version 1.75, 1998/11/11 16:45:50 |
version 1.76, 1998/11/11 22:40:11 |
|
|
OpenBSD 2.2 advisories listed below are fixed in OpenBSD 2.3. |
OpenBSD 2.2 advisories listed below are fixed in OpenBSD 2.3. |
|
|
<ul> |
<ul> |
<li><a href=errata.html#chpass>Aug 1, 1998: chpass(1) has a file descriptor |
<li><a href=errata23.html#chpass>Aug 1, 1998: chpass(1) has a file descriptor |
leak which creates a race condition that allows an attacker to |
leak which creates a race condition that allows an attacker to |
modify /etc/master.passwd (patch included).</a> |
modify /etc/master.passwd (patch included).</a> |
<li><a href=errata.html#fdalloc>Jul 2, 1998: setuid and setgid processes |
<li><a href=errata23.html#fdalloc>Jul 2, 1998: setuid and setgid processes |
should not be executed with fd slots 0, 1, or 2 free. |
should not be executed with fd slots 0, 1, or 2 free. |
(patch included).</a> |
(patch included).</a> |
<li><a href=errata.html#xlib>June 6, 1998: Further problems with the X |
<li><a href=errata23.html#xlib>June 6, 1998: Further problems with the X |
libraries (patches included).</a> |
libraries (patches included).</a> |
<li><a href=errata.html#pctr>June 4, 1998: on non-Intel i386 machines, any user |
<li><a href=errata23.html#pctr>June 4, 1998: on non-Intel i386 machines, any user |
can use pctr(4) to crash the machine.</a> |
can use pctr(4) to crash the machine.</a> |
<li><a href=errata.html#kill>May 17, 1998: kill(2) of setuid/setgid target |
<li><a href=errata23.html#kill>May 17, 1998: kill(2) of setuid/setgid target |
processes too permissive (4th revision patch included).</a> |
processes too permissive (4th revision patch included).</a> |
<li><a href=errata.html#immutable>May 11, 1998: mmap() permits partial bypassing |
<li><a href=errata23.html#immutable>May 11, 1998: mmap() permits partial bypassing |
of immutable and append-only file flags. (patch included).</a> |
of immutable and append-only file flags. (patch included).</a> |
<li><a href=errata.html#xterm-xaw>May 1, 1998: Buffer overflow in xterm and Xaw |
<li><a href=errata23.html#xterm-xaw>May 1, 1998: Buffer overflow in xterm and Xaw |
(CERT advisory VB-98.04) (patch included).</a> |
(CERT advisory VB-98.04) (patch included).</a> |
<li><a href=errata.html#ipsec>May 5, 1998: Incorrect handling of IPSEC packets |
<li><a href=errata23.html#ipsec>May 5, 1998: Incorrect handling of IPSEC packets |
if IPSEC is enabled (patch included).</a> |
if IPSEC is enabled (patch included).</a> |
</ul> |
</ul> |
|
|