version 1.202, 2002/04/11 18:39:22 |
version 1.203, 2002/04/16 18:33:08 |
|
|
<dl> |
<dl> |
|
|
<li> |
<li> |
|
<a name=31></a> |
|
|
|
<h3><font color=#e00000>OpenBSD 3.1 Security Advisories</font></h3> |
|
These are the OpenBSD 3.1 advisories -- all these problems are solved |
|
in <a href=anoncvs.html>OpenBSD current</a> and the |
|
<a href=stable.html>patch branch</a>. |
|
|
|
<p> |
|
<ul> |
|
<li>None yet. |
|
</ul> |
|
|
|
<p> |
|
|
|
<li> |
<a name=30></a> |
<a name=30></a> |
|
|
<h3><font color=#e00000>OpenBSD 3.0 Security Advisories</font></h3> |
<h3><font color=#e00000>OpenBSD 3.0 Security Advisories</font></h3> |
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
<li><a href=errata.html#mail>April 11, 2002: |
<li><a href=errata30.html#mail>April 11, 2002: |
The mail(1) was interpreting tilde escapes even when invoked |
The mail(1) was interpreting tilde escapes even when invoked |
in non-interactive mode. As mail(1) is called as root from cron, |
in non-interactive mode. As mail(1) is called as root from cron, |
this can lead to a local root compromise.</a> |
this can lead to a local root compromise.</a> |
<li><a href=errata.html#approval>March 19, 2002: |
<li><a href=errata30.html#approval>March 19, 2002: |
Under certain conditions, on systems using YP with netgroups in |
Under certain conditions, on systems using YP with netgroups in |
the password database, it is possible for the rexecd(8) and rshd(8) |
the password database, it is possible for the rexecd(8) and rshd(8) |
daemons to execute a shell from a password database entry for a |
daemons to execute a shell from a password database entry for a |
different user. Similarly, atrun(8) may change to the wrong |
different user. Similarly, atrun(8) may change to the wrong |
home directory when running jobs.</a> |
home directory when running jobs.</a> |
<li><a href=errata.html#zlib>March 13, 2002: |
<li><a href=errata30.html#zlib>March 13, 2002: |
A potential double free() exists in the zlib library; |
A potential double free() exists in the zlib library; |
this is not exploitable on OpenBSD. |
this is not exploitable on OpenBSD. |
The kernel also contains a copy of zlib; it is not |
The kernel also contains a copy of zlib; it is not |
currently known if the kernel zlib is exploitable.</a> |
currently known if the kernel zlib is exploitable.</a> |
<li><a href=errata.html#openssh>March 8, 2002: |
<li><a href=errata30.html#openssh>March 8, 2002: |
An off-by-one check in OpenSSH's channel forwarding code |
An off-by-one check in OpenSSH's channel forwarding code |
may allow a local user to gain super-user privileges.</a> |
may allow a local user to gain super-user privileges.</a> |
<li><a href=errata.html#ptrace>January 21, 2002: |
<li><a href=errata30.html#ptrace>January 21, 2002: |
A race condition between the ptrace(2) and execve(2) system calls |
A race condition between the ptrace(2) and execve(2) system calls |
allows an attacker to modify the memory contents of suid/sgid |
allows an attacker to modify the memory contents of suid/sgid |
processes which could lead to compromise of the super-user account.</a> |
processes which could lead to compromise of the super-user account.</a> |
<li><a href=errata.html#sudo>January 17, 2002: |
<li><a href=errata30.html#sudo>January 17, 2002: |
There is a security hole in sudo(8) that can be exploited |
There is a security hole in sudo(8) that can be exploited |
when the Postfix sendmail replacement is installed that may |
when the Postfix sendmail replacement is installed that may |
allow an attacker on the local host to gain root privileges.</a> |
allow an attacker on the local host to gain root privileges.</a> |
<li><a href=errata.html#lpd>November 28, 2001: |
<li><a href=errata30.html#lpd>November 28, 2001: |
An attacker can trick a machine running the lpd daemon into |
An attacker can trick a machine running the lpd daemon into |
creating new files in the root directory from a machine with |
creating new files in the root directory from a machine with |
remote line printer access.</a> |
remote line printer access.</a> |
<li><a href=errata.html#vi.recover>November 13, 2001: |
<li><a href=errata30.html#vi.recover>November 13, 2001: |
The vi.recover script can be abused in such a way as |
The vi.recover script can be abused in such a way as |
to cause arbitrary zero-length files to be removed.</a> |
to cause arbitrary zero-length files to be removed.</a> |
<li><a href=errata.html#pf>November 13, 2001: |
<li><a href=errata30.html#pf>November 13, 2001: |
pf(4) was incapable of dealing with certain ipv6 icmp packets, |
pf(4) was incapable of dealing with certain ipv6 icmp packets, |
resulting in a crash.</a> |
resulting in a crash.</a> |
<li><a href=errata.html#sshd>November 12, 2001: |
<li><a href=errata30.html#sshd>November 12, 2001: |
A security hole that may allow an attacker to partially authenticate |
A security hole that may allow an attacker to partially authenticate |
if -- and only if -- the administrator has enabled KerberosV.</a> |
if -- and only if -- the administrator has enabled KerberosV.</a> |
</ul> |
</ul> |