version 1.292, 2004/06/11 03:48:57 |
version 1.293, 2004/06/12 23:43:14 |
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
|
<li><a href=errata.html#httpd> Jun 12, 2004: |
|
Multiple vulnerabilites have been found in httpd(8) / mod_ssl.</a> |
<li><a href=errata.html#isakmpd> Jun 10, 2004: |
<li><a href=errata.html#isakmpd> Jun 10, 2004: |
isakmpd(8) still has issues with unauthorized SA deletion, |
isakmpd(8) still has issues with unauthorized SA deletion, |
an attacker can delete IPsec tunnels at will.</a>. |
an attacker can delete IPsec tunnels at will.</a> |
<li><a href=errata.html#cvs3> Jun 9, 2004: |
<li><a href=errata.html#cvs3> Jun 9, 2004: |
Multiple remote vulnerabilities have been found in the cvs(1) |
Multiple remote vulnerabilities have been found in the cvs(1) |
server which can be used by CVS clients to crash or execute |
server which can be used by CVS clients to crash or execute |
arbitrary code on the server</a>. |
arbitrary code on the server.</a> |
<li><a href=errata.html#kerberos> May 30, 2004: |
<li><a href=errata.html#kerberos> May 30, 2004: |
kdc(8) performs inadequate checking of request fields, leading |
kdc(8) performs inadequate checking of request fields, leading |
to the possibility of principal impersonation from other |
to the possibility of principal impersonation from other |
Kerberos realms if they are trusted with a cross-realm trust.</a> |
Kerberos realms if they are trusted with a cross-realm trust.</a> |
<li><a href=errata.html#xdm> May 26, 2004: |
<li><a href=errata.html#xdm> May 26, 2004: |
xdm(1) ignores the requestPort resource and creates a |
xdm(1) ignores the requestPort resource and creates a |
listening socket regardless of the setting in xdm-config</a>. |
listening socket regardless of the setting in xdm-config.</a> |
<li><a href=errata.html#cvs2> May 20, 2004: |
<li><a href=errata.html#cvs2> May 20, 2004: |
A buffer overflow in the cvs(1) server has been found, |
A buffer overflow in the cvs(1) server has been found, |
which can be used by CVS clients to execute arbitrary code on |
which can be used by CVS clients to execute arbitrary code on |
the server</a>. |
the server.</a> |
<li><a href=errata.html#procfs> May 13, 2004: |
<li><a href=errata.html#procfs> May 13, 2004: |
Integer overflow problems were found in procfs, allowing |
Integer overflow problems were found in procfs, allowing |
reading of arbitrary kernel memory</a>. |
reading of arbitrary kernel memory.</a> |
<li><a href=errata.html#cvs> May 5, 2004: |
<li><a href=errata.html#cvs> May 5, 2004: |
Pathname validation problems have been found in cvs(1), |
Pathname validation problems have been found in cvs(1), |
allowing clients and servers access to files outside the |
allowing clients and servers access to files outside the |
repository or local CVS tree</a>. |
repository or local CVS tree.</a> |
</ul> |
</ul> |
|
|
<p> |
<p> |
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
|
<li><a href=errata34.html#httpd3> Jun 12, 2004: |
|
Multiple vulnerabilites have been found in httpd(8) / mod_ssl.</a> |
<li><a href=errata34.html#isakmpd3> Jun 10, 2004: |
<li><a href=errata34.html#isakmpd3> Jun 10, 2004: |
isakmpd(8) still has issues with unauthorized SA deletion, |
isakmpd(8) still has issues with unauthorized SA deletion, |
an attacker can delete IPsec tunnels at will.</a>. |
an attacker can delete IPsec tunnels at will.</a> |
<li><a href=errata34.html#cvs3> Jun 9, 2004: |
<li><a href=errata34.html#cvs3> Jun 9, 2004: |
Multiple remote vulnerabilities have been found in the cvs(1) |
Multiple remote vulnerabilities have been found in the cvs(1) |
server which can be used by CVS clients to crash or execute |
server which can be used by CVS clients to crash or execute |
arbitrary code on the server</a>. |
arbitrary code on the server.</a> |
<li><a href=errata34.html#kerberos> May 30, 2004: |
<li><a href=errata34.html#kerberos> May 30, 2004: |
kdc(8) performs inadequate checking of request fields, leading |
kdc(8) performs inadequate checking of request fields, leading |
to the possibility of principal impersonation from other |
to the possibility of principal impersonation from other |