version 1.124, 2000/05/23 20:58:20 |
version 1.125, 2000/05/25 07:39:27 |
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
|
<li><a href=errata.html#procfs>May 25, 2000: |
|
xlockmore has a bug which a localhost attacker can use to gain |
|
access to the encrypted root password hash (which is normally |
|
encoded using blowfish (see |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypt&sektion=3"> |
|
crypt(3)</a>) |
|
(patch included).</a> |
<li><a href=errata.html#procfs>Jan 20, 2000: |
<li><a href=errata.html#procfs>Jan 20, 2000: |
Systems running with procfs enabled and mounted are |
Systems running with procfs enabled and mounted are |
vulnerable to a very tricky exploit. procfs is not |
vulnerable to a very tricky exploit. procfs is not |
mounted by default. |
mounted by default. |
(patch included).</a> |
(patch included).</a> |
<li><a href=errata.html#ifmedia>Nov 9, 1999: |
<li><a href=errata.html#ifmedia>Nov 9, 1999: |
Any user could change interface media configurations |
Any user could change interface media configurations, resulting in |
|
a localhost denial of service attack. |
(patch included).</a> |
(patch included).</a> |
<li><a href=errata.html#sslUSA>Dec 2, 1999: |
<li><a href=errata.html#sslUSA>Dec 2, 1999: |
A buffer overflow in the RSAREF code included in the |
A buffer overflow in the RSAREF code included in the |