y Patch 005 Kernel

Contributed by jose on 2003-11-05 from the bugz-bugz-bugz- dept.

Tony writes: "It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. This patch exists for both OpenBSD 3.3 and 3.4

http://www.openbsd.org/errata.html "

(Comments are closed)

Comments

By abot () lumor at chello dot se on 2003-11-05 09:09 mailto:lumor at chello dot se

Shouldn't this have been sent to me through the security-announce list?

Regards,
abot
Comments
1. By bumby () on 2003-11-05 11:26
  
  I recently subscribed to that list, and was a little supriced I did not hear anything about it through there either. Least it seems I was not the only one then.
  
  Sorry for usless comment ;)
2. By Tony () aschlemm@comcast.net on 2003-11-05 16:38 mailto:aschlemm@comcast.net
  
  I got via the "announce" mailing list yesterday (11/4).
3. By Brad () brad at comstyle dot com on 2003-11-05 19:42 mailto:brad at comstyle dot com
  
  What do you not understand about the mailing list name, *security*-announce? The exec issue was a RELIABILITY fix. Yes the title on this story is wrong but you could have read the errata page too.
  Comments
  1. By ABOT () lumor at chello dot se on 2003-11-06 09:02 mailto:lumor at chello dot se
    
    My point was that I thought that patches etc. was to be announced via the announce and security-announce lists. Otherwise what's the point in subscribing (I've subscribe to both of them)? The info reached me with security-announce. I will tell them they used the wrong mail list.
    
    .eod OK?
  2. By Anonymous Coward () on 2003-11-06 16:50
    
    Not according to this:
    
    http://lists.netsys.com/pipermail/full-disclosure/2003-November/013338.html
    
    OpenBSD will come up with any excuse to label a bug as not security-related. The whole separation of reliability/security is simply a marketing ploy so that OpenBSD has less "security advisories" than everyone else, being as everyone else considers DoS conditions and possibly exploitable bugs as security-related.
    
    So many silly bugs...I thought you guys audited this for years? Whatever happened to "we had this fixed in OpenBSD 7 months ago?" (not that I've ever heard that before in real life). Seems to me as though you have lots of bugs that you created yourself. Humourous since most of your code is from NetBSD, and they don't have the problems. Were you blindfolded or something?
By Fred () hamvanger@inklaar.net on 2003-11-10 04:01 mailto:hamvanger@inklaar.net

Any change of this bug getting fixed in the 3.2 tree?

It seems like 3.4's '004: RELIABILITY FIX: November 1, 2003' has been committed, even though it is not advertised on the 3.2 errata page. But then that patch was identical to the 3.3 patch, and I don't think that will be the case here.

Latest Articles

Wed, Apr 24
- 04:35 Game of Trees 0.98 released (0)
Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (12)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]