scrub rules remotely.

A source code patch exists which remedies the problem</a>.

Line 230

A buffer overflow in the address parsing in

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>

may allow an attacker to gain root privileges.

A source code patch exists which remedies the problem</a>.

NOTE: this is the second revision of the patch that fixes an additional

problem.

Line 239

004: SECURITY FIX: September 16, 2003

All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.

It is unclear whether or not this bug is exploitable.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch">A

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch">A

source code patch exists which remedies the problem</a>.

NOTE: this is the second revision of the patch that fixes an additional

problem.

Line 248

003: SECURITY FIX: September 10, 2003

Root may be able to reduce the security level by taking advantage of

an integer overflow when the semaphore limits are made very large.

A source code patch exists which remedies the problem</a>.

Line 256

An improper bounds check in the

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semget&sektion=2">semget(2)</a>

system call can allow a local user to cause a kernel panic.

A source code patch exists which remedies the problem</a>.

Line 266

Since this same bug resulted in a root compromise in the wu-ftpd ftp server

it is possible that this bug may allow an attacker to gain escalated privileges

on OpenBSD.

A source code patch exists which remedies the problem</a>.

</ul>

Line 279

It is possible for a local user to execute arbitrary code resulting in escalation of

privileges due to a stack overrun in

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compat_ibcs2&sektion=8&apropos=0&manpath=OpenBSD+Current&arch=i386">compat_ibcs2(8)</a>.

A source code patch exists which remedies the problem</a>.

</ul>