www/security.html - diff

Return to security.html CVS log

Up to [local] / www

version 1.232, 2003/01/21 03:47:10

version 1.233, 2003/01/30 22:02:17

Line 199

<li><a href=errata.html#cvs>January 20, 2003:

A double free exists in cvs(1) that could lead to privilege

escalation for cvs configurations where the cvs command is

run as a privileged user.

run as a privileged user.</a>

<li><a href=errata.html#named>November 14, 2002:

A buffer overflow exists in named(8) that could lead to a

remote crash or code execution as user named in a chroot jail.</a>

<li><a href=errata.html#pool>November 6, 2002:

A logic error in the pool kernel memory allocator could cause

memory corruption in low-memory situations, causing the system

to crash.</a>

<li><a href=errata.html#smrsh>November 6, 2002:

An attacker can bypass smrsh(8)'s restrictions and execute

arbitrary commands with the privileges of his own account.</a>

<li><a href=errata.html#pfbridge>November 6, 2002:

Network bridges running pf with scrubbing enabled could cause

mbuf corruption, causing the system to crash.</a>

<li><a href=errata.html#kadmin>October 21, 2002:

A buffer overflow can occur in the kadmind(8) daemon, leading

to possible remote crash or exploit.</a>