version 1.223, 2002/10/07 21:00:05 |
version 1.224, 2002/10/17 08:38:57 |
|
|
<p> |
<p> |
</td> |
</td> |
<td valign="top"> |
<td valign="top"> |
|
<a href="#32">For 3.2 security advisories</a>.<br> |
<a href="#31">For 3.1 security advisories</a>.<br> |
<a href="#31">For 3.1 security advisories</a>.<br> |
<a href="#30">For 3.0 security advisories</a>.<br> |
<a href="#30">For 3.0 security advisories</a>.<br> |
<a href="#29">For 2.9 security advisories</a>.<br> |
<a href="#29">For 2.9 security advisories</a>.<br> |
|
|
<dl> |
<dl> |
|
|
<li> |
<li> |
|
<a name=32></a> |
|
|
|
<h3><font color=#e00000>OpenBSD 3.2 Security Advisories</font></h3> |
|
These are the OpenBSD 3.2 advisories -- all these problems are solved |
|
in <a href=anoncvs.html>OpenBSD current</a> and the |
|
<a href=stable.html>patch branch</a>. |
|
|
|
<p> |
|
<ul> |
|
</ul> |
|
|
<a name=31></a> |
<a name=31></a> |
|
|
<h3><font color=#e00000>OpenBSD 3.1 Security Advisories</font></h3> |
<h3><font color=#e00000>OpenBSD 3.1 Security Advisories</font></h3> |
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
<li><a href=errata.html#kerntime>October 2, 2002: |
<li><a href=errata31.html#kerntime>October 2, 2002: |
Incorrect argument checking in the setitimer(2) system call |
Incorrect argument checking in the setitimer(2) system call |
may allow an attacker to write to kernel memory.</a> |
may allow an attacker to write to kernel memory.</a> |
<li><a href=errata.html#scarg>August 11, 2002: |
<li><a href=errata31.html#scarg>August 11, 2002: |
An insufficient boundary check in the select system call |
An insufficient boundary check in the select system call |
allows an attacker to overwrite kernel memory and execute arbitrary code |
allows an attacker to overwrite kernel memory and execute arbitrary code |
in kernel context.</a> |
in kernel context.</a> |
<li><a href=errata.html#ssl>July 30, 2002: |
<li><a href=errata31.html#ssl>July 30, 2002: |
Several remote buffer overflows can occur in the SSL2 server and SSL3 |
Several remote buffer overflows can occur in the SSL2 server and SSL3 |
client of the ssl(8) library, as in the ASN.1 parser code in the |
client of the ssl(8) library, as in the ASN.1 parser code in the |
crypto(3) library, all of them being potentially remotely |
crypto(3) library, all of them being potentially remotely |
exploitable.</a> |
exploitable.</a> |
<li><a href=errata.html#xdr>July 29, 2002: |
<li><a href=errata31.html#xdr>July 29, 2002: |
A buffer overflow can occur in the xdr_array(3) RPC code, leading to |
A buffer overflow can occur in the xdr_array(3) RPC code, leading to |
possible remote crash.</a> |
possible remote crash.</a> |
<li><a href=errata.html#pppd>July 29, 2002: |
<li><a href=errata31.html#pppd>July 29, 2002: |
A race condition exists in the pppd(8) daemon which may cause it to |
A race condition exists in the pppd(8) daemon which may cause it to |
alter the file permissions of an arbitrary file.</a> |
alter the file permissions of an arbitrary file.</a> |
<li><a href=errata.html#isakmpd>July 5, 2002: |
<li><a href=errata31.html#isakmpd>July 5, 2002: |
Receiving IKE payloads out of sequence can cause isakmpd(8) to |
Receiving IKE payloads out of sequence can cause isakmpd(8) to |
crash.</a> |
crash.</a> |
<li><a href=errata.html#ktrace>June 27, 2002: |
<li><a href=errata31.html#ktrace>June 27, 2002: |
The kernel would let any user ktrace set[ug]id processes.</a> |
The kernel would let any user ktrace set[ug]id processes.</a> |
<li><a href=errata.html#modssl>June 26, 2002: |
<li><a href=errata31.html#modssl>June 26, 2002: |
A buffer overflow can occur in the .htaccess parsing code in |
A buffer overflow can occur in the .htaccess parsing code in |
mod_ssl httpd module, leading to possible remote crash or exploit.</a> |
mod_ssl httpd module, leading to possible remote crash or exploit.</a> |
<li><a href=errata.html#resolver>June 25, 2002: |
<li><a href=errata31.html#resolver>June 25, 2002: |
A potential buffer overflow in the DNS resolver has been found.</a> |
A potential buffer overflow in the DNS resolver has been found.</a> |
<li><a href=errata.html#sshd>June 24, 2002: |
<li><a href=errata31.html#sshd>June 24, 2002: |
All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an |
All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an |
input validation error that can result in an integer overflow and |
input validation error that can result in an integer overflow and |
privilege escalation.</a> |
privilege escalation.</a> |
<li><a href=errata.html#httpd>June 19, 2002: |
<li><a href=errata31.html#httpd>June 19, 2002: |
A buffer overflow can occur during the interpretation of chunked |
A buffer overflow can occur during the interpretation of chunked |
encoding in httpd(8), leading to possible remote crash.</a> |
encoding in httpd(8), leading to possible remote crash.</a> |
<li><a href=errata.html#sshbsdauth>May 22, 2002: |
<li><a href=errata31.html#sshbsdauth>May 22, 2002: |
Under certain conditions, on systems using YP with netgroups |
Under certain conditions, on systems using YP with netgroups |
in the password database, it is possible that sshd(8) does |
in the password database, it is possible that sshd(8) does |
ACL checks for the requested user name but uses the password |
ACL checks for the requested user name but uses the password |
database entry of a different user for authentication. This |
database entry of a different user for authentication. This |
means that denied users might authenticate successfully |
means that denied users might authenticate successfully |
while permitted users could be locked out.</a> |
while permitted users could be locked out.</a> |
<li><a href=errata.html#fdalloc2>May 8, 2002: |
<li><a href=errata31.html#fdalloc2>May 8, 2002: |
A race condition exists that could defeat the kernel's |
A race condition exists that could defeat the kernel's |
protection of fd slots 0-2 for setuid processes.</a> |
protection of fd slots 0-2 for setuid processes.</a> |
<li><a href=errata.html#sudo>April 25, 2002: |
<li><a href=errata31.html#sudo>April 25, 2002: |
A bug in sudo may allow an attacker to corrupt the heap.</a> |
A bug in sudo may allow an attacker to corrupt the heap.</a> |
<li><a href=errata.html#sshafs>April 22, 2002: |
<li><a href=errata31.html#sshafs>April 22, 2002: |
A local user can gain super-user privileges due to a buffer |
A local user can gain super-user privileges due to a buffer |
overflow in sshd(8) if AFS has been configured on the system |
overflow in sshd(8) if AFS has been configured on the system |
or if KerberosTgtPassing or AFSTokenPassing has been enabled |
or if KerberosTgtPassing or AFSTokenPassing has been enabled |