The patches below are available in CVS via the
! OPENBSD_3_6patch branch.
For more detailed information on how to install patches to OpenBSD, please
***************
*** 56,283 ****
All architectures
-
- 020: SECURITY FIX: September 20, 2004
- Eilko Bos reported that radius authentication, as implemented by
- login_radius(8),
- was not checking the shared secret used for replies sent by the radius server.
- This could allow an attacker to spoof a reply granting access to the
- attacker. Note that OpenBSD does not ship with radius authentication enabled.
-
-
- A source code patch exists which remedies this problem.
-
-
- 019: SECURITY FIX: September 16, 2004
- Chris Evans reported several flaws (stack and integer overflows) in the
- Xpm
- library code that parses image files
- (CAN-2004-0687,
- CAN-2004-0688).
- Some of these would be exploitable when parsing malicious image files in
- an application that handles XPM images, if they could escape ProPolice.
-
-
- A source code patch exists which remedies this problem.
-
-
- 018: SECURITY FIX: September 10, 2004
- httpd(8)
- 's mod_rewrite module can be made to write one zero byte in an arbitrary memory
- position outside of a char array, causing a DoS or possibly buffer overflows.
- This would require enabling dbm for mod_rewrite and making use of a malicious
- dbm file.
-
-
- A source code patch exists which remedies this problem.
-
- 014: RELIABILITY FIX: July 25, 2004
- Under a certain network load the kernel can run out of stack space. This was
- encountered in an environment using CARP on a VLAN interface. This issue initially
- manifested itself as a FPU related crash on boot up.
-
-
- A source code patch exists which remedies this problem.
-
- 011: SECURITY FIX: June 9, 2004
- Multiple remote vulnerabilities have been found in the
- cvs(1)
- server that allow an attacker to crash the server or possibly execute arbitrary
- code with the same privileges as the CVS server program.
-
-
- A source code patch exists which remedies this problem.
-
-
- 010: RELIABILITY FIX: June 9, 2004
- A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in
- non-blocking mode for writing when there are no processes reading the FIFO.
- One program affected by this is the qmail
- mail server which could go into an infinite loop and consume all CPU.
-
-
- A source code patch exists which remedies this problem.
-
-
- 009: SECURITY FIX: May 30,
- 2004
- A flaw in the Kerberos V kdc(8)
- server could result in the administrator of a Kerberos realm having
- the ability to impersonate any principal in any other realm which
- has established a cross-realm trust with their realm. The flaw is due to
- inadequate checking of the "transited" field in a Kerberos request. For
- more details see
- Heimdal's announcement.
-
-
- A source code patch exists which remedies this problem.
-
-
- 008: SECURITY FIX: May 26,
- 2004
- With the introduction of IPv6 code in
- xdm(1),
- one test on the 'requestPort' resource was deleted by accident. This
- makes xdm create the chooser socket even if xdmcp is disabled in
- xdm-config, by setting requestPort to 0. See
- XFree86
- bugzilla for details.
-
-
- A source code patch exists which remedies this problem.
-
-
- 007: SECURITY FIX: May 20,
- 2004
- A heap overflow in the
- cvs(1)
- server has been discovered that can be exploited by clients sending
- malformed requests, enabling these clients to run arbitrary code
- with the same privileges as the CVS server program.
-
-
- A source code patch exists which remedies this problem.
-
- 002: SECURITY FIX: May 5,
- 2004
- Pathname validation problems have been found in
- cvs(1),
- allowing malicious clients to create files outside the repository, allowing
- malicious servers to overwrite files outside the local CVS tree on
- the client and allowing clients to check out files outside the CVS
- repository.
-
-
- A source code patch exists which remedies this problem.
-
-
-
-
-
i386
-
No problems identified yet.
alpha
--- 57,65 ----
All architectures
No problems identified yet.
+
alpha
***************
*** 297,332 ****
No problems identified yet.
!
!
mac68k
No problems identified yet.
!
!
sparc
No problems identified yet.
!
!
sparc64
No problems identified yet.
!
!
hppa
No problems identified yet.
!
!
hp300
No problems identified yet.
mvme68k
--- 79,120 ----
No problems identified yet.
!
!
hp300
No problems identified yet.
!
!
hppa
No problems identified yet.
!
!
i386
No problems identified yet.
!
!
luna88k
No problems identified yet.
!
!
mac68k
No problems identified yet.
+
+
macppc
+
+
No problems identified yet.
+
+
mvme68k
***************
*** 339,353 ****
No problems identified yet.
!
!
macppc
!
! 001: BROKEN PACKAGE ON CD: May 4, 2004
! The powerpc autobook-1.3.tgz package found on CD2 has been found to be corrupt,
! and will not extract.
! A replacement package can be found on the ftp sites.