Contributed by jose on from the forthcoming-errata dept.
"The errata.html lists a new vulnerability. A buffer overflow in the DNS resolver code, the fix is in the -stable tree already and a source code patch is available here "I poked it a few times already but didn't find the patch yet. Others have noted that it is forthcoming. Keep your eyes open and apply it when its available (we'll update when it is). Update The first poster pointed out that the availability of patch 007 which fixes this issue. Thanks.
(Comments are closed)
By Anonymous Coward () on
By Noryungi () n o r y u n g i @ y a h o o . c o m on mailto:n o r y u n g i @ y a h o o . c o m
Errata page was just updated and an ftp:// link has been added.
Is it me, or are the vulnerabilities becoming more and more embarassing for the project? First OpenSSH, then this...
This said, to be fair, the errata count for 3.1 is still really low at 7 erratas, with 3 or 4 of thses dated *before* the official release date. Eat your heart out, Micro$oft! =)
By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org
By Anonymous Coward () on
By Anonymous Coward () on
/sbin/ping
/sbin/ping6
/sbin/shutdown
/bin/rcp
/usr/sbin/pppd
Use something like
file * | egrep id | egrep -v dynamicall
To find dangerous files.
By fansipans () on
$ cd /usr/src/lib/libc
$ setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs
$ cvs -q up -rOPENBSD_3_1 -Pd
also note the above comment about statically compiled binaries in /bin and /sbin
By Anonymous Coward () on
By Steve () printmak@bellatlantic.net on mailto:printmak@bellatlantic.net
By greg () on
By Lawrence Chan () lchan@montevino.com on mailto:lchan@montevino.com
Hello,
We are using OpenBSD 3.0 and for the rebuilt binaries concerned with the patch, are they supposed to have the same file size as before rebuild? While the file dates reflect the change, are they truly been recompiled? They have been relinked with 'make obj cleandir depend' and rebuilt with 'make && make install.' Please advice.
Lawrence Chan
lchan@montevino.com