www/errata37.html - diff

Return to errata37.html CVS log

Up to [local] / www

Diff for /www/errata37.html between version 1.66 and 1.67

version 1.66, 2019/04/02 12:46:57

version 1.67, 2019/05/27 22:55:19

Line 1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<!doctype html>

<html>

<head>

<title>OpenBSD 3.7 Errata</title>

</head>

<!--

IMPORTANT REMINDER

IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE

-->

<h2>

OpenBSD</a>

OpenBSD</a>

3.7 Errata

3.7 Errata

</h2>

<hr>

Line 88

Line 86

<ul>

013: SECURITY FIX: May 2, 2006

013: SECURITY FIX: May 2, 2006

All architectures

A security vulnerability has been found in the X.Org server --

A security vulnerability has been found in the X.Org server –

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526">CVE-2006-1526</a>.

Clients authorized to connect to the X server are able to crash it and to execute

malicious code within the X server.

Line 100

Line 98

012: SECURITY FIX: March 25, 2006

012: SECURITY FIX: March 25, 2006

All architectures

A race condition has been reported to exist in the handling by sendmail of

asynchronous signals. A remote attacker may be able to execute arbitrary code with the

Line 111

Line 109

011: SECURITY FIX: February 12, 2006

011: SECURITY FIX: February 12, 2006

All architectures

Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the

<a href="https://man.openbsd.org/OpenBSD-3.7/system.3">system(3)</a>

Line 126

Line 124

010: RELIABILITY FIX: January 13, 2006

010: RELIABILITY FIX: January 13, 2006

i386 architecture

Constrain

<a href="https://man.openbsd.org/OpenBSD-3.7/i386/i386_set_ioperm.2">i386_set_ioperm(2)</a>

Line 138

Line 136

009: RELIABILITY FIX: January 13, 2006

009: RELIABILITY FIX: January 13, 2006

i386 architecture

Change the implementation of i386 W^X so that the "execute line" can move around.

Before it was limited to being either at 512MB (below which all code normally

Line 154

Line 152

008: SECURITY FIX: January 5, 2006

008: SECURITY FIX: January 5, 2006

All architectures

Do not allow users to trick suid programs into re-opening files via /dev/fd.

Line 163

Line 161

007: SECURITY FIX: January 5, 2006

007: SECURITY FIX: January 5, 2006

All architectures

A buffer overflow has been found in the Perl interpreter with the sprintf function which

may be exploitable under certain conditions.

Line 173

Line 171

006: RELIABILITY FIX: November 5, 2005

006: RELIABILITY FIX: November 5, 2005

All architectures

Due to wrong advertisement of RFC 3947 compliance interoperability problems with

<a href="https://man.openbsd.org/OpenBSD-3.7/isakmpd.8">isakmpd(8)</a>

Line 184

Line 182

005: SECURITY FIX: July 21, 2005

005: SECURITY FIX: July 21, 2005

All architectures

A buffer overflow has been found in

<a href="https://man.openbsd.org/OpenBSD-3.7/compress.3">compress(3)</a>

Line 196

Line 194

004: SECURITY FIX: July 6, 2005

004: SECURITY FIX: July 6, 2005

All architectures

A buffer overflow has been found in

<a href="https://man.openbsd.org/OpenBSD-3.7/compress.3">compress(3)</a>

Line 207

Line 205

003: SECURITY FIX: June 20, 2005

003: SECURITY FIX: June 20, 2005

All architectures

Due to a race condition in its command pathname handling, a user with

privileges may be able to run arbitrary commands if the user's entry

is followed by an entry that grants <tt>sudo ALL</tt> privileges to

is followed by an entry that grants <code>sudo ALL</code> privileges to

another user.

Line 220

Line 218

002: RELIABILITY FIX: June 15, 2005

002: RELIABILITY FIX: June 15, 2005

All architectures

As discovered by Stefan Miltchev calling

<a href="https://man.openbsd.org/OpenBSD-3.7/getsockopt.2">getsockopt(2)</a>

Line 233

Line 231

001: SECURITY FIX: June 7, 2005

001: SECURITY FIX: June 7, 2005

All architectures

Fix a buffer overflow, memory leaks, and NULL pointer dereference in

Line 249

Line 247

</ul>

<hr>

</body>

</html>