www/security.html - diff

Return to security.html CVS log

Up to [local] / www

version 1.75, 1998/11/11 16:45:50

version 1.76, 1998/11/11 22:40:11

Line 128

OpenBSD 2.2 advisories listed below are fixed in OpenBSD 2.3.

<ul>

<li><a href=errata.html#chpass>Aug 1, 1998: chpass(1) has a file descriptor

<li><a href=errata23.html#chpass>Aug 1, 1998: chpass(1) has a file descriptor

leak which creates a race condition that allows an attacker to

modify /etc/master.passwd (patch included).</a>

<li><a href=errata.html#fdalloc>Jul 2, 1998: setuid and setgid processes

<li><a href=errata23.html#fdalloc>Jul 2, 1998: setuid and setgid processes

should not be executed with fd slots 0, 1, or 2 free.

(patch included).</a>

<li><a href=errata.html#xlib>June 6, 1998: Further problems with the X

<li><a href=errata23.html#xlib>June 6, 1998: Further problems with the X

libraries (patches included).</a>

<li><a href=errata.html#pctr>June 4, 1998: on non-Intel i386 machines, any user

<li><a href=errata23.html#pctr>June 4, 1998: on non-Intel i386 machines, any user

can use pctr(4) to crash the machine.</a>

<li><a href=errata.html#kill>May 17, 1998: kill(2) of setuid/setgid target

<li><a href=errata23.html#kill>May 17, 1998: kill(2) of setuid/setgid target

processes too permissive (4th revision patch included).</a>

<li><a href=errata.html#immutable>May 11, 1998: mmap() permits partial bypassing

<li><a href=errata23.html#immutable>May 11, 1998: mmap() permits partial bypassing

of immutable and append-only file flags. (patch included).</a>

<li><a href=errata.html#xterm-xaw>May 1, 1998: Buffer overflow in xterm and Xaw

<li><a href=errata23.html#xterm-xaw>May 1, 1998: Buffer overflow in xterm and Xaw

(CERT advisory VB-98.04) (patch included).</a>

<li><a href=errata.html#ipsec>May 5, 1998: Incorrect handling of IPSEC packets

<li><a href=errata23.html#ipsec>May 5, 1998: Incorrect handling of IPSEC packets

if IPSEC is enabled (patch included).</a>

</ul>