| version 1.151, 2000/10/26 14:12:08 |
version 1.152, 2000/11/10 21:24:16 |
|
|
| <p> |
<p> |
| </td> |
</td> |
| <td valign="top"> |
<td valign="top"> |
| |
<a href="#28">For 2.8 security advisories</a>.<br> |
| <a href="#27">For 2.7 security advisories</a>.<br> |
<a href="#27">For 2.7 security advisories</a>.<br> |
| <a href="#26">For 2.6 security advisories</a>.<br> |
<a href="#26">For 2.6 security advisories</a>.<br> |
| <a href="#25">For 2.5 security advisories</a>.<br> |
<a href="#25">For 2.5 security advisories</a>.<br> |
|
|
| <dl> |
<dl> |
| |
|
| <li> |
<li> |
| |
<a name=28></a> |
| |
|
| |
<h3><font color=#e00000>OpenBSD 2.8 Security Advisories</font></h3> |
| |
These are the OpenBSD 2.8 advisories -- all these problems are solved |
| |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
| |
OpenBSD 2.7 advisories listed below are fixed in OpenBSD 2.8. |
| |
|
| |
<p> |
| |
<ul> |
| |
<li>No security advisories for 2.8 as of yet. |
| |
|
| |
</ul> |
| |
|
| |
<p> |
| |
<li> |
| <a name=27></a> |
<a name=27></a> |
| |
|
| <h3><font color=#e00000>OpenBSD 2.7 Security Advisories</font></h3> |
<h3><font color=#e00000>OpenBSD 2.7 Security Advisories</font></h3> |
|
|
| |
|
| <p> |
<p> |
| <ul> |
<ul> |
| <li><a href=errata.html#xtrans>Oct 26, 2000: |
<li><a href=errata27.html#sshforwarding>Nov 10, 2000: |
| |
Hostile servers can force OpenSSH clients to do agent or X11 forwarding. |
| |
(patch included)</a> |
| |
<li><a href=errata27.html#xtrans>Oct 26, 2000: |
| X11 libraries have 2 potential overflows in xtrans code. |
X11 libraries have 2 potential overflows in xtrans code. |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#httpd>Oct 18, 2000: |
<li><a href=errata27.html#httpd>Oct 18, 2000: |
| Apache mod_rewrite and mod_vhost_alias modules could expose files |
Apache mod_rewrite and mod_vhost_alias modules could expose files |
| on the server in certain configurations if used. |
on the server in certain configurations if used. |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#format_strings>Oct 10, 2000: |
<li><a href=errata27.html#format_strings>Oct 10, 2000: |
| The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, |
The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, |
| TERMPATH and TERMCAP environment variables as it should. |
TERMPATH and TERMCAP environment variables as it should. |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#format_strings>Oct 6, 2000: |
<li><a href=errata27.html#format_strings>Oct 6, 2000: |
| There are printf-style format string bugs in several privileged |
There are printf-style format string bugs in several privileged |
| programs. (patch included)</a> |
programs. (patch included)</a> |
| <li><a href=errata.html#curses>Oct 6, 2000: |
<li><a href=errata27.html#curses>Oct 6, 2000: |
| libcurses honored terminal descriptions in the $HOME/.terminfo |
libcurses honored terminal descriptions in the $HOME/.terminfo |
| directory as well as in the TERMCAP environment variable for |
directory as well as in the TERMCAP environment variable for |
| setuid and setgid applications. |
setuid and setgid applications. |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#talkd>Oct 6, 2000: |
<li><a href=errata27.html#talkd>Oct 6, 2000: |
| A format string vulnerability exists in talkd(8). |
A format string vulnerability exists in talkd(8). |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#pw_error>Oct 3, 2000: |
<li><a href=errata27.html#pw_error>Oct 3, 2000: |
| A format string vulnerability exists in the pw_error() function of the |
A format string vulnerability exists in the pw_error() function of the |
| libutil library, yielding localhost root through chpass(1). |
libutil library, yielding localhost root through chpass(1). |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#ipsec>Sep 18, 2000: |
<li><a href=errata27.html#ipsec>Sep 18, 2000: |
| Bad ESP/AH packets could cause a crash under certain conditions. |
Bad ESP/AH packets could cause a crash under certain conditions. |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#xlock>Aug 16, 2000: |
<li><a href=errata27.html#xlock>Aug 16, 2000: |
| A format string vulnerability (localhost root) exists in xlock(1). |
A format string vulnerability (localhost root) exists in xlock(1). |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#X11_libs>July 14, 2000: |
<li><a href=errata27.html#X11_libs>July 14, 2000: |
| Various bugs found in X11 libraries have various side effects, almost |
Various bugs found in X11 libraries have various side effects, almost |
| completely denial of service in OpenBSD. |
completely denial of service in OpenBSD. |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#ftpd>July 5, 2000: |
<li><a href=errata27.html#ftpd>July 5, 2000: |
| Just like pretty much all the other unix ftp daemons |
Just like pretty much all the other unix ftp daemons |
| on the planet, ftpd had a remote root hole in it. |
on the planet, ftpd had a remote root hole in it. |
| Luckily, ftpd was not enabled by default. |
Luckily, ftpd was not enabled by default. |
| The problem exists if anonymous ftp is enabled. |
The problem exists if anonymous ftp is enabled. |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#mopd>July 5, 2000: |
<li><a href=errata27.html#mopd>July 5, 2000: |
| Mopd, very rarely used, contained some buffer overflows. |
Mopd, very rarely used, contained some buffer overflows. |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#libedit>June 28, 2000: |
<li><a href=errata27.html#libedit>June 28, 2000: |
| libedit would check for a <b>.editrc</b> file in the current |
libedit would check for a <b>.editrc</b> file in the current |
| directory. Not known to be a real security issue, but a patch |
directory. Not known to be a real security issue, but a patch |
| is available anyways. |
is available anyways. |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#dhclient>June 24, 2000: |
<li><a href=errata27.html#dhclient>June 24, 2000: |
| A serious bug in dhclient(8) could allow strings from a |
A serious bug in dhclient(8) could allow strings from a |
| malicious dhcp server to be executed in the shell as root. |
malicious dhcp server to be executed in the shell as root. |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#isakmpd>June 9, 2000: |
<li><a href=errata27.html#isakmpd>June 9, 2000: |
| A serious bug in isakmpd(8) policy handling wherein |
A serious bug in isakmpd(8) policy handling wherein |
| policy verification could be completely bypassed in isakmpd. |
policy verification could be completely bypassed in isakmpd. |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#uselogin>June 6, 2000: |
<li><a href=errata27.html#uselogin>June 6, 2000: |
| The non-default flag UseLogin in <b>/etc/sshd_config</b> is broken, |
The non-default flag UseLogin in <b>/etc/sshd_config</b> is broken, |
| should not be used, and results in security problems on |
should not be used, and results in security problems on |
| other operating systems.</a> |
other operating systems.</a> |
| <li><a href=errata.html#bridge>May 26, 2000: |
<li><a href=errata27.html#bridge>May 26, 2000: |
| The bridge(4) <i>learning</i> flag may be bypassed. |
The bridge(4) <i>learning</i> flag may be bypassed. |
| (patch included)</a> |
(patch included)</a> |
| <li><a href=errata.html#ipf>May 25, 2000: |
<li><a href=errata27.html#ipf>May 25, 2000: |
| Improper use of ipf <i>keep-state</i> rules can result |
Improper use of ipf <i>keep-state</i> rules can result |
| in firewall rules being bypassed. (patch included)</a> |
in firewall rules being bypassed. (patch included)</a> |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www