version 1.151, 2000/10/26 14:12:08 |
version 1.152, 2000/11/10 21:24:16 |
|
|
<p> |
<p> |
</td> |
</td> |
<td valign="top"> |
<td valign="top"> |
|
<a href="#28">For 2.8 security advisories</a>.<br> |
<a href="#27">For 2.7 security advisories</a>.<br> |
<a href="#27">For 2.7 security advisories</a>.<br> |
<a href="#26">For 2.6 security advisories</a>.<br> |
<a href="#26">For 2.6 security advisories</a>.<br> |
<a href="#25">For 2.5 security advisories</a>.<br> |
<a href="#25">For 2.5 security advisories</a>.<br> |
|
|
<dl> |
<dl> |
|
|
<li> |
<li> |
|
<a name=28></a> |
|
|
|
<h3><font color=#e00000>OpenBSD 2.8 Security Advisories</font></h3> |
|
These are the OpenBSD 2.8 advisories -- all these problems are solved |
|
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
|
OpenBSD 2.7 advisories listed below are fixed in OpenBSD 2.8. |
|
|
|
<p> |
|
<ul> |
|
<li>No security advisories for 2.8 as of yet. |
|
|
|
</ul> |
|
|
|
<p> |
|
<li> |
<a name=27></a> |
<a name=27></a> |
|
|
<h3><font color=#e00000>OpenBSD 2.7 Security Advisories</font></h3> |
<h3><font color=#e00000>OpenBSD 2.7 Security Advisories</font></h3> |
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
<li><a href=errata.html#xtrans>Oct 26, 2000: |
<li><a href=errata27.html#sshforwarding>Nov 10, 2000: |
|
Hostile servers can force OpenSSH clients to do agent or X11 forwarding. |
|
(patch included)</a> |
|
<li><a href=errata27.html#xtrans>Oct 26, 2000: |
X11 libraries have 2 potential overflows in xtrans code. |
X11 libraries have 2 potential overflows in xtrans code. |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#httpd>Oct 18, 2000: |
<li><a href=errata27.html#httpd>Oct 18, 2000: |
Apache mod_rewrite and mod_vhost_alias modules could expose files |
Apache mod_rewrite and mod_vhost_alias modules could expose files |
on the server in certain configurations if used. |
on the server in certain configurations if used. |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#format_strings>Oct 10, 2000: |
<li><a href=errata27.html#format_strings>Oct 10, 2000: |
The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, |
The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, |
TERMPATH and TERMCAP environment variables as it should. |
TERMPATH and TERMCAP environment variables as it should. |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#format_strings>Oct 6, 2000: |
<li><a href=errata27.html#format_strings>Oct 6, 2000: |
There are printf-style format string bugs in several privileged |
There are printf-style format string bugs in several privileged |
programs. (patch included)</a> |
programs. (patch included)</a> |
<li><a href=errata.html#curses>Oct 6, 2000: |
<li><a href=errata27.html#curses>Oct 6, 2000: |
libcurses honored terminal descriptions in the $HOME/.terminfo |
libcurses honored terminal descriptions in the $HOME/.terminfo |
directory as well as in the TERMCAP environment variable for |
directory as well as in the TERMCAP environment variable for |
setuid and setgid applications. |
setuid and setgid applications. |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#talkd>Oct 6, 2000: |
<li><a href=errata27.html#talkd>Oct 6, 2000: |
A format string vulnerability exists in talkd(8). |
A format string vulnerability exists in talkd(8). |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#pw_error>Oct 3, 2000: |
<li><a href=errata27.html#pw_error>Oct 3, 2000: |
A format string vulnerability exists in the pw_error() function of the |
A format string vulnerability exists in the pw_error() function of the |
libutil library, yielding localhost root through chpass(1). |
libutil library, yielding localhost root through chpass(1). |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#ipsec>Sep 18, 2000: |
<li><a href=errata27.html#ipsec>Sep 18, 2000: |
Bad ESP/AH packets could cause a crash under certain conditions. |
Bad ESP/AH packets could cause a crash under certain conditions. |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#xlock>Aug 16, 2000: |
<li><a href=errata27.html#xlock>Aug 16, 2000: |
A format string vulnerability (localhost root) exists in xlock(1). |
A format string vulnerability (localhost root) exists in xlock(1). |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#X11_libs>July 14, 2000: |
<li><a href=errata27.html#X11_libs>July 14, 2000: |
Various bugs found in X11 libraries have various side effects, almost |
Various bugs found in X11 libraries have various side effects, almost |
completely denial of service in OpenBSD. |
completely denial of service in OpenBSD. |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#ftpd>July 5, 2000: |
<li><a href=errata27.html#ftpd>July 5, 2000: |
Just like pretty much all the other unix ftp daemons |
Just like pretty much all the other unix ftp daemons |
on the planet, ftpd had a remote root hole in it. |
on the planet, ftpd had a remote root hole in it. |
Luckily, ftpd was not enabled by default. |
Luckily, ftpd was not enabled by default. |
The problem exists if anonymous ftp is enabled. |
The problem exists if anonymous ftp is enabled. |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#mopd>July 5, 2000: |
<li><a href=errata27.html#mopd>July 5, 2000: |
Mopd, very rarely used, contained some buffer overflows. |
Mopd, very rarely used, contained some buffer overflows. |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#libedit>June 28, 2000: |
<li><a href=errata27.html#libedit>June 28, 2000: |
libedit would check for a <b>.editrc</b> file in the current |
libedit would check for a <b>.editrc</b> file in the current |
directory. Not known to be a real security issue, but a patch |
directory. Not known to be a real security issue, but a patch |
is available anyways. |
is available anyways. |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#dhclient>June 24, 2000: |
<li><a href=errata27.html#dhclient>June 24, 2000: |
A serious bug in dhclient(8) could allow strings from a |
A serious bug in dhclient(8) could allow strings from a |
malicious dhcp server to be executed in the shell as root. |
malicious dhcp server to be executed in the shell as root. |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#isakmpd>June 9, 2000: |
<li><a href=errata27.html#isakmpd>June 9, 2000: |
A serious bug in isakmpd(8) policy handling wherein |
A serious bug in isakmpd(8) policy handling wherein |
policy verification could be completely bypassed in isakmpd. |
policy verification could be completely bypassed in isakmpd. |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#uselogin>June 6, 2000: |
<li><a href=errata27.html#uselogin>June 6, 2000: |
The non-default flag UseLogin in <b>/etc/sshd_config</b> is broken, |
The non-default flag UseLogin in <b>/etc/sshd_config</b> is broken, |
should not be used, and results in security problems on |
should not be used, and results in security problems on |
other operating systems.</a> |
other operating systems.</a> |
<li><a href=errata.html#bridge>May 26, 2000: |
<li><a href=errata27.html#bridge>May 26, 2000: |
The bridge(4) <i>learning</i> flag may be bypassed. |
The bridge(4) <i>learning</i> flag may be bypassed. |
(patch included)</a> |
(patch included)</a> |
<li><a href=errata.html#ipf>May 25, 2000: |
<li><a href=errata27.html#ipf>May 25, 2000: |
Improper use of ipf <i>keep-state</i> rules can result |
Improper use of ipf <i>keep-state</i> rules can result |
in firewall rules being bypassed. (patch included)</a> |
in firewall rules being bypassed. (patch included)</a> |
|
|