Contributed by sean on from the bug-smashing dept.
- 004: RELIABILITY FIX: May 5, 2004
Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e. siop(4), trm(4), iha(4) ).
A source code patch exists which remedies this problem. - 003: RELIABILITY FIX: May 5, 2004
Under load "recent model" gdt(4) controllers will lock up.
A source code patch exists which remedies this problem. - 002: SECURITY FIX: May 5, 2004
Pathname validation problems have been found in cvs(1), allowing malicious clients to create files outside the repository, allowing malicious servers to overwrite files outside the local CVS tree on the client and allowing clients to check out files outside the CVS repository.
A source code patch exists which remedies this problem.
(Comments are closed)
By Gerardo Santana (201.129.52.223) santana at openbsd org mx on http://www.openbsd.org.mx/~santana
Comments
By Anonymous Coward (67.71.26.144) on
By Anthony (68.145.159.179) on http://homestar.sytes.net/
Comments
By Anonymous Coward (128.100.57.40) on
Let's see.
3.3 was released on May 1, 2003. The first of the patches for 3.3 was released on August 4, 2003, more than three months later. In the once year since that release, there have been 21 patches in total: 1.75 patches per month, on average, which is exactly the same record as that of 3.2.
3.4 has had 18 patches so far, over six months. Three patches per month, on average. Sure, seven of those were released in the first month, but in only three separate announcements, i.e. only three times did a person have to take the time to patch.
Sure, there are patches. But patch fest? What patch fest?
By hdw (213.89.21.36) on
My source-tree is owned by srcadmin, who can't write anywhere outside the tree :)
// hdw
By Anonymous Coward (134.58.253.130) on
Is it correct that a malicious local user (who has ssh access, but no special priviliges whatsoever) could be able to write files anywhere on the filesystem, which may then (crontab, or startup files, or...) be executed with root permissions? Or is such a thing impossible?
Comments
By Matt Van Mater (65.205.28.100) on