| version 1.223, 2002/10/07 21:00:05 |
version 1.224, 2002/10/17 08:38:57 |
|
|
| <p> |
<p> |
| </td> |
</td> |
| <td valign="top"> |
<td valign="top"> |
| |
<a href="#32">For 3.2 security advisories</a>.<br> |
| <a href="#31">For 3.1 security advisories</a>.<br> |
<a href="#31">For 3.1 security advisories</a>.<br> |
| <a href="#30">For 3.0 security advisories</a>.<br> |
<a href="#30">For 3.0 security advisories</a>.<br> |
| <a href="#29">For 2.9 security advisories</a>.<br> |
<a href="#29">For 2.9 security advisories</a>.<br> |
|
|
| <dl> |
<dl> |
| |
|
| <li> |
<li> |
| |
<a name=32></a> |
| |
|
| |
<h3><font color=#e00000>OpenBSD 3.2 Security Advisories</font></h3> |
| |
These are the OpenBSD 3.2 advisories -- all these problems are solved |
| |
in <a href=anoncvs.html>OpenBSD current</a> and the |
| |
<a href=stable.html>patch branch</a>. |
| |
|
| |
<p> |
| |
<ul> |
| |
</ul> |
| |
|
| <a name=31></a> |
<a name=31></a> |
| |
|
| <h3><font color=#e00000>OpenBSD 3.1 Security Advisories</font></h3> |
<h3><font color=#e00000>OpenBSD 3.1 Security Advisories</font></h3> |
|
|
| |
|
| <p> |
<p> |
| <ul> |
<ul> |
| <li><a href=errata.html#kerntime>October 2, 2002: |
<li><a href=errata31.html#kerntime>October 2, 2002: |
| Incorrect argument checking in the setitimer(2) system call |
Incorrect argument checking in the setitimer(2) system call |
| may allow an attacker to write to kernel memory.</a> |
may allow an attacker to write to kernel memory.</a> |
| <li><a href=errata.html#scarg>August 11, 2002: |
<li><a href=errata31.html#scarg>August 11, 2002: |
| An insufficient boundary check in the select system call |
An insufficient boundary check in the select system call |
| allows an attacker to overwrite kernel memory and execute arbitrary code |
allows an attacker to overwrite kernel memory and execute arbitrary code |
| in kernel context.</a> |
in kernel context.</a> |
| <li><a href=errata.html#ssl>July 30, 2002: |
<li><a href=errata31.html#ssl>July 30, 2002: |
| Several remote buffer overflows can occur in the SSL2 server and SSL3 |
Several remote buffer overflows can occur in the SSL2 server and SSL3 |
| client of the ssl(8) library, as in the ASN.1 parser code in the |
client of the ssl(8) library, as in the ASN.1 parser code in the |
| crypto(3) library, all of them being potentially remotely |
crypto(3) library, all of them being potentially remotely |
| exploitable.</a> |
exploitable.</a> |
| <li><a href=errata.html#xdr>July 29, 2002: |
<li><a href=errata31.html#xdr>July 29, 2002: |
| A buffer overflow can occur in the xdr_array(3) RPC code, leading to |
A buffer overflow can occur in the xdr_array(3) RPC code, leading to |
| possible remote crash.</a> |
possible remote crash.</a> |
| <li><a href=errata.html#pppd>July 29, 2002: |
<li><a href=errata31.html#pppd>July 29, 2002: |
| A race condition exists in the pppd(8) daemon which may cause it to |
A race condition exists in the pppd(8) daemon which may cause it to |
| alter the file permissions of an arbitrary file.</a> |
alter the file permissions of an arbitrary file.</a> |
| <li><a href=errata.html#isakmpd>July 5, 2002: |
<li><a href=errata31.html#isakmpd>July 5, 2002: |
| Receiving IKE payloads out of sequence can cause isakmpd(8) to |
Receiving IKE payloads out of sequence can cause isakmpd(8) to |
| crash.</a> |
crash.</a> |
| <li><a href=errata.html#ktrace>June 27, 2002: |
<li><a href=errata31.html#ktrace>June 27, 2002: |
| The kernel would let any user ktrace set[ug]id processes.</a> |
The kernel would let any user ktrace set[ug]id processes.</a> |
| <li><a href=errata.html#modssl>June 26, 2002: |
<li><a href=errata31.html#modssl>June 26, 2002: |
| A buffer overflow can occur in the .htaccess parsing code in |
A buffer overflow can occur in the .htaccess parsing code in |
| mod_ssl httpd module, leading to possible remote crash or exploit.</a> |
mod_ssl httpd module, leading to possible remote crash or exploit.</a> |
| <li><a href=errata.html#resolver>June 25, 2002: |
<li><a href=errata31.html#resolver>June 25, 2002: |
| A potential buffer overflow in the DNS resolver has been found.</a> |
A potential buffer overflow in the DNS resolver has been found.</a> |
| <li><a href=errata.html#sshd>June 24, 2002: |
<li><a href=errata31.html#sshd>June 24, 2002: |
| All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an |
All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an |
| input validation error that can result in an integer overflow and |
input validation error that can result in an integer overflow and |
| privilege escalation.</a> |
privilege escalation.</a> |
| <li><a href=errata.html#httpd>June 19, 2002: |
<li><a href=errata31.html#httpd>June 19, 2002: |
| A buffer overflow can occur during the interpretation of chunked |
A buffer overflow can occur during the interpretation of chunked |
| encoding in httpd(8), leading to possible remote crash.</a> |
encoding in httpd(8), leading to possible remote crash.</a> |
| <li><a href=errata.html#sshbsdauth>May 22, 2002: |
<li><a href=errata31.html#sshbsdauth>May 22, 2002: |
| Under certain conditions, on systems using YP with netgroups |
Under certain conditions, on systems using YP with netgroups |
| in the password database, it is possible that sshd(8) does |
in the password database, it is possible that sshd(8) does |
| ACL checks for the requested user name but uses the password |
ACL checks for the requested user name but uses the password |
| database entry of a different user for authentication. This |
database entry of a different user for authentication. This |
| means that denied users might authenticate successfully |
means that denied users might authenticate successfully |
| while permitted users could be locked out.</a> |
while permitted users could be locked out.</a> |
| <li><a href=errata.html#fdalloc2>May 8, 2002: |
<li><a href=errata31.html#fdalloc2>May 8, 2002: |
| A race condition exists that could defeat the kernel's |
A race condition exists that could defeat the kernel's |
| protection of fd slots 0-2 for setuid processes.</a> |
protection of fd slots 0-2 for setuid processes.</a> |
| <li><a href=errata.html#sudo>April 25, 2002: |
<li><a href=errata31.html#sudo>April 25, 2002: |
| A bug in sudo may allow an attacker to corrupt the heap.</a> |
A bug in sudo may allow an attacker to corrupt the heap.</a> |
| <li><a href=errata.html#sshafs>April 22, 2002: |
<li><a href=errata31.html#sshafs>April 22, 2002: |
| A local user can gain super-user privileges due to a buffer |
A local user can gain super-user privileges due to a buffer |
| overflow in sshd(8) if AFS has been configured on the system |
overflow in sshd(8) if AFS has been configured on the system |
| or if KerberosTgtPassing or AFSTokenPassing has been enabled |
or if KerberosTgtPassing or AFSTokenPassing has been enabled |
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www