version 1.457, 2003/10/04 19:26:52 |
version 1.458, 2003/10/24 22:12:40 |
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<html> |
<html> |
<head> |
<head> |
<title>OpenBSD 3.3 errata</title> |
<title>OpenBSD 3.4 errata</title> |
<link rev=made href="mailto:www@openbsd.org"> |
<link rev=made href="mailto:www@openbsd.org"> |
<meta name="resource-type" content="document"> |
<meta name="resource-type" content="document"> |
<meta name="description" content="the OpenBSD CD errata page"> |
<meta name="description" content="the OpenBSD CD errata page"> |
|
|
|
|
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a> |
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a> |
<h2><font color="#0000e0"> |
<h2><font color="#0000e0"> |
This is the OpenBSD 3.3 release errata & patch list: |
This is the OpenBSD 3.4 release errata & patch list: |
|
|
</font></h2> |
</font></h2> |
|
|
|
|
<a href="errata29.html">2.9</a>, |
<a href="errata29.html">2.9</a>, |
<a href="errata30.html">3.0</a>, |
<a href="errata30.html">3.0</a>, |
<a href="errata31.html">3.1</a>, |
<a href="errata31.html">3.1</a>, |
<a href="errata32.html">3.2</a>. |
<a href="errata32.html">3.2</a>, |
|
<a href="errata33.html">3.3</a>. |
<br> |
<br> |
<hr> |
<hr> |
|
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3.tar.gz"> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4.tar.gz"> |
You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
This file is updated once a day. |
This file is updated once a day. |
|
|
<p> The patches below are available in CVS via the |
<p> The patches below are available in CVS via the |
<code>OPENBSD_3_3</code> <a href="stable.html">patch branch</a>. |
<code>OPENBSD_3_4</code> <a href="stable.html">patch branch</a>. |
|
|
<p> |
<p> |
For more detailed information on how to install patches to OpenBSD, please |
For more detailed information on how to install patches to OpenBSD, please |
|
|
<a name=all></a> |
<a name=all></a> |
<li><h3><font color="#e00000">All architectures</font></h3> |
<li><h3><font color="#e00000">All architectures</font></h3> |
<ul> |
<ul> |
<a name=arp></a> |
<li>No problems identified yet. |
<li><font color="#009000"><strong>008: RELIABILITY FIX: October 1, 2003</strong></font><br> |
|
It is possible for a local user to cause a system panic by flooding it with spoofed ARP |
|
requests.<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch">A source code patch exists which remedies the problem</a>.<br> |
|
<p> |
|
<a name=asn1></a> |
|
<li><font color="#009000"><strong>007: SECURITY FIX: October 1, 2003</strong></font><br> |
|
The use of certain ASN.1 encodings or malformed public keys may allow an |
|
attacker to mount a denial of service attack against applications linked with |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>. |
|
This does not affect OpenSSH.<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch">A source code patch exists which remedies the problem</a>.<br> |
|
<p> |
|
<a name=pfnorm></a> |
|
<li><font color="#009000"><strong>006: SECURITY FIX: September 24, 2003</strong></font><br> |
|
Three cases of potential access to freed memory have been found in |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
|
At least one of them could be used to panic pf with active scrub rules remotely.<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch">A source code patch exists which remedies the problem</a>.<br> |
|
<p> |
|
<a name=sendmail></a> |
|
<li><font color="#009000"><strong>005: SECURITY FIX: September 17, 2003</strong></font><br> |
|
A buffer overflow in the address parsing in |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
|
may allow an attacker to gain root privileges.<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch">A source code patch exists which remedies the problem</a>.<br> |
|
NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
|
problem. |
|
<p> |
|
<a name=sshbuffer></a> |
|
<li><font color="#009000"><strong>004: SECURITY FIX: September 16, 2003</strong></font><br> |
|
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. |
|
It is unclear whether or not this bug is exploitable.<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch">A |
|
source code patch exists which remedies the problem</a>.<br> |
|
NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
|
problem. |
|
<p> |
|
<a name=sysvsem></a> |
|
<li><font color="#009000"><strong>003: SECURITY FIX: September 10, 2003</strong></font><br> |
|
Root may be able to reduce the security level by taking advantage of |
|
an integer overflow when the semaphore limits are made very large.<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch">A |
|
source code patch exists which remedies the problem</a>. |
|
<p> |
|
<a name=semget></a> |
|
<li><font color="#009000"><strong>002: RELIABILITY FIX: August 20, 2003</strong></font><br> |
|
An improper bounds check in the |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semget&sektion=2">semget(2)</a> |
|
system call can allow a local user to cause a kernel panic.<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch">A |
|
source code patch exists which remedies the problem</a>. |
|
<a name=realpath></a> |
|
<p> |
|
<li><font color="#009000"><strong>001: SECURITY FIX: August 4, 2003</strong></font><br> |
|
An off-by-one error exists in the C library function |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realpath&sektion=3">realpath(3)</a>. |
|
Since this same bug resulted in a root compromise in the wu-ftpd ftp server |
|
it is possible that this bug may allow an attacker to gain escalated privileges |
|
on OpenBSD.<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch">A |
|
source code patch exists which remedies the problem</a>. |
|
<p> |
|
</ul> |
</ul> |
<p> |
<p> |
<a name=i386></a> |
<a name=i386></a> |
|
|
<a href="errata29.html">2.9</a>, |
<a href="errata29.html">2.9</a>, |
<a href="errata30.html">3.0</a>, |
<a href="errata30.html">3.0</a>, |
<a href="errata31.html">3.1</a>, |
<a href="errata31.html">3.1</a>, |
<a href="errata32.html">3.2</a>. |
<a href="errata32.html">3.2</a>, |
|
<a href="errata33.html">3.3</a>. |
<br> |
<br> |
|
|
<hr> |
<hr> |