===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.151
retrieving revision 1.152
diff -c -r1.151 -r1.152
*** www/security.html 2000/10/26 14:12:08 1.151
--- www/security.html 2000/11/10 21:24:16 1.152
***************
*** 35,40 ****
--- 35,41 ----
+ For 2.8 security advisories.
For 2.7 security advisories.
For 2.6 security advisories.
For 2.5 security advisories.
***************
*** 181,186 ****
--- 182,202 ----
+
+
+ OpenBSD 2.8 Security Advisories
+ These are the OpenBSD 2.8 advisories -- all these problems are solved
+ in OpenBSD current. Obviously, all the
+ OpenBSD 2.7 advisories listed below are fixed in OpenBSD 2.8.
+
+
+
+ - No security advisories for 2.8 as of yet.
+
+
+
+
+
OpenBSD 2.7 Security Advisories
***************
*** 190,261 ****
! - Oct 26, 2000:
X11 libraries have 2 potential overflows in xtrans code.
(patch included)
!
- Oct 18, 2000:
Apache mod_rewrite and mod_vhost_alias modules could expose files
on the server in certain configurations if used.
(patch included)
!
- Oct 10, 2000:
The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS,
TERMPATH and TERMCAP environment variables as it should.
(patch included)
!
- Oct 6, 2000:
There are printf-style format string bugs in several privileged
programs. (patch included)
!
- Oct 6, 2000:
libcurses honored terminal descriptions in the $HOME/.terminfo
directory as well as in the TERMCAP environment variable for
setuid and setgid applications.
(patch included)
!
- Oct 6, 2000:
A format string vulnerability exists in talkd(8).
(patch included)
!
- Oct 3, 2000:
A format string vulnerability exists in the pw_error() function of the
libutil library, yielding localhost root through chpass(1).
(patch included)
!
- Sep 18, 2000:
Bad ESP/AH packets could cause a crash under certain conditions.
(patch included)
!
- Aug 16, 2000:
A format string vulnerability (localhost root) exists in xlock(1).
(patch included)
!
- July 14, 2000:
Various bugs found in X11 libraries have various side effects, almost
completely denial of service in OpenBSD.
(patch included)
!
- July 5, 2000:
Just like pretty much all the other unix ftp daemons
on the planet, ftpd had a remote root hole in it.
Luckily, ftpd was not enabled by default.
The problem exists if anonymous ftp is enabled.
(patch included)
!
- July 5, 2000:
Mopd, very rarely used, contained some buffer overflows.
(patch included)
!
- June 28, 2000:
libedit would check for a .editrc file in the current
directory. Not known to be a real security issue, but a patch
is available anyways.
(patch included)
!
- June 24, 2000:
A serious bug in dhclient(8) could allow strings from a
malicious dhcp server to be executed in the shell as root.
(patch included)
!
- June 9, 2000:
A serious bug in isakmpd(8) policy handling wherein
policy verification could be completely bypassed in isakmpd.
(patch included)
!
- June 6, 2000:
The non-default flag UseLogin in /etc/sshd_config is broken,
should not be used, and results in security problems on
other operating systems.
!
- May 26, 2000:
The bridge(4) learning flag may be bypassed.
(patch included)
!
- May 25, 2000:
Improper use of ipf keep-state rules can result
in firewall rules being bypassed. (patch included)
--- 206,280 ----
! - Nov 10, 2000:
! Hostile servers can force OpenSSH clients to do agent or X11 forwarding.
! (patch included)
!
- Oct 26, 2000:
X11 libraries have 2 potential overflows in xtrans code.
(patch included)
!
- Oct 18, 2000:
Apache mod_rewrite and mod_vhost_alias modules could expose files
on the server in certain configurations if used.
(patch included)
!
- Oct 10, 2000:
The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS,
TERMPATH and TERMCAP environment variables as it should.
(patch included)
!
- Oct 6, 2000:
There are printf-style format string bugs in several privileged
programs. (patch included)
!
- Oct 6, 2000:
libcurses honored terminal descriptions in the $HOME/.terminfo
directory as well as in the TERMCAP environment variable for
setuid and setgid applications.
(patch included)
!
- Oct 6, 2000:
A format string vulnerability exists in talkd(8).
(patch included)
!
- Oct 3, 2000:
A format string vulnerability exists in the pw_error() function of the
libutil library, yielding localhost root through chpass(1).
(patch included)
!
- Sep 18, 2000:
Bad ESP/AH packets could cause a crash under certain conditions.
(patch included)
!
- Aug 16, 2000:
A format string vulnerability (localhost root) exists in xlock(1).
(patch included)
!
- July 14, 2000:
Various bugs found in X11 libraries have various side effects, almost
completely denial of service in OpenBSD.
(patch included)
!
- July 5, 2000:
Just like pretty much all the other unix ftp daemons
on the planet, ftpd had a remote root hole in it.
Luckily, ftpd was not enabled by default.
The problem exists if anonymous ftp is enabled.
(patch included)
!
- July 5, 2000:
Mopd, very rarely used, contained some buffer overflows.
(patch included)
!
- June 28, 2000:
libedit would check for a .editrc file in the current
directory. Not known to be a real security issue, but a patch
is available anyways.
(patch included)
!
- June 24, 2000:
A serious bug in dhclient(8) could allow strings from a
malicious dhcp server to be executed in the shell as root.
(patch included)
!
- June 9, 2000:
A serious bug in isakmpd(8) policy handling wherein
policy verification could be completely bypassed in isakmpd.
(patch included)
!
- June 6, 2000:
The non-default flag UseLogin in /etc/sshd_config is broken,
should not be used, and results in security problems on
other operating systems.
!
- May 26, 2000:
The bridge(4) learning flag may be bypassed.
(patch included)
!
- May 25, 2000:
Improper use of ipf keep-state rules can result
in firewall rules being bypassed. (patch included)
***************
*** 600,606 ****
www@openbsd.org
! $OpenBSD: security.html,v 1.151 2000/10/26 14:12:08 matthieu Exp $
|