===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata37.html,v
retrieving revision 1.51
retrieving revision 1.52
diff -c -r1.51 -r1.52
*** www/errata37.html 2016/03/21 05:46:20 1.51
--- www/errata37.html 2016/03/22 10:54:42 1.52
***************
*** 111,122 ****
011: SECURITY FIX: February 12, 2006
All architectures
Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the
! system(3)
function in
! scp(1)
when performing copy operations using filenames that are supplied by the user from the command line.
This can be exploited to execute shell commands with privileges of the user running
! scp(1).
A source code patch exists which remedies this problem.
--- 111,122 ----
011: SECURITY FIX: February 12, 2006
All architectures
Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the
! system(3)
function in
! scp(1)
when performing copy operations using filenames that are supplied by the user from the command line.
This can be exploited to execute shell commands with privileges of the user running
! scp(1).
A source code patch exists which remedies this problem.
***************
*** 126,132 ****
010: RELIABILITY FIX: January 13, 2006
i386 architecture
Constrain
! i386_set_ioperm(2)
so even root is blocked from accessing the ioports
unless the machine is running at lower securelevels or with an open X11 aperture.
--- 126,132 ----
010: RELIABILITY FIX: January 13, 2006
i386 architecture
Constrain
! i386_set_ioperm(2)
so even root is blocked from accessing the ioports
unless the machine is running at lower securelevels or with an open X11 aperture.
***************
*** 140,148 ****
Change the implementation of i386 W^X so that the "execute line" can move around.
Before it was limited to being either at 512MB (below which all code normally
lands) or at the top of the stack. Now the line can float as
! mprotect(2)
and
! mmap(2)
requests need it to. This is now implemented using only GDT selectors
instead of the LDT so that it is more robust as well.
--- 140,148 ----
Change the implementation of i386 W^X so that the "execute line" can move around.
Before it was limited to being either at 512MB (below which all code normally
lands) or at the top of the stack. Now the line can float as
! mprotect(2)
and
! mmap(2)
requests need it to. This is now implemented using only GDT selectors
instead of the LDT so that it is more robust as well.
***************
*** 173,179 ****
006: RELIABILITY FIX: November 5, 2005
All architectures
Due to wrong advertisement of RFC 3947 compliance interoperability problems with
! isakmpd(8)
may occur.
--- 173,179 ----
006: RELIABILITY FIX: November 5, 2005
All architectures
Due to wrong advertisement of RFC 3947 compliance interoperability problems with
! isakmpd(8)
may occur.
***************
*** 184,190 ****
005: SECURITY FIX: July 21, 2005
All architectures
A buffer overflow has been found in
! compress(3)
which may be exploitable.
Please note that this fixes a different buffer overflow than the previous zlib patch.
--- 184,190 ----
005: SECURITY FIX: July 21, 2005
All architectures
A buffer overflow has been found in
! compress(3)
which may be exploitable.
Please note that this fixes a different buffer overflow than the previous zlib patch.
***************
*** 196,202 ****
004: SECURITY FIX: July 6, 2005
All architectures
A buffer overflow has been found in
! compress(3)
which may be exploitable.
--- 196,202 ----
004: SECURITY FIX: July 6, 2005
All architectures
A buffer overflow has been found in
! compress(3)
which may be exploitable.
***************
*** 207,213 ****
003: SECURITY FIX: June 20, 2005
All architectures
Due to a race condition in its command pathname handling, a user with
! sudo(8)
privileges may be able to run arbitrary commands if the user's entry
is followed by an entry that grants sudo ALL privileges to
another user.
--- 207,213 ----
003: SECURITY FIX: June 20, 2005
All architectures
Due to a race condition in its command pathname handling, a user with
! sudo(8)
privileges may be able to run arbitrary commands if the user's entry
is followed by an entry that grants sudo ALL privileges to
another user.
***************
*** 220,228 ****
002: RELIABILITY FIX: June 15, 2005
All architectures
As discovered by Stefan Miltchev calling
! getsockopt(2)
to get
! ipsec(4)
credentials for a socket can result in a kernel panic.
--- 220,228 ----
002: RELIABILITY FIX: June 15, 2005
All architectures
As discovered by Stefan Miltchev calling
! getsockopt(2)
to get
! ipsec(4)
credentials for a socket can result in a kernel panic.
***************
*** 234,240 ****
All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in
! cvs(1)
. None of these issues are known to be exploitable.
CAN-2005-0753
.
--- 234,240 ----
All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in
! cvs(1)
. None of these issues are known to be exploitable.
CAN-2005-0753
.