version 1.354, 2001/09/12 13:52:39 |
version 1.355, 2001/10/22 22:09:53 |
|
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN"> |
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN"> |
<html> |
<html> |
<head> |
<head> |
<title>OpenBSD 2.9 errata</title> |
<title>OpenBSD 3.0 errata</title> |
<link rev=made href=mailto:www@openbsd.org> |
<link rev=made href=mailto:www@openbsd.org> |
<meta name="resource-type" content="document"> |
<meta name="resource-type" content="document"> |
<meta name="description" content="the OpenBSD CD errata page"> |
<meta name="description" content="the OpenBSD CD errata page"> |
|
|
|
|
<img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif"> |
<img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif"> |
<h2><font color=#0000e0> |
<h2><font color=#0000e0> |
This is the OpenBSD 2.9 release errata & patch list: |
This is the OpenBSD 3.0 release errata & patch list: |
|
|
</font></h2> |
</font></h2> |
|
|
|
|
<a href=errata26.html>For 2.6 errata, please refer here</a>.<br> |
<a href=errata26.html>For 2.6 errata, please refer here</a>.<br> |
<a href=errata27.html>For 2.7 errata, please refer here</a>.<br> |
<a href=errata27.html>For 2.7 errata, please refer here</a>.<br> |
<a href=errata28.html>For 2.8 errata, please refer here</a>.<br> |
<a href=errata28.html>For 2.8 errata, please refer here</a>.<br> |
|
<a href=errata29.html>For 2.9 errata, please refer here</a>.<br> |
<hr> |
<hr> |
|
|
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9.tar.gz> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9.tar.gz> |
|
|
This file is updated once a day. |
This file is updated once a day. |
|
|
<p> The patches below are available in CVS via the |
<p> The patches below are available in CVS via the |
<code>OPENBSD_2_9</code> <a href="stable.html">patch branch</a>. |
<code>OPENBSD_3_0</code> <a href="stable.html">patch branch</a>. |
|
|
<p> |
<p> |
For more detailed information on install patches to OpenBSD, please |
For more detailed information on install patches to OpenBSD, please |
|
|
<a name=all></a> |
<a name=all></a> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<ul> |
<ul> |
<a name=uucp> |
<li>No problems identified yet. |
<li><font color=#009000><strong>015: SECURITY FIX: September 11, 2001</strong></font><br> |
|
A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uuxqt&sektion=8">uuxqt(8)</a> |
|
that may allow an attacker to run arbitrary commands as user uucp and |
|
use this to gain root access. |
|
The UUCP execution daemon, uuxqt(8), has a bug in its command line |
|
parsing routine that may allow arbitrary commands to be run. Because |
|
some UUCP commands are run as root (and daemon) from cron it is possible |
|
to leverage compromise of the UUCP user to gain root. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/015_uucp.patch">A source code patch exists which remedies the problem</a> |
|
<p> |
|
<a name=lpd> |
|
<li><font color=#009000><strong>014: SECURITY FIX: August 29, 2001</strong></font><br> |
|
A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a> |
|
that may allow an attacker with line printer access to gain root |
|
privileges. A machine must be running lpd to be vulnerable (OpenBSD |
|
does not start lpd by default). Only machines with line printer |
|
access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv) |
|
may be used to mount an attack. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/014_lpd.patch">A source code patch exists which remedies the problem</a> |
|
<p> |
|
<a name=sendmail2> |
|
<li><font color=#009000><strong>013: SECURITY FIX: August 21, 2001</strong></font><br> |
|
A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
|
that may allow an attacker on the local host to gain root privileges by |
|
specifying out-of-bounds debug parameters. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/013_sendmail.patch">A source code patch exists which remedies the problem</a> |
|
<p> |
|
<a name=nfs> |
|
<li><font color=#009000><strong>012: SECURITY FIX: July 30, 2001</strong></font><br> |
|
A kernel buffer overflow exists in the NFS mount code. An attacker may |
|
use this overflow to execute arbitrary code in kernel mode. However, |
|
only users with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount&sektion=2">mount(2)</a> |
|
privileges can initiate this attack. In default installs, only super-user has |
|
mount privileges. The kern.usermount <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> controls whether other users have mount privileges. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/012_nfs.patch">A source code patch exists which remedies the problem</a> |
|
<p> |
|
<a name=pkg></a> |
|
<li><font color=#009000><strong>011: RELIABILITY FIX: July 15, 2001</strong></font> |
|
<br> |
|
The |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=packages&sektion=7&format=html">packages(7)</a> |
|
subsystem incorrectly accepts some package dependencies as okay (see |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=packages-specs&sektion=7&format=html">packages-specs(7)</a> |
|
for details). |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/011_pkg.patch">A source code patch exists which remedies the problem</a>, |
|
by forcing <code>/usr/sbin/pkg</code> to be more careful in checking |
|
version numbers. |
|
<p> |
|
<a name=twe></a> |
|
<li><font color=#009000><strong>008: RELIABILITY FIX: June 15, 2001</strong></font> |
|
<br> |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=twe&sektion=4&format=html">twe(4)</a> |
|
mishandles the DMA mapping resulting in a kernel panic on unaligned data |
|
transfers, induced by programs such as |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8&format=html">disklabel(8)</a> |
|
and |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dump&sektion=8&format=html">dump(8)</a>. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/008_twe.patch">A source code patch exists which remedies the problem</a>. |
|
This is the second version of the patch. |
|
<p> |
|
<a name=kernexec></a> |
|
<li><font color=#009000><strong>007: SECURITY FIX: June 15, 2001</strong></font><br> |
|
A race condition exists in the kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execve&sektion=2&format=html">execve(2)</a> implementation that opens a small window of vulnerability for a non-privileged user to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ptrace&sektion=2&format=html">ptrace(2)</a> attach to a suid/sgid process. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch">A source code patch exists which remedies the problem</a>. |
|
<p> |
|
<a name=sshcookie></a> |
|
<li><font color=#009000><strong>006: SECURITY FIX: June 12, 2001</strong></font><br> |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8&format=html">sshd(8)</a> |
|
allows users to delete arbitrary files named "cookies" if X11 |
|
forwarding is enabled. X11 forwarding is disabled by default. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch">A source code patch exists which remedies the problem</a>. |
|
<p> |
|
<a name=pwd_mkdb></a> |
|
<li><font color=#009000><strong>005: RELIABILITY FIX: June 7, 2001</strong></font><br> |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pwd_mkdb&sektion=8&format=html">pwd_mkdb(8)</a> |
|
corrupts /etc/pwd.db when modifying an existing user. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/005_pwd_mkdb.patch">A source code patch exists which remedies the problem</a>. |
|
<p> |
|
<a name=isakmpd></a> |
|
<li><font color=#009000><strong>004: RELIABILITY FIX: June 5, 2001</strong></font><br> |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8&format=html">isakmpd(8)</a> |
|
will fail to use a certificate with an identity string that is |
|
exactly N * 8 bytes long. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/004_isakmpd.patch">A source code patch exists which remedies the problem</a>. |
|
<p> |
|
<li><font color=#009000><strong>003: DOCUMENTATION FIX: June 1, 2001</strong></font><br> |
|
The 2.9 CD cover states that XFree86 3.3.6-current is included. This is only half-true. |
|
In fact, the XFree86 included for all architectures is 4.0.3. On the i386, the |
|
3.3.6 Xservers have also been included, because 4.0.3 still has weak support for |
|
some devices which 3.3.6 supported better. |
|
<p> |
|
<a name=fts></a> |
|
<li><font color=#009000><strong>002: SECURITY FIX: May 30, 2001</strong></font><br> |
|
Programs using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fts&sektion=3&format=html">fts(3)</a> |
|
routines (such as rm, find, and most programs that take a <b>-R</b> |
|
flag) can be tricked into changing into the wrong directory if the |
|
parent dir is changed out from underneath it. This is similar to |
|
the old fts bug but happens when popping out of directories, as |
|
opposed to descending into them. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/002_fts.patch">A source code patch exists which remedies the problem</a>. |
|
This is the second version of the patch. |
|
<p> |
|
<a name=sendmail></a> |
|
<li><font color=#009000><strong>001: SECURITY FIX: May 29, 2001</strong></font><br> |
|
The signal handlers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8&format=html">sendmail(8)</a> contain code that is unsafe in the |
|
context of a signal handler. This leads to potentially serious |
|
race conditions. At the moment this is a theoretical attack only |
|
and can only be exploited on the local host (if at all).<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/001_sendmail.patch">A source code patch exists</a> which remedies the problem by updating sendmail to version 8.11.4. |
|
</ul> |
</ul> |
<p> |
<p> |
<a name=i386></a> |
<a name=i386></a> |
<li><h3><font color=#e00000>i386</font></h3> |
<li><h3><font color=#e00000>i386</font></h3> |
<ul> |
<ul> |
<a name=nvidia></a> |
<li>No problems identified yet. |
<li><font color=#009000><strong>010: RELIABILITY FIX: Jul 9, |
|
2001</strong></font></br> |
|
The nVidia driver for XFree86 4.0.3 is incorrectly restoring the text |
|
mode palette upon exit of the X server. <a |
|
href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/010_nvidia.patch"> |
|
A source code patch exists</a> which remedies the problem. |
|
To avoid rebuilding the whole XFree86 tree, an updated binary driver |
|
is also available |
|
<a |
|
href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/nv_drv.o">here |
|
</a>. Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and |
|
restart your X server. |
|
<p> |
|
<a name=XF86Setup></a> |
|
<li><font color=#009000><strong>009: RELIABILITY FIX: Jun 23, |
|
2001</strong></font><br> |
|
The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing |
|
corrupted /etc/XF86Config files. |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/009_XF86Setup.patch"> |
|
A source code patch exists</a> which remedies the problem by linking |
|
XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a. |
|
<p> |
|
<li>When using a PS/2 keyboard with an MSI K7T Pro2A motherboard, it may be |
|
necessary to disable the "USB Keyboard Support" and |
|
"USB Mouse Support" options in the BIOS. Otherwise, the i8042 |
|
keyboard controller doesn't acknowledge commands, confusing OpenBSD. |
|
</ul> |
</ul> |
<p> |
<p> |
<a name=alpha></a> |
<a name=alpha></a> |
|
|
<li>No problems identified yet. |
<li>No problems identified yet. |
</ul> |
</ul> |
<p> |
<p> |
<a name=amiga></a> |
<a name=sparc64></a> |
<li><h3><font color=#e00000>amiga</font></h3> |
<li><h3><font color=#e00000>sparc64</font></h3> |
<ul> |
<ul> |
<li>No problems identified yet. |
<li>No problems identified yet. |
</ul> |
</ul> |
<p> |
<p> |
<a name=pmax></a> |
<a name=amiga></a> |
<li><h3><font color=#e00000>pmax</font></h3> |
<li><h3><font color=#e00000>amiga</font></h3> |
<ul> |
<ul> |
<li>No problems identified yet. |
<li>No problems identified yet. |
</ul> |
</ul> |
|
|
<li>No problems identified yet. |
<li>No problems identified yet. |
</ul> |
</ul> |
<p> |
<p> |
<a name=powerpc></a> |
<a name=macppc></a> |
<li><h3><font color=#e00000>powerpc</font></h3> |
<li><h3><font color=#e00000>macppc</font></h3> |
<ul> |
<ul> |
<li>No problems identified yet. |
<li>No problems identified yet. |
</ul> |
</ul> |
|
|
<ul> |
<ul> |
<li>No problems identified yet. |
<li>No problems identified yet. |
</ul> |
</ul> |
<p> |
|
<a name=sun3></a> |
|
<li><h3><font color=#e00000>sun3</font></h3> |
|
<ul> |
|
<li>No problems identified yet. |
|
</ul> |
|
|
|
</dl> |
</dl> |
<br> |
<br> |
|
|
<a href=errata26.html>For 2.6 errata, please refer here</a>.<br> |
<a href=errata26.html>For 2.6 errata, please refer here</a>.<br> |
<a href=errata27.html>For 2.7 errata, please refer here</a>.<br> |
<a href=errata27.html>For 2.7 errata, please refer here</a>.<br> |
<a href=errata28.html>For 2.8 errata, please refer here</a>.<br> |
<a href=errata28.html>For 2.8 errata, please refer here</a>.<br> |
|
<a href=errata29.html>For 2.9 errata, please refer here</a>.<br> |
<hr> |
<hr> |
|
|
<a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> |
<a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> |