Return to plus.html CVS log | Up to [local] / www |
version 1.860, 2003/02/22 23:59:25 | version 1.861, 2003/02/25 01:56:00 | ||
---|---|---|---|
|
|
||
<p> | <p> | ||
<ul> | <ul> | ||
<li><font color="#e00000"><strong>SECURITY FIX: February 25, 2003: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.</strong></font><br> | |||
<a href="errata.html#httpd">A source code patch is available</a>.<br> | |||
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> | |||
<li>Fix a null deref triggered by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>. | <li>Fix a null deref triggered by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>. | ||
<!-- ^ 20030220 --> | <!-- ^ 20030220 --> | ||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rejects non-existent interfaces in rules using dynamic interface syntax. | <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rejects non-existent interfaces in rules using dynamic interface syntax. |