OpenBSD 3.5 errata

=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.511 retrieving revision 1.512 diff -c -r1.511 -r1.512 *** www/errata.html 2004/09/21 16:32:37 1.511 --- www/errata.html 2004/10/29 17:22:16 1.512 *************** *** 1,7 **** ! OpenBSD 3.5 errata --- 1,7 ---- ! OpenBSD 3.6 errata *************** *** 15,21 ****

! This is the OpenBSD 3.5 release errata & patch list:

--- 15,21 ----

! This is the OpenBSD 3.6 release errata & patch list:

*************** *** 37,52 **** 3.1, 3.2, 3.3, ! 3.4.

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

The patches below are available in CVS via the ! OPENBSD_3_5 patch branch.

For more detailed information on how to install patches to OpenBSD, please --- 37,53 ---- 3.1, 3.2, 3.3, ! 3.4, ! 3.5.

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

The patches below are available in CVS via the ! OPENBSD_3_6 patch branch.

For more detailed information on how to install patches to OpenBSD, please *************** *** 56,283 ****

All architectures

- 020: SECURITY FIX: September 20, 2004
- Eilko Bos reported that radius authentication, as implemented by - login_radius(8), - was not checking the shared secret used for replies sent by the radius server. - This could allow an attacker to spoof a reply granting access to the - attacker. Note that OpenBSD does not ship with radius authentication enabled. -
- - A source code patch exists which remedies this problem.
-
-
- 019: SECURITY FIX: September 16, 2004
- Chris Evans reported several flaws (stack and integer overflows) in the - Xpm - library code that parses image files - (CAN-2004-0687, - CAN-2004-0688). - Some of these would be exploitable when parsing malicious image files in - an application that handles XPM images, if they could escape ProPolice. -
- - A source code patch exists which remedies this problem.
-
-
- 018: SECURITY FIX: September 10, 2004
- httpd(8) - 's mod_rewrite module can be made to write one zero byte in an arbitrary memory - position outside of a char array, causing a DoS or possibly buffer overflows. - This would require enabling dbm for mod_rewrite and making use of a malicious - dbm file. -
- - A source code patch exists which remedies this problem.
-
-
- 017: RELIABILITY FIX: August 29, 2004
- Due to incorrect error handling in zlib an attacker could potentially cause a Denial - of Service attack. - CAN-2004-0797 - . -
- - A source code patch exists which remedies this problem.
-
-
- 016: RELIABILITY FIX: August 26, 2004
- As - reported - by Vafa Izadinia - bridge(4) - with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge. -
- - A source code patch exists which remedies this problem.
-
-
- 015: RELIABILITY FIX: August 25, 2004
- Improved verification of ICMP errors in order to minimize the impact of ICMP attacks - against TCP. -
- http://www.ietf.org/internet-drafts/draft-gont-icmp-payload-00.txt -
- - A source code patch exists which remedies this problem.
-
-
- 014: RELIABILITY FIX: July 25, 2004
- Under a certain network load the kernel can run out of stack space. This was - encountered in an environment using CARP on a VLAN interface. This issue initially - manifested itself as a FPU related crash on boot up. -
- - A source code patch exists which remedies this problem.
-
-
- 013: SECURITY FIX: June 12, 2004
- Multiple vulnerabilities have been found in - httpd(8) - / mod_ssl. - CAN-2003-0020, - CAN-2003-0987, - CAN-2004-0488, - CAN-2004-0492. -
- - A source code patch exists which remedies this problem.
-
-
- 012: SECURITY FIX: June 10, 2004
- As - disclosed - by Thomas Walpuski - isakmpd(8) - is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec - tunnels at will. -
- - A source code patch exists which remedies this problem.
-
-
- 011: SECURITY FIX: June 9, 2004
- Multiple remote vulnerabilities have been found in the - cvs(1) - server that allow an attacker to crash the server or possibly execute arbitrary - code with the same privileges as the CVS server program. -
- - A source code patch exists which remedies this problem.
-
-
- 010: RELIABILITY FIX: June 9, 2004
- A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in - non-blocking mode for writing when there are no processes reading the FIFO. - One program affected by this is the qmail - mail server which could go into an infinite loop and consume all CPU. -
- - A source code patch exists which remedies this problem.
-
-
- 009: SECURITY FIX: May 30, - 2004
- A flaw in the Kerberos V kdc(8) - server could result in the administrator of a Kerberos realm having - the ability to impersonate any principal in any other realm which - has established a cross-realm trust with their realm. The flaw is due to - inadequate checking of the "transited" field in a Kerberos request. For - more details see - Heimdal's announcement. -
- - A source code patch exists which remedies this problem.
-
-
- 008: SECURITY FIX: May 26, - 2004
- With the introduction of IPv6 code in - xdm(1), - one test on the 'requestPort' resource was deleted by accident. This - makes xdm create the chooser socket even if xdmcp is disabled in - xdm-config, by setting requestPort to 0. See - XFree86 - bugzilla for details. -
- - A source code patch exists which remedies this problem.
-
-
- 007: SECURITY FIX: May 20, - 2004
- A heap overflow in the - cvs(1) - server has been discovered that can be exploited by clients sending - malformed requests, enabling these clients to run arbitrary code - with the same privileges as the CVS server program. -
- - A source code patch exists which remedies this problem.
-
-
- 006: SECURITY FIX: May 13, - 2004
- Check for integer overflow in procfs. Use of procfs is not recommended. -
- - A source code patch exists which remedies this problem.
-
-
- 005: RELIABILITY FIX: May 6, - 2004
- Reply to in-window SYN with a rate-limited ACK. -
- - A source code patch exists which remedies this problem.
-
-
- 004: RELIABILITY FIX: May 5, - 2004
- Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e. - siop(4), - trm(4), - iha(4) - ). -
- - A source code patch exists which remedies this problem.
-
-
- 003: RELIABILITY FIX: May 5, - 2004
- Under load "recent model" - gdt(4) - controllers will lock up. -
- - A source code patch exists which remedies this problem.
-
-
- 002: SECURITY FIX: May 5, - 2004
- Pathname validation problems have been found in - cvs(1), - allowing malicious clients to create files outside the repository, allowing - malicious servers to overwrite files outside the local CVS tree on - the client and allowing clients to check out files outside the CVS - repository. -
- - A source code patch exists which remedies this problem.
-
-

- -

i386

No problems identified yet.

alpha

--- 57,65 ----

All architectures

No problems identified yet.

alpha

*************** *** 297,332 ****

No problems identified yet.

! !

mac68k

No problems identified yet.

! !

sparc

No problems identified yet.

! !

sparc64

No problems identified yet.

! !

hppa

No problems identified yet.

! !

hp300

No problems identified yet.

mvme68k

No problems identified yet.

! !

hp300

No problems identified yet.

! !

hppa

No problems identified yet.

! !

i386

No problems identified yet.

! !

luna88k

No problems identified yet.

! !

mac68k

No problems identified yet.

+ +

macppc

No problems identified yet. +

mvme68k

No problems identified yet.

! !

macppc

! 001: BROKEN PACKAGE ON CD: May 4, 2004
! The powerpc autobook-1.3.tgz package found on CD2 has been found to be corrupt, ! and will not extract. ! A replacement package can be found on the ftp sites.

--- 127,142 ----

No problems identified yet.

! !

sparc

No problems identified yet. !

+ +

sparc64

No problems identified yet.

*************** *** 376,388 **** 3.1, 3.2, 3.3, ! 3.4.

www@openbsd.org !
$OpenBSD: errata.html,v 1.511 2004/09/21 16:32:37 millert Exp $ --- 165,178 ---- 3.1, 3.2, 3.3, ! 3.4, ! 3.5.

www@openbsd.org !
$OpenBSD: errata.html,v 1.512 2004/10/29 17:22:16 miod Exp $