www/errata.html - diff

Return to errata.html CVS log

Up to [local] / www

Diff for /www/errata.html between version 1.511 and 1.512

-version 1.511, 2004/09/21 16:32:37
+version 1.512, 2004/10/29 17:22:16
 Line 1
 Line 1
 Line 1
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  <html>
  <head>
- <title>OpenBSD 3.5 errata</title>
+ <title>OpenBSD 3.6 errata</title>
  <link rev=made href="mailto:www@openbsd.org">
  <meta name="resource-type" content="document">
  <meta name="description" content="the OpenBSD CD errata page">
 Line 15
 Line 15
 Line 15
  <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
  <h2><font color="#0000e0">
- This is the OpenBSD 3.5 release errata &amp; patch list:
+ This is the OpenBSD 3.6 release errata &amp; patch list:
  </font></h2>
 Line 37
 Line 37
 Line 37
  <a href="errata31.html">3.1</a>,
  <a href="errata32.html">3.2</a>,
  <a href="errata33.html">3.3</a>,
- <a href="errata34.html">3.4</a>.
+ <a href="errata34.html">3.4</a>,
+ <a href="errata35.html">3.5</a>.
  <br>
  <hr>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5.tar.gz">
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6.tar.gz">
  You can also fetch a tar.gz file containing all the following patches</a>.
  This file is updated once a day.
  <p> The patches below are available in CVS via the
- <code>OPENBSD_3_5</code> <a href="stable.html">patch branch</a>.
+ <code>OPENBSD_3_6</code> <a href="stable.html">patch branch</a>.
  <p>
  For more detailed information on how to install patches to OpenBSD, please
-Line 56
+Line 57
 Line 56
 Line 57
  <a name="all"></a>
  <h3><font color="#e00000">All architectures</font></h3>
  <ul>
- <li><a name="radius"></a>
- <font color="#009000"><strong>020: SECURITY FIX: September 20, 2004</strong></font><br>
- Eilko Bos reported that radius authentication, as implemented by
- <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_radius&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">login_radius(8)</a>,
- was not checking the shared secret used for replies sent by the radius server.
- This could allow an attacker to spoof a reply granting access to the
- attacker.  Note that OpenBSD does not ship with radius authentication enabled.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/020_radius.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="xpm"></a>
- <font color="#009000"><strong>019: SECURITY FIX: September 16, 2004</strong></font><br>
- Chris Evans reported several flaws (stack and integer overflows) in the
- <a href="http://www.inria.fr/koala/lehors/xpm.html">Xpm</a>
- library code that parses image files
- (<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687">CAN-2004-0687</a>,
- <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688">CAN-2004-0688</a>).
- Some of these would be exploitable when parsing malicious image files in
- an application that handles XPM images, if they could escape ProPolice.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/019_xpm.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="httpd2"></a>
- <font color="#009000"><strong>018: SECURITY FIX: September 10, 2004</strong></font><br>
- <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">httpd(8)</a>
- 's mod_rewrite module can be made to write one zero byte in an arbitrary memory
- position outside of a char array, causing a DoS or possibly buffer overflows.
- This would require enabling dbm for mod_rewrite and making use of a malicious
- dbm file.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/018_httpd2.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="libz"></a>
- <font color="#009000"><strong>017: RELIABILITY FIX: August 29, 2004</strong></font><br>
- Due to incorrect error handling in zlib an attacker could potentially cause a Denial
- of Service attack.
- <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797">CAN-2004-0797</a>
- .
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="bridge"></a>
- <font color="#009000"><strong>016: RELIABILITY FIX: August 26, 2004</strong></font><br>
- As
- <a href="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=109345131508824&amp;w=2">reported</a>
- by Vafa Izadinia
- <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">bridge(4)</a>
- with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/016_bridge.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="icmp"></a>
- <font color="#009000"><strong>015: RELIABILITY FIX: August 25, 2004</strong></font><br>
- Improved verification of ICMP errors in order to minimize the impact of ICMP attacks
- against TCP.
- <br>
- <a href="http://www.ietf.org/internet-drafts/draft-gont-icmp-payload-00.txt">http://www.ietf.org/internet-drafts/draft-gont-icmp-payload-00.txt</a>
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/015_icmp.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="rnd"></a>
- <font color="#009000"><strong>014: RELIABILITY FIX: July 25, 2004</strong></font><br>
- Under a certain network load the kernel can run out of stack space.  This was
- encountered in an environment using CARP on a VLAN interface.  This issue initially
- manifested itself as a FPU related crash on boot up.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/014_rnd.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="httpd"></a>
- <font color="#009000"><strong>013: SECURITY FIX: June 12, 2004</strong></font><br>
- Multiple vulnerabilities have been found in
- <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">httpd(8)</a>
- / mod_ssl.
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">CAN-2003-0020</a>,
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987">CAN-2003-0987</a>,
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>,
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492</a>.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/013_httpd.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="isakmpd"></a>
- <font color="#009000"><strong>012: SECURITY FIX: June 10, 2004</strong></font><br>
- As
- <a href="http://seclists.org/lists/fulldisclosure/2004/Jun/0191.html">disclosed</a>
- by Thomas Walpuski
- <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">isakmpd(8)</a>
- is still vulnerable to unauthorized SA deletion.  An attacker can delete IPsec
- tunnels at will.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/012_isakmpd.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="cvs3"></a>
- <font color="#009000"><strong>011: SECURITY FIX: June 9, 2004</strong></font><br>
- Multiple remote vulnerabilities have been found in the
- <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&amp;apropos=0&amp;sektion=1&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">cvs(1)</a>
- server that allow an attacker to crash the server or possibly execute arbitrary
- code with the same privileges as the CVS server program.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/011_cvs3.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="fifofs"></a>
- <font color="#009000"><strong>010: RELIABILITY FIX: June 9, 2004</strong></font><br>
- A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in
- non-blocking mode for writing when there are no processes reading the FIFO.
- One program affected by this is the <a href="http://www.qmail.org/">qmail</a>
- mail server which could go into an infinite loop and consume all CPU.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/010_fifofs.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="kerberos"></a>
- <font color="#00900"><strong>009: SECURITY FIX: May 30,
-</strong></font><br>
- A flaw in the Kerberos V <a
- href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdc">kdc(8)</a>
- server could result in the administrator of a Kerberos realm having
- the ability to impersonate any principal in any other realm which
- has established a cross-realm trust with their realm. The flaw is due to
- inadequate checking of the "transited" field in a Kerberos request. For
- more details see <a href="http://www.pdc.kth.se/heimdal/advisory/2004-04-01/">
- Heimdal's announcement</a>.
- <br>
- <a
- href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/009_kerberos.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="xdm"></a>
- <font color="#00900"><strong>008: SECURITY FIX: May 26,
-</strong></font><br>
- With the introduction of IPv6 code in
- <a
- href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&amp;apropos=0&amp;sektion=0&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">xdm(1)</a>,
- one test on the 'requestPort' resource was deleted by accident. This
- makes xdm create the chooser socket even if xdmcp is disabled in
- xdm-config, by setting requestPort to 0. See
- <a href="http://bugs.xfree86.org/show_bug.cgi?id=1376">XFree86
- bugzilla</a> for details.
- <br>
- <a
- href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/008_xdm.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="cvs2"></a>
- <font color="#009000"><strong>007: SECURITY FIX: May 20,
-</strong></font><br>
- A heap overflow in the
- <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&amp;apropos=0&amp;sektion=1&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">cvs(1)</a>
- server has been discovered that can be exploited by clients sending
- malformed requests, enabling these clients to run arbitrary code
- with the same privileges as the CVS server program.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/007_cvs2.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="procfs"></a>
- <font color="#009000"><strong>006: SECURITY FIX: May 13,
-</strong></font><br>
- Check for integer overflow in procfs.  Use of procfs is not recommended.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="tcp"></a>
- <font color="#009000"><strong>005: RELIABILITY FIX: May 6,
-</strong></font><br>
- Reply to in-window SYN with a rate-limited ACK.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/005_tcp.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="scsi"></a>
- <font color="#009000"><strong>004: RELIABILITY FIX: May 5,
-</strong></font><br>
- Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e.
- <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">siop(4)</a>,
- <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trm&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">trm(4)</a>,
- <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iha&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">iha(4)</a>
- ).
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/004_scsi.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="gdt"></a>
- <font color="#009000"><strong>003: RELIABILITY FIX: May 5,
-</strong></font><br>
- Under load "recent model"
- <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gdt&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">gdt(4)</a>
- controllers will lock up.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/003_gdt.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- <li><a name="cvs"></a>
- <font color="#009000"><strong>002: SECURITY FIX: May 5,
-</strong></font><br>
- Pathname validation problems have been found in
- <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&amp;apropos=0&amp;sektion=1&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">cvs(1)</a>,
- allowing malicious clients to create files outside the repository, allowing
- malicious servers to overwrite files outside the local CVS tree on
- the client and allowing clients to check out files outside the CVS
- repository.
- <br>
- <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch">
- A source code patch exists which remedies this problem</a>.<br>
- <p>
- </ul>
- <p>
- <a name="i386"></a>
- <h3><font color="#e00000">i386</font></h3>
- <ul>
  <li>No problems identified yet.
  </ul>
  <p>
  <a name="alpha"></a>
  <h3><font color="#e00000">alpha</font></h3>
-Line 297
+Line 79
 Line 297
 Line 79
  <li>No problems identified yet.
  </ul>
  <p>
- <a name="mac68k"></a>
+ <a name="hp300"></a>
- <h3><font color="#e00000">mac68k</font></h3>
+ <h3><font color="#e00000">hp300</font></h3>
  <ul>
  <li>No problems identified yet.
  </ul>
  <p>
- <a name="sparc"></a>
+ <a name="hppa"></a>
- <h3><font color="#e00000">sparc</font></h3>
+ <h3><font color="#e00000">hppa</font></h3>
  <ul>
  <li>No problems identified yet.
  </ul>
  <p>
- <a name="sparc64"></a>
+ <a name="i386"></a>
- <h3><font color="#e00000">sparc64</font></h3>
+ <h3><font color="#e00000">i386</font></h3>
  <ul>
  <li>No problems identified yet.
  </ul>
  <p>
- <a name="hppa"></a>
+ <a name="mvme88k"></a>
- <h3><font color="#e00000">hppa</font></h3>
+ <h3><font color="#e00000">luna88k</font></h3>
  <ul>
  <li>No problems identified yet.
  </ul>
  <p>
- <a name="hp300"></a>
+ <a name="mac68k"></a>
- <h3><font color="#e00000">hp300</font></h3>
+ <h3><font color="#e00000">mac68k</font></h3>
  <ul>
  <li>No problems identified yet.
  </ul>
  <p>
+ <a name="macppc"></a>
+ <h3><font color="#e00000">macppc</font></h3>
+ <ul>
+ <li>No problems identified yet.
+ </ul>
+ <p>
  <a name="mvme68k"></a>
  <h3><font color="#e00000">mvme68k</font></h3>
  <ul>
-Line 339
+Line 127
 Line 339
 Line 127
  <li>No problems identified yet.
  </ul>
  <p>
- <a name="macppc"></a>
+ <a name="sparc"></a>
- <h3><font color="#e00000">macppc</font></h3>
+ <h3><font color="#e00000">sparc</font></h3>
  <ul>
- <li><a name="autobook_package"></a>
+ <li>No problems identified yet.
- <font color="#009000"><strong>001: BROKEN PACKAGE ON CD: May 4, 2004</strong></font><br>
+ </ul>
- The powerpc autobook-1.3.tgz package found on CD2 has been found to be corrupt,
- and will not extract.
- A replacement package can be found on the ftp sites.
  <p>
+ <a name="sparc64"></a>
+ <h3><font color="#e00000">sparc64</font></h3>
+ <ul>
+ <li>No problems identified yet.
  </ul>
  <p>
  <a name="vax"></a>
-Line 376
+Line 165
 Line 376
 Line 165
  <a href="errata31.html">3.1</a>,
  <a href="errata32.html">3.2</a>,
  <a href="errata33.html">3.3</a>,
- <a href="errata34.html">3.4</a>.
+ <a href="errata34.html">3.4</a>,
+ <a href="errata35.html">3.5</a>.
  <br>
  <hr>