Puget Sound Technology Linux • Open Source • BSD  
TrainingSupport & Administration  
 

Binary Updates for NetBSD/i386 1.6

  • binary-update.NetBSD-1.6-i386-libkvm-20020917 
     libkvm close-on-exec issue (2002-09-16)
 local users may be able to read kernel memory via libkvm applications
 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc
  • binary-update.NetBSD-1.6-i386-smrsh-20021001 
     Sendmail smrsh bypass vulnerabilities (01/Oct/2002)
 bypass smrsh restrictions and run other non-approved commands
 http://www.sendmail.org/smrsh.adv.txt
  • binary-update.NetBSD-1.6-i386-rogue-20021001 
     Rogue games issue (28/Sep/2002)
 users can edit games scores and bypass quotas via rogue overflow
 http://online.securityfocus.com/archive/1/293582/2002-09-25/2002-10-01/0
  • binary-update.NetBSD-1.6-i386-SA2002-022-pic 
     NetBSD Security Advisory 2002-022
 possible remote root compromise via lpd (pic argument buffer overrun)
 http://online.securityfocus.com/bid/3103
  • binary-update.NetBSD-1.6-i386-SA2002-019-ntalkd 
     NetBSD Security Advisory 2002-019
 possible local root compromise via ntalkd buffer overrun
 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-019.txt.asc
  • binary-update.NetBSD-1.6-i386-SA2002-026-kadmind 
     NetBSD Security Advisory 2002-026
 remote buffer overflow in Heimdal Kerberos kadmind, resulting in root exploit
 http://www.pdc.kth.se/heimdal/
  • binary-update.NetBSD-1.6-i386-SA2002-025-trek 
     NetBSD Security Advisory 2002-025
 trek game buffer overrun
 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-025.txt.asc
  • binary-update.NetBSD-1.6-i386-SA2002-024-ipf 
     NetBSD Security Advisory 2002-024
 IP Filter FTP proxy module vulnerability
 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-024.txt.asc
  • binary-update.NetBSD-1.6-i386-bind-20021112 
     BIND remote exploit and DoS vulnerabilities (2002-11-12)
 possible remote compromise and denial of service issues in BIND
 http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
  • binary-update.NetBSD-1.6-i386-SA2002-027-ftpd 
     NetBSD Security Advisory 2002-027
 ftpd STAT output non-conformance can deceive firewall devices
 http://www.kb.cert.org/vuls/id/328867
  • binary-update.NetBSD-1.6-i386-SA2002-028-libc 
     NetBSD Security Advisory 2002-028
 possible remote root compromise; buffer overrun in getnetbyname/getnetbyaddr
 http://www.isc.org/products/BIND/bind-security.html
  • binary-update.NetBSD-1.6-i386-cvs-20030120 
     CVS remote vulnerability (2003-01-20)
 possible remote root compromise via cvs server (double-free)
 http://security.e-matters.de/advisories/012003.html
  • binary-update.NetBSD-1.6-i386-openssl-20030222 
     OpenSSL timing-based attack issue (2003-02-19)
 possible information leak via timing-based attack on CBC SSL/TLS ciphers
 http://www.openssl.org/news/secadv_20030219.txt
  • binary-update.NetBSD-1.6-i386-SA2003-002-sendmail 
     NetBSD Security Advisory 2003-002
 possible remote root compromise via sendmail (malformed header)
 http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
  • binary-update.NetBSD-1.6-i386-SA2003-003-file 
     NetBSD Security Advisory 2003-003
 locally exploitable buffer overflow in file(1)
 http://www.idefense.com/advisory/03.04.03.txt
  • binary-update.NetBSD-1.6-i386-zlib-20030312 (12/Mar/2003) 
     zlib buffer overrun vulnerability (2003-02-22)
 possible denial of service or code execution via zlib buffer overflow
 http://online.securityfocus.com/archive/1/312869
 NetBSD Security Advisory 2003-004 (26/Mar/2003)
  • NetBSD-1.6-i386-openssl-20030324 (24/Mar/2003) 
     OpenSSL RSA timing (2003-03-17) and Klima-Pokorny-Rosa attacks (2003-03-19)
 possible remote recovery of an RSA secret key and possible RSA vulnerability
 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:06.openssl.asc
 NetBSD Security Advisory 2003-005 and SA2003-007 (26/Mar/2003)
  • NetBSD-1.6-i386-SA2003-006-kerberos 
     NetBSD Security Advisory 2003-006
 possible remote root compromise from cryptographic weaknesses in Kerberos v4
 http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
  • NetBSD-1.6-i386-SA2003-009-sendmail 
     NetBSD Security Advisory 2003-009
 possible DoS and remote root compromise via sendmail server (parser overrun)
 http://www.securityfocus.com/archive/1/316773/2003-03-27/2003-04-02/0

Note that sometimes the application or library version is not changed. Also be sure to restart daemons or running software as applicable.

 
Home | About | Services | Training | Hosting | Contact