May 22, 1998: Further problems with the X
+Jul 2, 1998: setuid and setgid processes
+ should not be executed with fd slots 0, 1, or 2 free.
+ (patch included).
+June 6, 1998: Further problems with the X
libraries (patches included).
-May 17, 1998: kill(2) of setuid/setgid target
- processes too permissive (4th revision patch included).
June 4, 1998: on non-Intel i386 machines, any user
can use pctr(4) to crash the machine.
+May 17, 1998: kill(2) of setuid/setgid target
+ processes too permissive (4th revision patch included).
May 11, 1998: mmap() permits partial bypassing
of immutable and append-only file flags. (patch included).
May 1, 1998: Buffer overflow in xterm and Xaw
@@ -140,29 +141,29 @@
OpenBSD 2.2; they may or may not work on OpenBSD 2.1).
-- Dec 10, 1997: Intel P5 f00f lockup
+
- May 5, 1998: Incorrect handling of IPSEC
+ packets if IPSEC is enabled (patch included).
+
- May 1, 1998: Buffer overflow in xterm
+ and Xaw (CERT advisory VB-98.04) (patch included).
+
- Apr 22, 1998: Buffer overflow in uucpd
(patch included).
-
- Feb 9, 1998: MIPS ld.so flaw (patch included).
-
- Feb 13, 1998: Setuid coredump & Ruserok()
- flaw (patch included).
+
- Apr 22, 1998: Buffer mismanagement in lprm
+ (patch included).
+
- Mar 31, 1998: Overflow in ping -R (patch included).
+
- Mar 30, 1998: Overflow in named fake-iquery
+ (patch included).
+
- Mar 2, 1998: Accidental NFS filesystem
+ export (patch included).
+
- Feb 26, 1998: Read-write mmap() flaw.
+ Revision 3 of the patch is available here
- Feb 19, 1998: Sourcerouted Packet
Acceptance.
A patch is available here.
-
- Feb 26, 1998: Read-write mmap() flaw.
- Revision 3 of the patch is available here
-
- Mar 2, 1998: Accidental NFS filesystem
- export (patch included).
-
- Mar 30, 1998: Overflow in named fake-iquery
+
- Feb 13, 1998: Setuid coredump & Ruserok()
+ flaw (patch included).
+
- Feb 9, 1998: MIPS ld.so flaw (patch included).
+
- Dec 10, 1997: Intel P5 f00f lockup
(patch included).
-
- Mar 31, 1998: Overflow in ping -R (patch included).
-
- Apr 22, 1998: Buffer overflow in uucpd
- (patch included).
-
- Apr 22, 1998: Buffer mismanagement in lprm
- (patch included).
-
- May 1, 1998: Buffer overflow in xterm
- and Xaw (CERT advisory VB-98.04) (patch included).
-
- May 5, 1998: Incorrect handling of IPSEC
- packets if IPSEC is enabled (patch included).
@@ -178,10 +179,10 @@
make it hard for us to provide patches).
@@ -239,7 +240,7 @@
www@openbsd.org
-$OpenBSD: security.html,v 1.71 1998/07/02 09:29:49 deraadt Exp $
+$OpenBSD: security.html,v 1.72 1998/07/02 09:32:24 deraadt Exp $