| version 1.292, 2004/06/11 03:48:57 |
version 1.293, 2004/06/12 23:43:14 |
|
|
| |
|
| <p> |
<p> |
| <ul> |
<ul> |
| |
<li><a href=errata.html#httpd> Jun 12, 2004: |
| |
Multiple vulnerabilites have been found in httpd(8) / mod_ssl.</a> |
| <li><a href=errata.html#isakmpd> Jun 10, 2004: |
<li><a href=errata.html#isakmpd> Jun 10, 2004: |
| isakmpd(8) still has issues with unauthorized SA deletion, |
isakmpd(8) still has issues with unauthorized SA deletion, |
| an attacker can delete IPsec tunnels at will.</a>. |
an attacker can delete IPsec tunnels at will.</a> |
| <li><a href=errata.html#cvs3> Jun 9, 2004: |
<li><a href=errata.html#cvs3> Jun 9, 2004: |
| Multiple remote vulnerabilities have been found in the cvs(1) |
Multiple remote vulnerabilities have been found in the cvs(1) |
| server which can be used by CVS clients to crash or execute |
server which can be used by CVS clients to crash or execute |
| arbitrary code on the server</a>. |
arbitrary code on the server.</a> |
| <li><a href=errata.html#kerberos> May 30, 2004: |
<li><a href=errata.html#kerberos> May 30, 2004: |
| kdc(8) performs inadequate checking of request fields, leading |
kdc(8) performs inadequate checking of request fields, leading |
| to the possibility of principal impersonation from other |
to the possibility of principal impersonation from other |
| Kerberos realms if they are trusted with a cross-realm trust.</a> |
Kerberos realms if they are trusted with a cross-realm trust.</a> |
| <li><a href=errata.html#xdm> May 26, 2004: |
<li><a href=errata.html#xdm> May 26, 2004: |
| xdm(1) ignores the requestPort resource and creates a |
xdm(1) ignores the requestPort resource and creates a |
| listening socket regardless of the setting in xdm-config</a>. |
listening socket regardless of the setting in xdm-config.</a> |
| <li><a href=errata.html#cvs2> May 20, 2004: |
<li><a href=errata.html#cvs2> May 20, 2004: |
| A buffer overflow in the cvs(1) server has been found, |
A buffer overflow in the cvs(1) server has been found, |
| which can be used by CVS clients to execute arbitrary code on |
which can be used by CVS clients to execute arbitrary code on |
| the server</a>. |
the server.</a> |
| <li><a href=errata.html#procfs> May 13, 2004: |
<li><a href=errata.html#procfs> May 13, 2004: |
| Integer overflow problems were found in procfs, allowing |
Integer overflow problems were found in procfs, allowing |
| reading of arbitrary kernel memory</a>. |
reading of arbitrary kernel memory.</a> |
| <li><a href=errata.html#cvs> May 5, 2004: |
<li><a href=errata.html#cvs> May 5, 2004: |
| Pathname validation problems have been found in cvs(1), |
Pathname validation problems have been found in cvs(1), |
| allowing clients and servers access to files outside the |
allowing clients and servers access to files outside the |
| repository or local CVS tree</a>. |
repository or local CVS tree.</a> |
| </ul> |
</ul> |
| |
|
| <p> |
<p> |
|
|
| |
|
| <p> |
<p> |
| <ul> |
<ul> |
| |
<li><a href=errata34.html#httpd3> Jun 12, 2004: |
| |
Multiple vulnerabilites have been found in httpd(8) / mod_ssl.</a> |
| <li><a href=errata34.html#isakmpd3> Jun 10, 2004: |
<li><a href=errata34.html#isakmpd3> Jun 10, 2004: |
| isakmpd(8) still has issues with unauthorized SA deletion, |
isakmpd(8) still has issues with unauthorized SA deletion, |
| an attacker can delete IPsec tunnels at will.</a>. |
an attacker can delete IPsec tunnels at will.</a> |
| <li><a href=errata34.html#cvs3> Jun 9, 2004: |
<li><a href=errata34.html#cvs3> Jun 9, 2004: |
| Multiple remote vulnerabilities have been found in the cvs(1) |
Multiple remote vulnerabilities have been found in the cvs(1) |
| server which can be used by CVS clients to crash or execute |
server which can be used by CVS clients to crash or execute |
| arbitrary code on the server</a>. |
arbitrary code on the server.</a> |
| <li><a href=errata34.html#kerberos> May 30, 2004: |
<li><a href=errata34.html#kerberos> May 30, 2004: |
| kdc(8) performs inadequate checking of request fields, leading |
kdc(8) performs inadequate checking of request fields, leading |
| to the possibility of principal impersonation from other |
to the possibility of principal impersonation from other |
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www