version 1.533, 2005/04/28 21:04:36 |
version 1.534, 2005/05/17 16:21:21 |
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<html> |
<html> |
<head> |
<head> |
<title>OpenBSD 3.6 errata</title> |
<title>OpenBSD 3.7 errata</title> |
<link rev=made href="mailto:www@openbsd.org"> |
<link rev=made href="mailto:www@openbsd.org"> |
<meta name="resource-type" content="document"> |
<meta name="resource-type" content="document"> |
<meta name="description" content="the OpenBSD CD errata page"> |
<meta name="description" content="the OpenBSD CD errata page"> |
|
|
|
|
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a> |
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a> |
<h2><font color="#0000e0"> |
<h2><font color="#0000e0"> |
This is the OpenBSD 3.6 release errata & patch list: |
This is the OpenBSD 3.7 release errata & patch list: |
|
|
</font></h2> |
</font></h2> |
|
|
|
|
<a href="errata32.html">3.2</a>, |
<a href="errata32.html">3.2</a>, |
<a href="errata33.html">3.3</a>, |
<a href="errata33.html">3.3</a>, |
<a href="errata34.html">3.4</a>, |
<a href="errata34.html">3.4</a>, |
<a href="errata35.html">3.5</a>. |
<a href="errata35.html">3.5</a>, |
|
<a href="errata36.html">3.6</a>. |
<br> |
<br> |
<hr> |
<hr> |
|
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6.tar.gz"> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7.tar.gz"> |
You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
This file is updated once a day. |
This file is updated once a day. |
|
|
|
|
consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>. |
consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>. |
<hr> |
<hr> |
|
|
<!-- Temporarily put anchors for all archs here. Remove later. --> |
<li> |
<a name="all"></a> |
There are no security patches for 3.7 at this time. |
<a name="alpha"></a> |
|
<a name="amd64"></a> |
|
<a name="cats"></a> |
|
<a name="hp300"></a> |
|
<a name="hppa"></a> |
|
<a name="i386"></a> |
|
<a name="mvme88k"></a> |
|
<a name="mac68k"></a> |
|
<a name="macppc"></a> |
|
<a name="mvme68k"></a> |
|
<a name="mvme88k"></a> |
|
<a name="sparc"></a> |
|
<a name="sparc64"></a> |
|
<a name="vax"></a> |
|
<ul> |
|
|
|
<li><a name="cvs"></a> |
|
<font color="#009000"><strong>016: SECURITY FIX: April 28, 2005</strong></font> <i>All architectures</i><br> |
|
Fix a buffer overflow, memory leaks, and NULL pointer dereference in |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> |
|
. None of these issues are known to be exploitable. |
|
<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753">CAN-2005-0753</a> |
|
. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/016_cvs.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="tcp"></a> |
|
<font color="#009000"><strong>015: RELIABILITY FIX: April 4, 2005</strong></font> <i>All architectures</i><br> |
|
Handle an edge condition in |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcp&sektion=4">tcp(4)</a> |
|
timestamps. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/015_tcp.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="telnet"></a> |
|
<font color="#009000"><strong>014: SECURITY FIX: March 30, 2005</strong></font> <i>All architectures</i><br> |
|
Due to buffer overflows in |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&sektion=1">telnet(1)</a>, |
|
a malicious server or man-in-the-middle attack could allow execution of |
|
arbitrary code with the privileges of the user invoking |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&sektion=1">telnet(1)</a>. |
|
Noone should use telnet anymore. Please use |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/014_telnet.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="sack"></a> |
|
<font color="#009000"><strong>013: RELIABILITY FIX: March 30, 2005</strong></font> <i>All architectures</i><br> |
|
Bugs in the |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcp&sektion=4">tcp(4)</a> |
|
stack can lead to memory exhaustion or processing of TCP segments with |
|
invalid SACK options and cause a system crash. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/013_sack.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="copy"></a> |
|
<font color="#009000"><strong>012: SECURITY FIX: March 16, 2005</strong></font> <strong>amd64 only</strong><br> |
|
More stringent checking should be done in the |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copy&sektion=9">copy(9)</a> |
|
functions to prevent their misuse. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/amd64/012_copy.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="locore"></a> |
|
<font color="#009000"><strong>011: SECURITY FIX: February 28, 2005</strong></font> <strong>i386 only</strong><br> |
|
More stringent checking should be done in the |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copy&sektion=9">copy(9)</a> |
|
functions to prevent their misuse. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/i386/011_locore.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="rtt"></a> |
|
<font color="#009000"><strong>010: RELIABILITY FIX: January 11, 2005</strong></font> <i>All architectures</i><br> |
|
A bug in the |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcp&sektion=4">tcp(4)</a> |
|
stack allows an invalid argument to be used in calculating the TCP |
|
retransmit timeout. By sending packets with specific values in the TCP |
|
timestamp option, an attacker can cause a system panic. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/010_rtt.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="httpd"></a> |
|
<font color="#009000"><strong>009: SECURITY FIX: January 12, 2005</strong></font> <i>All architectures</i><br> |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">httpd(8)</a> |
|
's mod_include module fails to properly validate the length of |
|
user supplied tag strings prior to copying them to a local buffer, |
|
causing a buffer overflow. |
|
<br> |
|
This would require enabling the XBitHack directive or server-side |
|
includes and making use of a malicious document. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="getcwd"></a> |
|
<font color="#009000"><strong>008: RELIABILITY FIX: January 6, 2005</strong></font> <i>All architectures</i><br> |
|
The |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getcwd&sektion=3">getcwd(3)</a> |
|
library function contains a memory management error, which causes failure |
|
to retrieve the current working directory if the path is very long. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/008_getcwd.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="pfkey"></a> |
|
<font color="#009000"><strong>007: SECURITY FIX: December 14, 2004</strong></font> <i>All architectures</i><br> |
|
On systems running |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> |
|
it is possible for a local user to cause kernel memory corruption |
|
and system panic by setting |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4&manpath=OpenBSD+Current&&format=html">ipsec(4)</a> |
|
credentials on a socket. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/007_pfkey.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="xl"></a> |
|
<font color="#009000"><strong>006: RELIABILITY FIX: November 21, 2004</strong></font> <i>All architectures</i><br> |
|
Fix for transmit side breakage on macppc and mbuf leaks with |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/006_xl.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="isakmpd"></a> |
|
<font color="#009000"><strong>005: RELIABILITY FIX: November 21, 2004</strong></font> <i>All architectures</i><br> |
|
Wrong calculation of NAT-D payloads may cause interoperability problems between |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> |
|
and other ISAKMP/IKE implementations. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/005_isakmpd.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
|
|
<p> |
|
<li><a name="lynx"></a> |
|
<font color="#009000"><strong>004: RELIABILITY FIX: November 10, 2004</strong></font> <i>All architectures</i><br> |
|
Due to a bug in |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a> |
|
it is possible for pages such as |
|
<a href="http://lcamtuf.coredump.cx/mangleme/gallery/lynx_die1.html">this</a> |
|
to cause |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a> |
|
to exhaust memory and then crash when parsing such pages. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/004_lynx.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="pppd"></a> |
|
<font color="#009000"><strong>003: RELIABILITY FIX: November 10, 2004</strong></font> <i>All architectures</i><br> |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a> |
|
contains a bug that allows an attacker to crash his own connection, but it cannot |
|
be used to deny service to other users. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/003_pppd.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="bind"></a> |
|
<font color="#009000"><strong>002: RELIABILITY FIX: November 10, 2004</strong></font> <i>All architectures</i><br> |
|
BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in |
|
cases where IPv6 connectivity is non-existent. This results in unneccessary timeouts and |
|
thus slow DNS queries. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/002_bind.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
|
<li><a name="st"></a> |
|
<font color="#009000"><strong>001: RELIABILITY FIX: November 10, 2004</strong></font> <i>All architectures</i><br> |
|
Fix detection of tape blocksize during device open. Corrects problem with |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=restore&sektion=8">restore(8)</a>. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/001_st.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
</ul> |
</ul> |
|
|
<br> |
<br> |
|
|
<a href="errata32.html">3.2</a>, |
<a href="errata32.html">3.2</a>, |
<a href="errata33.html">3.3</a>, |
<a href="errata33.html">3.3</a>, |
<a href="errata34.html">3.4</a>, |
<a href="errata34.html">3.4</a>, |
<a href="errata35.html">3.5</a>. |
<a href="errata35.html">3.5</a>, |
|
<a href="errata36.html">3.6</a>. |
<br> |
<br> |
|
|
<hr> |
<hr> |