-022: SECURITY FIX: May 5, 2004
+022: SECURITY FIX: May 5, 2004All architectures
Pathname validation problems have been found in
cvs(1),
@@ -100,7 +98,7 @@
A source code patch exists which remedies this problem.
-021: RELIABILITY FIX: March 17, 2004
+021: RELIABILITY FIX: March 17, 2004All architectures
A missing check for a NULL-pointer dereference has been found in
ssl(3).
@@ -111,7 +109,7 @@
A source code patch exists which remedies this problem.
-020: RELIABILITY FIX: March 17, 2004
+020: RELIABILITY FIX: March 17, 2004All architectures
Defects in the payload validation and processing functions of
isakmpd(8)
@@ -123,7 +121,7 @@
A source code patch exists which remedies this problem.
-019: SECURITY FIX: March 13, 2004
+019: SECURITY FIX: March 13, 2004All architectures
Due to a bug in the parsing of Allow/Deny rules for
httpd(8)'s
@@ -134,7 +132,7 @@
A source code patch exists which remedies this problem.
-018: RELIABILITY FIX: March 8, 2004
+018: RELIABILITY FIX: March 8, 2004All architectures
OpenBSD's TCP/IP stack did not impose limits on how many out-of-order
TCP segments are queued in the system. An attacker could
@@ -145,7 +143,7 @@
A source code patch exists which remedies this problem.
-017: RELIABILITY FIX: February 14, 2004
+017: RELIABILITY FIX: February 14, 2004All architectures
Several buffer overflows exist in the code parsing
font.aliases files in XFree86. Thanks to ProPolice, these cannot be
@@ -155,7 +153,7 @@
A source code patch exists which remedies this problem.
-016: SECURITY FIX: February 8, 2004
+016: SECURITY FIX: February 8, 2004All architectures
An IPv6 MTU handling problem exists that could be used by an attacker
to cause a denial of service attack against hosts with reachable IPv6
@@ -165,7 +163,7 @@
A source code patch exists which remedies this problem.
-015: SECURITY FIX: February 5, 2004
+015: SECURITY FIX: February 5, 2004All architectures
A reference counting bug exists in the
shmat(2)
@@ -176,7 +174,7 @@
A source code patch exists which remedies this problem.
-014: SECURITY FIX: January 15, 2004
+014: SECURITY FIX: January 15, 2004All architectures
Several message handling flaws in
isakmpd(8)
@@ -186,7 +184,7 @@
A source code patch exists which remedies this problem.
-013: RELIABILITY FIX: November 20, 2003
+013: RELIABILITY FIX: November 20, 2003All architectures
An improper bounds check makes it possible for a local user to cause a crash
by passing the
@@ -198,7 +196,7 @@
A source code patch exists which remedies this problem.
-012: RELIABILITY FIX: November 20, 2003
+012: RELIABILITY FIX: November 20, 2003All architectures
It is possible for a local user to cause a crash via
sysctl(3) with certain arguments.
@@ -206,8 +204,7 @@
A source code patch exists which remedies this problem.
-
-011: SECURITY FIX: November 17, 2003
+011: SECURITY FIX: November 17, 2003i386 only
It is possible for a local user to execute arbitrary code resulting in escalation of
privileges due to a stack overrun in
@@ -216,7 +213,7 @@
A source code patch exists which remedies this problem.
-010: RELIABILITY FIX: November 4, 2003
+010: RELIABILITY FIX: November 4, 2003All architectures
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
@@ -224,19 +221,19 @@
A source code patch exists which remedies this problem.
-009: RELIABILITY FIX: October 29, 2003
+009: RELIABILITY FIX: October 29, 2003All architectures
-A user with write permission to httpd.conf or a .htaccess
+A user with write permission to httpd.conf or a .htaccess
file can crash
httpd(8)
-or potentially run arbitrary code as the user www (although it
+or potentially run arbitrary code as the user www (although it
is believed that ProPolice will prevent code execution).
A source code patch exists which remedies this problem.
-008: RELIABILITY FIX: October 1, 2003
+008: RELIABILITY FIX: October 1, 2003All architectures
It is possible for a local user to cause a system panic by flooding it with spoofed ARP
requests.
@@ -244,7 +241,7 @@
A source code patch exists which remedies this problem.
-007: SECURITY FIX: October 1, 2003
+007: SECURITY FIX: October 1, 2003All architectures
The use of certain ASN.1 encodings or malformed public keys may allow an
attacker to mount a denial of service attack against applications linked with
@@ -254,7 +251,7 @@
A source code patch exists which remedies this problem.
-006: SECURITY FIX: September 24, 2003
+006: SECURITY FIX: September 24, 2003All architectures
Three cases of potential access to freed memory have been found in
pf(4).
@@ -263,7 +260,7 @@
A source code patch exists which remedies this problem.
-005: SECURITY FIX: September 17, 2003
+005: SECURITY FIX: September 17, 2003All architectures
A buffer overflow in the address parsing in
sendmail(8)
@@ -274,7 +271,7 @@
problem.
-004: SECURITY FIX: September 16, 2003
+004: SECURITY FIX: September 16, 2003All architectures
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.
It is unclear whether or not this bug is exploitable.
@@ -284,7 +281,7 @@
problem.
-003: SECURITY FIX: September 10, 2003
+003: SECURITY FIX: September 10, 2003All architectures
Root may be able to reduce the security level by taking advantage of
an integer overflow when the semaphore limits are made very large.
@@ -292,7 +289,7 @@
A source code patch exists which remedies this problem.
-002: RELIABILITY FIX: August 20, 2003
+002: RELIABILITY FIX: August 20, 2003All architectures
An improper bounds check in the
semget(2)
@@ -301,7 +298,7 @@
A source code patch exists which remedies this problem.
-001: SECURITY FIX: August 4, 2003
+001: SECURITY FIX: August 4, 2003All architectures
An off-by-one error exists in the C library function
realpath(3).
@@ -315,6 +312,3 @@