OpenBSD 2.9 errata

=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.354 retrieving revision 1.355 diff -c -r1.354 -r1.355 *** www/errata.html 2001/09/12 13:52:39 1.354 --- www/errata.html 2001/10/22 22:09:53 1.355 *************** *** 1,7 **** ! OpenBSD 2.9 errata --- 1,7 ---- ! OpenBSD 3.0 errata *************** *** 14,20 ****

! This is the OpenBSD 2.9 release errata & patch list:

--- 14,20 ----

! This is the OpenBSD 3.0 release errata & patch list:

*************** *** 28,33 **** --- 28,34 ---- For 2.6 errata, please refer here.
For 2.7 errata, please refer here.
For 2.8 errata, please refer here.
+ For 2.9 errata, please refer here.

*************** *** 35,41 **** This file is updated once a day.

The patches below are available in CVS via the ! OPENBSD_2_9 patch branch.

For more detailed information on install patches to OpenBSD, please --- 36,42 ---- This file is updated once a day.

The patches below are available in CVS via the ! OPENBSD_3_0 patch branch.

For more detailed information on install patches to OpenBSD, please *************** *** 46,204 ****

All architectures

015: SECURITY FIX: September 11, 2001
! A security hole exists in uuxqt(8) ! that may allow an attacker to run arbitrary commands as user uucp and ! use this to gain root access. ! The UUCP execution daemon, uuxqt(8), has a bug in its command line ! parsing routine that may allow arbitrary commands to be run. Because ! some UUCP commands are run as root (and daemon) from cron it is possible ! to leverage compromise of the UUCP user to gain root. !
! A source code patch exists which remedies the problem !
! !
014: SECURITY FIX: August 29, 2001
! A security hole exists in lpd(8) ! that may allow an attacker with line printer access to gain root ! privileges. A machine must be running lpd to be vulnerable (OpenBSD ! does not start lpd by default). Only machines with line printer ! access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv) ! may be used to mount an attack. !
! A source code patch exists which remedies the problem !
! !
013: SECURITY FIX: August 21, 2001
! A security hole exists in sendmail(8) ! that may allow an attacker on the local host to gain root privileges by ! specifying out-of-bounds debug parameters. !
! A source code patch exists which remedies the problem !
! !
012: SECURITY FIX: July 30, 2001
! A kernel buffer overflow exists in the NFS mount code. An attacker may ! use this overflow to execute arbitrary code in kernel mode. However, ! only users with mount(2) ! privileges can initiate this attack. In default installs, only super-user has ! mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges. !
! A source code patch exists which remedies the problem !
! !
011: RELIABILITY FIX: July 15, 2001 !
! The ! packages(7) ! subsystem incorrectly accepts some package dependencies as okay (see ! packages-specs(7) ! for details). !
! A source code patch exists which remedies the problem, ! by forcing /usr/sbin/pkg to be more careful in checking ! version numbers. !
! !
008: RELIABILITY FIX: June 15, 2001 !
! twe(4) ! mishandles the DMA mapping resulting in a kernel panic on unaligned data ! transfers, induced by programs such as ! disklabel(8) ! and ! dump(8). !
! A source code patch exists which remedies the problem. ! This is the second version of the patch. !
! !
007: SECURITY FIX: June 15, 2001
! A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process. !
! A source code patch exists which remedies the problem. !
! !
006: SECURITY FIX: June 12, 2001
! sshd(8) ! allows users to delete arbitrary files named "cookies" if X11 ! forwarding is enabled. X11 forwarding is disabled by default. !
! A source code patch exists which remedies the problem. !
! !
005: RELIABILITY FIX: June 7, 2001
! pwd_mkdb(8) ! corrupts /etc/pwd.db when modifying an existing user. !
! A source code patch exists which remedies the problem. !
! !
004: RELIABILITY FIX: June 5, 2001
! isakmpd(8) ! will fail to use a certificate with an identity string that is ! exactly N * 8 bytes long. !
! A source code patch exists which remedies the problem. !
!
003: DOCUMENTATION FIX: June 1, 2001
! The 2.9 CD cover states that XFree86 3.3.6-current is included. This is only half-true. ! In fact, the XFree86 included for all architectures is 4.0.3. On the i386, the ! 3.3.6 Xservers have also been included, because 4.0.3 still has weak support for ! some devices which 3.3.6 supported better. !
! !
002: SECURITY FIX: May 30, 2001
! Programs using the fts(3) ! routines (such as rm, find, and most programs that take a -R ! flag) can be tricked into changing into the wrong directory if the ! parent dir is changed out from underneath it. This is similar to ! the old fts bug but happens when popping out of directories, as ! opposed to descending into them. !
! A source code patch exists which remedies the problem. ! This is the second version of the patch. !
! !
001: SECURITY FIX: May 29, 2001
! The signal handlers in sendmail(8) contain code that is unsafe in the ! context of a signal handler. This leads to potentially serious ! race conditions. At the moment this is a theoretical attack only ! and can only be exploited on the local host (if at all).
! A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.

i386

010: RELIABILITY FIX: Jul 9, ! 2001
! The nVidia driver for XFree86 4.0.3 is incorrectly restoring the text ! mode palette upon exit of the X server. ! A source code patch exists which remedies the problem. ! To avoid rebuilding the whole XFree86 tree, an updated binary driver ! is also available ! here ! . Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and ! restart your X server. !
! !
009: RELIABILITY FIX: Jun 23, ! 2001
! The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing ! corrupted /etc/XF86Config files. ! ! A source code patch exists which remedies the problem by linking ! XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a. !
!
When using a PS/2 keyboard with an MSI K7T Pro2A motherboard, it may be ! necessary to disable the "USB Keyboard Support" and ! "USB Mouse Support" options in the BIOS. Otherwise, the i8042 ! keyboard controller doesn't acknowledge commands, confusing OpenBSD.

--- 47,59 ----

All architectures

No problems identified yet.

i386

No problems identified yet.

*************** *** 219,232 ****

No problems identified yet.

! !

amiga

No problems identified yet.

! !

pmax

No problems identified yet.

--- 74,87 ----

No problems identified yet.

! !

sparc64

No problems identified yet.

! !

amiga

No problems identified yet.

*************** *** 243,250 ****

No problems identified yet.

! !

powerpc

No problems identified yet.

--- 98,105 ----

No problems identified yet.

! !

macppc

No problems identified yet.

*************** *** 254,265 ****

No problems identified yet.

- -

sun3

No problems identified yet. -

--- 109,114 ---- *************** *** 274,284 **** For 2.6 errata, please refer here.
For 2.7 errata, please refer here.
For 2.8 errata, please refer here.

www@openbsd.org !
$OpenBSD: errata.html,v 1.354 2001/09/12 13:52:39 millert Exp $ --- 123,134 ---- For 2.6 errata, please refer here.
For 2.7 errata, please refer here.
For 2.8 errata, please refer here.
+ For 2.9 errata, please refer here.

www@openbsd.org !
$OpenBSD: errata.html,v 1.355 2001/10/22 22:09:53 deraadt Exp $