OpenBSD Journal

y Patch 005 Kernel

Contributed by jose on from the bugz-bugz-bugz- dept.

Tony writes: "It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. This patch exists for both OpenBSD 3.3 and 3.4 "

(Comments are closed)

  1. By abot () lumor at chello dot se on mailto:lumor at chello dot se

    Shouldn't this have been sent to me through the security-announce list?


    1. By bumby () on

      I recently subscribed to that list, and was a little supriced I did not hear anything about it through there either. Least it seems I was not the only one then.

      Sorry for usless comment ;)

    2. By Tony () on

      I got via the "announce" mailing list yesterday (11/4).

    3. By Brad () brad at comstyle dot com on mailto:brad at comstyle dot com

      What do you not understand about the mailing list name, *security*-announce? The exec issue was a RELIABILITY fix. Yes the title on this story is wrong but you could have read the errata page too.

      1. By ABOT () lumor at chello dot se on mailto:lumor at chello dot se

        My point was that I thought that patches etc. was to be announced via the announce and security-announce lists. Otherwise what's the point in subscribing (I've subscribe to both of them)? The info reached me with security-announce. I will tell them they used the wrong mail list.

        .eod OK?

      2. By Anonymous Coward () on

        Not according to this:

        OpenBSD will come up with any excuse to label a bug as not security-related. The whole separation of reliability/security is simply a marketing ploy so that OpenBSD has less "security advisories" than everyone else, being as everyone else considers DoS conditions and possibly exploitable bugs as security-related.

        So many silly bugs...I thought you guys audited this for years? Whatever happened to "we had this fixed in OpenBSD 7 months ago?" (not that I've ever heard that before in real life). Seems to me as though you have lots of bugs that you created yourself. Humourous since most of your code is from NetBSD, and they don't have the problems. Were you blindfolded or something?

  2. By Fred () on

    Any change of this bug getting fixed in the 3.2 tree?

    It seems like 3.4's '004: RELIABILITY FIX: November 1, 2003' has been committed, even though it is not advertised on the 3.2 errata page. But then that patch was identical to the 3.3 patch, and I don't think that will be the case here.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]