===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.232
retrieving revision 1.233
diff -u -r1.232 -r1.233
--- www/security.html 2003/01/21 03:47:10 1.232
+++ www/security.html 2003/01/30 22:02:17 1.233
@@ -199,13 +199,20 @@
January 20, 2003:
A double free exists in cvs(1) that could lead to privilege
escalation for cvs configurations where the cvs command is
- run as a privileged user.
+ run as a privileged user.
November 14, 2002:
A buffer overflow exists in named(8) that could lead to a
remote crash or code execution as user named in a chroot jail.
+November 6, 2002:
+ A logic error in the pool kernel memory allocator could cause
+ memory corruption in low-memory situations, causing the system
+ to crash.
November 6, 2002:
An attacker can bypass smrsh(8)'s restrictions and execute
arbitrary commands with the privileges of his own account.
+November 6, 2002:
+ Network bridges running pf with scrubbing enabled could cause
+ mbuf corruption, causing the system to crash.
October 21, 2002:
A buffer overflow can occur in the kadmind(8) daemon, leading
to possible remote crash or exploit.
@@ -982,7 +989,7 @@
www@openbsd.org
-$OpenBSD: security.html,v 1.232 2003/01/21 03:47:10 millert Exp $
+$OpenBSD: security.html,v 1.233 2003/01/30 22:02:17 margarida Exp $