Return to plus.html CVS log | Up to [local] / www |
version 1.925, 2004/05/30 16:23:12 | version 1.926, 2004/06/03 23:38:49 | ||
---|---|---|---|
|
|
||
<a href="errata.html#cvs2">A source code patch is available</a>.<br> | <a href="errata.html#cvs2">A source code patch is available</a>.<br> | ||
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> | <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> | ||
<li>Allow symbolic service- and protocol names in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, so e.g. "Protocol=tcp" now works. | <li>Allow symbolic service- and protocol names in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, so e.g. "Protocol=tcp" now works. | ||
<li>Fix a cross-realm trust vulnerability in Kerberos V. Adapted from FreeBSD.<br> | <li><font color="#e00000"><strong>SECURITY FIX: A flaw in the Kerberos V <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdc&sektion=8">kdc(8)</a> server could result in the administrator of a Kerberos realm having the ability to impersonate any principal in any other realm which has established a cross-realm trust with their realm.</strong></font> The flaw is due to inadequate checking of the "transited" field in a Kerberos request. For more details see <a href="http://www.pdc.kth.se/heimdal/advisory/2004-04-01/">Heimdal's announcement</a>.<br> | ||
<a href="errata.html#kerberos">A source code patch is available</a>.<br> | |||
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> | <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> | ||
<li>Add word boundary tests to the regexes that find @-commands in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a> etc. packing lists. | <li>Add word boundary tests to the regexes that find @-commands in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a> etc. packing lists. | ||
<li>Fix SIGINT handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>. | <li>Fix SIGINT handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>. |