version 1.51, 2016/02/20 14:18:42 |
version 1.52, 2016/03/21 05:46:20 |
|
|
<strong>2nd revision, March 17, 2007</strong><br> |
<strong>2nd revision, March 17, 2007</strong><br> |
Incorrect mbuf handling for ICMP6 packets.<br> |
Incorrect mbuf handling for ICMP6 packets.<br> |
Using |
Using |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> |
<a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> |
to avoid the problem packets is an effective workaround until the patch |
to avoid the problem packets is an effective workaround until the patch |
can be installed.<br> |
can be installed.<br> |
Use "block in inet6" in /etc/pf.conf |
Use "block in inet6" in /etc/pf.conf |
|
|
<font color="#009000"><strong>007: SECURITY FIX: January 3, 2007</strong></font> |
<font color="#009000"><strong>007: SECURITY FIX: January 3, 2007</strong></font> |
<i>i386 only</i><br> |
<i>i386 only</i><br> |
Insufficient validation in |
Insufficient validation in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vga&sektion=4">vga(4)</a> |
<a href="http://man.openbsd.org?query=vga&sektion=4">vga(4)</a> |
may allow an attacker to gain root privileges if the kernel is compiled with |
may allow an attacker to gain root privileges if the kernel is compiled with |
<tt>option PCIAGP</tt> |
<tt>option PCIAGP</tt> |
and the actual device is not an AGP device. |
and the actual device is not an AGP device. |
|
|
<font color="#009000"><strong>005: SECURITY FIX: November 19, 2006</strong></font> |
<font color="#009000"><strong>005: SECURITY FIX: November 19, 2006</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The ELF |
The ELF |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> |
<a href="http://man.openbsd.org?query=ld.so&sektion=1">ld.so(1)</a> |
fails to properly sanitize the environment. There is a potential localhost security |
fails to properly sanitize the environment. There is a potential localhost security |
problem in cases we have not found yet. This patch applies to all ELF-based |
problem in cases we have not found yet. This patch applies to all ELF-based |
systems (m68k, m88k, and vax are a.out-based systems). |
systems (m68k, m88k, and vax are a.out-based systems). |
|
|
<font color="#009000"><strong>004: RELIABILITY FIX: November 7, 2006</strong></font> |
<font color="#009000"><strong>004: RELIABILITY FIX: November 7, 2006</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Due to a bug in the |
Due to a bug in the |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc&sektion=4">arc(4)</a> |
<a href="http://man.openbsd.org?query=arc&sektion=4">arc(4)</a> |
RAID driver the driver will not properly synchronize the cache to the logical volumes |
RAID driver the driver will not properly synchronize the cache to the logical volumes |
upon system shut down. The result being that the mounted file systems within the logical |
upon system shut down. The result being that the mounted file systems within the logical |
volumes will not be properly marked as being clean and fsck will be run for the subsequent |
volumes will not be properly marked as being clean and fsck will be run for the subsequent |
|
|
<font color="#009000"><strong>003: SECURITY FIX: November 4, 2006</strong></font> |
<font color="#009000"><strong>003: SECURITY FIX: November 4, 2006</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Fix for an integer overflow in |
Fix for an integer overflow in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>'s |
<a href="http://man.openbsd.org?query=systrace&sektion=4">systrace(4)</a>'s |
STRIOCREPLACE support, found by |
STRIOCREPLACE support, found by |
Chris Evans. This could be exploited for DoS, limited kmem reads or local |
Chris Evans. This could be exploited for DoS, limited kmem reads or local |
privilege escalation. |
privilege escalation. |
|
|
<li id="httpd"> |
<li id="httpd"> |
<font color="#009000"><strong>001: SECURITY FIX: November 4, 2006</strong></font> |
<font color="#009000"><strong>001: SECURITY FIX: November 4, 2006</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> |
<a href="http://man.openbsd.org?query=httpd&sektion=8">httpd(8)</a> |
does not sanitize the Expect header from an HTTP request when it is |
does not sanitize the Expect header from an HTTP request when it is |
reflected back in an error message, which might allow cross-site scripting (XSS) |
reflected back in an error message, which might allow cross-site scripting (XSS) |
style attacks. |
style attacks. |