===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.92
retrieving revision 1.93
diff -c -r1.92 -r1.93
*** www/errata.html 1998/04/22 14:55:30 1.92
--- www/errata.html 1998/04/23 14:28:13 1.93
***************
*** 14,299 ****
! This is the OpenBSD 2.2 release errata & patch list:
All architectures
!
! - SECURITY FIX
! An exploitable buffer mismanagement exists in a subroutine used by
! lprm and lpd. The problem is exploitable by users on a particular
! machine if there is an entry in /etc/printcap which
! points at a remote printer.
!
! A patch is available which corrects this behaviour.
-
-
- SECURITY FIX
- A DNS-based vulnerability exists when uucpd is used. By default uucpd
- is not enabled in the OpenBSD releases, but some sites may have enabled it.
-
- A patch is available which corrects this behaviour.
-
-
-
- SECURITY FIX
- A vulnerability exists when (and only when) /etc/named.conf has the
- fake-iquery option enabled.
-
- A patch is available which corrects this behaviour.
-
-
-
- SECURITY FIX
- A vulnerability exists in ping(8); if the -R option is used to record
- routes, an attacker can spoof a reply packet that will overflow inside
- ping. Preliminary investigation makes it look the worst attack
- possible is to make ping crash, but one never knows...
-
- A patch is available which corrects this behaviour.
-
-
-
- SECURITY FIX
- If the sysctl variable net.inet.ip.forwarding is
- enabled (value 1), but the variable net.inet.ip.sourceroute
- is disabled (value 0), the kernel will block source routed packets from
- going through, but will still accept source routing packets destined for
- itself. Our fix changes the net.inet.ip.sourceroute
- variable semantics to mean that all source routed packets should
- be blocked completely.
-
- A kernel patch is provided.
-
-
-
- SECURITY FIX
- A combination localhost+remote host security problem exists if a
- local user running a setuid binary causes a non-existant root .rhosts
- file to be created via a symbolic link with a specific kind of corefile,
- and then subsequently uses rsh/rlogin to enter the machine from remote.
- A similar exploit might also be possible using sshd which lacks any code
- for checking for deviations from the expected format in the .rhosts or
- .shosts files, but we have not confirmed this yet. The following two
- fixes are recommended:
-
-
-
- If the
- first patch is used to stop setuid coredumps, then the second patch is
- not as important.
- This problem is fixed much better in OpenBSD-current, where the kernel's
- symbolic link handling has been improved such that coredumping will not
- create a file on the other side of a symbolic link. Such a patch is not
- possible for the 4.4lite1 VFS layer in the OpenBSD 2.2 kernel.
- The problem with the ruserok() function appears to also exist in
- ssh 1.2.21 and previous (the ssh people have been alerted).
-
-
-
- SECURITY FIX
- A bug in the vm system permits a file descriptor opened read-only on a
- device, to later on be mmap(2)'d read-write, and then modified. This
- does not result in a security hole by itself, but it does violate the
- safety semantics which securelevels are supposed to provide. If a user
- manages to gain kmem group permissions, using this problem they can then
- gain root trivially and/or turn securelevels off.
-
- A kernel patch is available which corrects this behaviour (this is
- revision 3 of this patch).
-
-
- BUILD PROCESS FIX
- Building an object tree from a read-only source tree (such as off a CDROM)
- may fail under certain circumstances (e.g. when creating a symlink on sparc
- whose target name is exactly 33 characters). As a workaround you have to
- either provide the source tree read/write, or install a newer version of
- /usr/bin/readlink.
-
- A replacement source file exists.
-
-
-
- SECURITY FIX
- If a line in /etc/exports which contains hostnames results in an empty
- list because none of the supplied hostnames is known, mountd(8) will
- accidentally export the filesystem to the world.
-
- A patch is available which corrects this behaviour.
-
-
- RELIABILITY FIX
- Setting the MSG_EOR flag on a tcp packet in the send(2) family of
- system calls could cause a kernel panic.
-
- A patch to return EINVAL in this case is available.
-
-
i386
!
! - RELIABILITY FIX
! The Intel P5 F00F bug was discovered after the CDR's had already been
! sent to the manufacturer. This problem permits any user who has an account
! to lock your machine up using a 4-line program. The problem only affects
! Intel P5 processors (the i386, i486, P-Pro, and P-II are not vulnerable,
! nor are processors by other manufacturers).
!
! A kernel source-code patch is available.
-
- FUNCTIONALITY FIX
- Some Linux binaries will execute in SVR4 emulation mode, which is
- definately a problem for people who need Linux emulation to work correctly.
- To solve this mis-identification problem,
-
- a patch file is provided.
-
-
- RELIABILITY FIX
- APM can crash on machines without it.
-
- A kernel source-code patch is available.
-
-
- INSTALLATION PROCESS FLAW
- A few people are running into this problem, particularily if they had some
- other *BSD operating system on their machine before trying OpenBSD: if after
- installation onto an IDE-based machine, the kernel fails to mount the root
- partition because it thinks that it should be opening sd0 (0x400), this means
- you have incorrectly setup your disklabel for the IDE drive -- the disklabel
- is indicating that the drive is SCSI.
- To repair this, use the floppy to run "disklabel -E wd0", then using the
- "edit" command ensure the type field is set to "ST506".
-
mac68k
! - NEW SOFTWARE
! Unfortunately, X11 binaries for the mac68k did not manage to make it onto the
! CDROM. However, X11 for the mac68k is immediately available from
!
! ftp://ftp.OpenBSD.org/pub/OpenBSD/2.2/mac68k/X11/X11R6.tar.gz. Please
! be sure to read the README file also in that directory for instructions on installing
! and setting up X.
-
- INSTALLATION PROCESS FLAW
- As shipped on the CDROM, both the
-
- generic kernel
- and the
-
- genericsbc kernel
- extract themselves into the wrong place in the filesystem.
- Both should extract a kernel named /bsd, but they extract
- the kernel into /usr/src/sys/arch/mac68k/compile instead.
-
- This has been fixed on the ftp release of OpenBSD 2.2, and
- fresh kernels are available from
- ftp://ftp.OpenBSD.ORG/pub/OpenBSD/2.2/mac68k/. If at all possible,
- installing these kernels is recommended.
-
- A number of possible workarounds exist if you don't have easy access to ftp
- the updated kernels. The simplest of these is to use a
- MacOS program to uncompress and untar the kernel aad use the Installer's
- mini-shell to "cpin" the kernel. Alternately, you could install the kernel
- with the Installer and use the mini-shell to move the binary from /usr/src/... to /bsd.
-
sparc
! - RELIABILITY FIX
! Older 4/xxx systems (particularily the 4/300's) cannot boot
! with the 2.2 kernel due to bugs in the scsi device driver.
!
! A kernel source patch is available.
! Replacement kernels are available for:
! bsd,
! bsd.scsi3,
! and a replacement for bsd.rd is coming soon.
-
-
- RELIABILITY FIX
- SPARCstation 4 and 5 (Microsparc 2) users may see kernel panics when
- using a custom kernel configured for option sun4m only.
-
- A workaround (kernel source patch) is available. Apply the patch and
- then re-build your kernel.
-
amiga
-
! - FUNCTIONALITY FIX
! Missing Xamiga manual pages. Get
!
! this package and execute, as root:
! # pkg_add Xamiga-manual.tgz
! The MD5 checksum of this package is:
! MD5 (Xamiga-manual.tgz) = 2362a7857264b9d17f65cca258b42031
!
- FUNCTIONALITY FIX
! The Ariadne ethernet support was broken, there will be both binary and
! source level fixes available shortly. If you are in a hurry mail
! Niklas for a test kernel.
pmax
! - FUNCTIONALITY FIX
! There is a Year-1998 problem in the time-setting code (which causes the
! date and time to be set incorrectly after a reboot in 1998).
!
! A source code patch file is available plus replacement installation
! kernels for the 2.2 release at
! bsd.NFS,
! bsd,
! bsd.rz0.
-
- FUNCTIONALITY FIX
- X11 support for the 3min and 3maxplus machines was broken
- due to a kernel bug.
-
- A source code patch is available.
-
-
-
- SECURITY FIX
- A security problem in the shared library linker ld.so
- requires that you replace it with a new binary. The following binary
- will work on both pmax and arc machines.
-
- The replacement binary is here.
-
arc
! - SECURITY FIX
! A security problem in the shared library linker ld.so requires
! that you replace it with a new binary. The following binary
! will work on both pmax and arc machines.
!
! The replacement binary is here.
alpha
-
! - MISSING FUNCTIONALITY
! Network Address Translation and other parts of IP Filtering to not work
! on the alpha. This will be fixed in the 2.3 release, and perhaps earlier
! in a snapshot. There is no patch for 2.2.
hp300
- No problems identified yet.
mvme68k
- No problems identified yet.
--- 14,79 ----
! This is the OpenBSD 2.3 release errata & patch list:
All architectures
! - No problems identified yet.
i386
! - No problems identified yet.
mac68k
! - No problems identified yet.
sparc
! - No problems identified yet.
+
amiga
! - No problems identified yet.
!
pmax
! - No problems identified yet.
arc
! - No problems identified yet.
+
alpha
! - No problems identified yet.
+
hp300
- No problems identified yet.
+
mvme68k