The patches below are available in CVS via the
OPENBSD_2_8
patch branch.
For more detailed information on install patches to OpenBSD, please consult the OpenBSD FAQ.
1. A symlink problem was discovered in the KerberosIV password checking routines /usr/bin/su and /usr/bin/login, which makes it possible for a local user to overwrite any file on the local machine.
2. It is possible to specify environment variables in telnet which will be passed over the to the remote host. This makes it possible to set environment variables on the remote side, including ones that have special meaning on the server. It is not clear at this time what the impact is, but we recommend everyone to upgrade their machines immediately.
UKC> disable pcibios UKC> quit
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz