[BACK]Return to security.html CVS log [TXT][DIR] Up to [local] / www

Diff for /www/security.html between version 1.71 and 1.72

version 1.71, 1998/07/02 09:29:49 version 1.72, 1998/07/02 09:32:24
Line 115 
Line 115 
 in <a href=anoncvs.html>OpenBSD current</a>.  in <a href=anoncvs.html>OpenBSD current</a>.
   
 <ul>  <ul>
 <li><a href=errata.html#fdalloc>Jul  2, 1998: setuid and setgid processes should  <li><a href=errata.html#fdalloc>Jul  2, 1998: setuid and setgid processes
         not be executed with fd slots 0, 1, or 2 free. (patch included).</a>          should not be executed with fd slots 0, 1, or 2 free.
 <li><a href=errata.html#xlib>May 22, 1998: Further problems with the X          (patch included).</a>
   <li><a href=errata.html#xlib>June 6, 1998: Further problems with the X
         libraries (patches included).</a>          libraries (patches included).</a>
 <li><a href=errata.html#kill>May 17, 1998: kill(2) of setuid/setgid target  
         processes too permissive (4th revision patch included).</a>  
 <li><a href=errata.html#pctr>June  4, 1998: on non-Intel i386 machines, any user  <li><a href=errata.html#pctr>June  4, 1998: on non-Intel i386 machines, any user
         can use pctr(4) to crash the machine.</a>          can use pctr(4) to crash the machine.</a>
   <li><a href=errata.html#kill>May 17, 1998: kill(2) of setuid/setgid target
           processes too permissive (4th revision patch included).</a>
 <li><a href=errata.html#immutable>May 11, 1998: mmap() permits partial bypassing  <li><a href=errata.html#immutable>May 11, 1998: mmap() permits partial bypassing
         of immutable and append-only file flags. (patch included).</a>          of immutable and append-only file flags. (patch included).</a>
 <li><a href=errata.html#xterm-xaw>May  1, 1998: Buffer overflow in xterm and Xaw  <li><a href=errata.html#xterm-xaw>May  1, 1998: Buffer overflow in xterm and Xaw
Line 140 
Line 141 
 OpenBSD 2.2; they may or may not work on OpenBSD 2.1).  OpenBSD 2.2; they may or may not work on OpenBSD 2.1).
   
 <ul>  <ul>
 <li><a href=errata22.html#f00f>Dec 10, 1997: Intel P5 f00f lockup  <li><a href=errata22.html#ipsec>May  5, 1998: Incorrect handling of IPSEC
           packets if IPSEC is enabled (patch included).</a>
   <li><a href=errata22.html#xterm-xaw>May  1, 1998: Buffer overflow in xterm
           and Xaw (CERT advisory VB-98.04) (patch included).</a>
   <li><a href=errata22.html#uucpd>Apr 22, 1998: Buffer overflow in uucpd
         (patch included).</a>          (patch included).</a>
 <li><a href=errata22.html#ldso>Feb  9, 1998: MIPS ld.so flaw (patch included).</a>  <li><a href=errata22.html#rmjob>Apr 22, 1998: Buffer mismanagement in lprm
 <li><a href=errata22.html#ruserok>Feb 13, 1998: Setuid coredump & Ruserok()          (patch included).</a>
         flaw (patch included).</a>  <li><a href=errata22.html#ping>Mar 31, 1998: Overflow in ping -R (patch included).</a>
   <li><a href=errata22.html#named>Mar 30, 1998: Overflow in named fake-iquery
           (patch included).</a>
   <li><a href=errata22.html#mountd>Mar  2, 1998: Accidental NFS filesystem
           export (patch included).</a>
   <li><a href=advisories/mmap>Feb 26, 1998: Read-write mmap() flaw.</a>
           Revision 3 of the patch is available <a href=errata22.html#mmap>here</a>
 <li><a href=advisories/sourceroute>Feb 19, 1998: Sourcerouted Packet  <li><a href=advisories/sourceroute>Feb 19, 1998: Sourcerouted Packet
         Acceptance.</a>          Acceptance.</a>
         A patch is available <a href=errata22.html#sourceroute>here</a>.          A patch is available <a href=errata22.html#sourceroute>here</a>.
 <li><a href=advisories/mmap>Feb 26, 1998: Read-write mmap() flaw.</a>  <li><a href=errata22.html#ruserok>Feb 13, 1998: Setuid coredump & Ruserok()
         Revision 3 of the patch is available <a href=errata22.html#mmap>here</a>          flaw (patch included).</a>
 <li><a href=errata22.html#mountd>Mar  2, 1998: Accidental NFS filesystem  <li><a href=errata22.html#ldso>Feb  9, 1998: MIPS ld.so flaw (patch included).</a>
         export (patch included).</a>  <li><a href=errata22.html#f00f>Dec 10, 1997: Intel P5 f00f lockup
 <li><a href=errata22.html#named>Mar 30, 1998: Overflow in named fake-iquery  
         (patch included).</a>          (patch included).</a>
 <li><a href=errata22.html#ping>Mar 31, 1998: Overflow in ping -R (patch included).</a>  
 <li><a href=errata22.html#uucpd>Apr 22, 1998: Buffer overflow in uucpd  
         (patch included).</a>  
 <li><a href=errata22.html#rmjob>Apr 22, 1998: Buffer mismanagement in lprm  
         (patch included).</a>  
 <li><a href=errata22.html#xterm-xaw>May  1, 1998: Buffer overflow in xterm  
         and Xaw (CERT advisory VB-98.04) (patch included).</a>  
 <li><a href=errata22.html#ipsec>May  5, 1998: Incorrect handling of IPSEC  
         packets if IPSEC is enabled (patch included).</a>  
 </ul>  </ul>
   
 <a name=21></a>  <a name=21></a>
Line 178 
Line 179 
 make it hard for us to provide patches).  make it hard for us to provide patches).
   
 <ul>  <ul>
   <li><a href=advisories/signals>Sep 15, 1997: Deviant Signals (patch included)</a>
 <li><a href=advisories/rfork>Aug  2, 1997: Rfork() system call flaw  <li><a href=advisories/rfork>Aug  2, 1997: Rfork() system call flaw
         (patch included)</a>          (patch included)</a>
 <li><a href=advisories/procfs>Jun 24, 1997: Procfs flaws (patch included)</a>  <li><a href=advisories/procfs>Jun 24, 1997: Procfs flaws (patch included)</a>
 <li><a href=advisories/signals>Sep 15, 1997: Deviant Signals (patch included)</a>  
 </ul>  </ul>
   
 <p>  <p>
Legend:
Removed from v.1.71  
changed lines
  Added in v.1.72