Annotation of www/errata.html, Revision 1.311
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.281 deraadt 4: <title>OpenBSD 2.8 errata</title>
1.1 deraadt 5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
1.107 deraadt 10: <meta name="copyright" content="This document copyright 1997-1998 by OpenBSD.">
1.1 deraadt 11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
1.127 pauls 15: <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
1.68 deraadt 16: <h2><font color=#0000e0>
1.281 deraadt 17: This is the OpenBSD 2.8 release errata & patch list:
1.94 deraadt 18:
1.96 deraadt 19: </font></h2>
20:
1.94 deraadt 21: <hr>
1.240 jason 22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.94 deraadt 23: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
24: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
1.144 deraadt 25: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
1.176 deraadt 26: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
1.198 deraadt 27: <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
1.232 deraadt 28: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
1.281 deraadt 29: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
1.94 deraadt 30: <hr>
31:
1.281 deraadt 32: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8.tar.gz>
1.142 deraadt 33: You can also fetch a tar.gz file containing all the following patches</a>.
34: This file is updated once a day.
35:
1.240 jason 36: <p> The patches below are available in CVS via the
1.281 deraadt 37: <code>OPENBSD_2_8</code> <a href="stable.html">patch branch</a>.
1.278 ericj 38:
39: <p>
40: For more detailed information on install patches to OpenBSD, please
41: consult the <a href="./faq/faq10.html#10.14">OpenBSD FAQ</a>.
1.142 deraadt 42: <hr>
43:
1.197 deraadt 44: <dl>
1.43 deraadt 45: <a name=all></a>
1.67 deraadt 46: <li><h3><font color=#e00000>All architectures</font></h3>
1.25 deraadt 47: <ul>
1.311 ! millert 48: <a name=sudo></a>
! 49: <li><font color=#009000><strong>020: SECURITY FIX: Feb 22, 2001</strong></font><br>
! 50: There is a buffer overflow in
! 51: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo</a>.
! 52: It is not currently known whether this is exploitable.
! 53: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/021_sudo.patch">A source code patch exists which remedies the problem.</a><br>
! 54: <p>
1.310 beck 55: <a name=libwrap></a>
56: <li><font color=#009000><strong>020: IMPLEMENTATION FIX: Feb 15, 2001</strong></font><br>
57: Client side ident protocol was broken in libwrap, affecting anything using libwrap including <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpd&sektion=8">tcpd</a>. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.
58: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/020_libwrap.patch">A source code patch exists which remedies the problem.</a><br>
59: <p>
1.308 jason 60: <a name=lepci></a>
61: <li><font color=#009000><strong>019: IMPLEMENTATION FIX: Jan 31, 2001</strong></font><br>
62: Fix memory allocation in the PCI LANCE driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=le&sektion=4&arch=i386">le</a>. A side effect of this is that OpenBSD under VMWare now works again.<br>
63: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/019_lepci.patch">A source code patch exists which remedies the problem.</a><br>
64: <p>
1.305 jason 65: <a name=named></a>
66: <li><font color=#009000><strong>018: SECURITY FIX: Jan 29, 2001</strong></font><br>
1.306 deraadt 67: Merge <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named</a>
68: with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities (actually it appears
1.307 jason 69: that these were already impossible to exploit beforehands).<br>
1.305 jason 70: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/018_named.patch">A source code patch exists which remedies the problem.</a><br>
71: <p>
1.303 jason 72: <a name=rnd></a>
1.302 jason 73: <li><font color=#009000><strong>017: SECURITY FIX: Jan 22, 2001</strong></font><br>
1.304 jason 74: The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=4">rnd(4)</a> device does not use all of its input when data is written to it.<br>
1.302 jason 75: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/017_rnd.patch">A source code patch exists which remedies the problem.</a><br>
76: <p>
1.300 jason 77: <a name=tl></a>
1.301 jason 78: <li><font color=#009000><strong>016: RELIABILITY FIX: Jan 4, 2001</strong></font><br>
1.300 jason 79: Allow ThunderLAN cards to share interrupts nicely.<br>
80: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/016_tl.patch">A source code patch exists which remedies the problem.</a>
81: <p>
1.299 ericj 82: <a name=xlock></a>
83: <li><font color=#009000><strong>014: SECURITY FIX: Dec 22, 2000</strong></font><br>
84: Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.<br>
85: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/014_xlock.patch">A source code patch exists which remedies the problem.</a>
86: <p>
87: In addition to a source code patch, new xlock binaries have been created for each architecture listed below. Place these binaries at <i>/usr/X11R6/bin/xlock</i>
88: and <i>chmod 4755 /usr/X11R6/bin/xlock</i>.
89: <p>
90: <ul>
91: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/xlock">Xlock - i386</a>
92: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/xlock">Xlock - sparc</a>
93: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mac68k/xlock">Xlock - mac68k</a>
94: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/xlock">Xlock - powerpc</a>
95: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/amiga/xlock">Xlock - amiga</a>
96: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/hp300/xlock">Xlock - hp300</a>
97: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mvme68k/xlock">Xlock - mvme68k</a>
98: </ul>
99: <p>
1.296 ericj 100: <a name=procfs></a>
101: <li><font color=#009000><strong>013: SECURITY FIX: Dec 18, 2000</strong></font><br>
1.298 ericj 102: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_procfs&sektion=8">Procfs</a> contained numerous overflows, which could lead an intruder to root permissions. Procfs is NOT enabled by default in OpenBSD. <br>
103: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/013_procfs.patch">A source code patch exists which remedies the problem.</a>
104: <p>
1.292 deraadt 105: <a name=hwcrypto></a>
106: <li><font color=#009000><strong>011: RELIABILITY FIX: Dec 13, 2000</strong></font><br>
1.294 jufi 107: The crypto subsystem could incorrectly fail to run certain software ciphers,
1.292 deraadt 108: if a hardware card existed in the machine.<br>
109: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/011_hwcrypto.patch">
110: A source code patch exists which remedies the problem.</a>
1.293 deraadt 111: <p>
1.292 deraadt 112: <a name=fastroute></a>
113: <li><font color=#009000><strong>010: RELIABILITY FIX: Dec 11, 2000</strong></font><br>
114: A crash could occur during fast routing, if IPSEC was enabled.<br>
115: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/010_fastroute.patch">
116: A source code patch exists which remedies the problem.</a>
1.293 deraadt 117: <p>
1.290 deraadt 118: <a name=kerberos2></a>
1.291 deraadt 119: <li><font color=#009000><strong>009: SECURITY FIX: Dec 10, 2000</strong></font><br>
1.295 aaron 120: Another problem exists in the Kerberos libraries.<br>
1.290 deraadt 121: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/009_kerberos2.patch">
122: A source code patch exists which remedies the problem.</a>
123: <p>
1.286 deraadt 124: <a name=kerberos></a>
1.288 deraadt 125: <li><font color=#009000><strong>008: SECURITY FIX: Dec 7, 2000</strong></font><br>
1.286 deraadt 126: Two problems have recently been discovered in the KerberosIV code.<p>
127: 1. A symlink problem was discovered in the KerberosIV password checking
128: routines /usr/bin/su and /usr/bin/login, which makes it possible for a
129: local user to overwrite any file on the local machine.<p>
1.287 jufi 130: 2. It is possible to specify environment variables in telnet
1.286 deraadt 131: which will be passed over the to the remote host. This makes it
132: possible to set environment variables on the remote side, including
133: ones that have special meaning on the server. It is not clear at this
134: time what the impact is, but we recommend everyone to upgrade their
1.289 jufi 135: machines immediately.<p>
1.288 deraadt 136: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/008_kerberos.patch">
1.286 deraadt 137: A source code patch exists which remedies the problem.</a>
138: <p>
1.285 deraadt 139: <a name=ftpd></a>
140: <li><font color=#009000><strong>005: SECURITY FIX: Dec 4, 2000</strong></font><br>
141: OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.<br>
142: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch">
1.296 ericj 143: A source code patch exists which remedies the problem.</a><br>
1.298 ericj 144: You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here.
1.285 deraadt 145: <p>
1.284 jason 146: <a name=rijndael> </a>
147: <li><font color=#009000><strong>004: RELIABILITY FIX: Nov 17, 2000</strong></font><br>
1.292 deraadt 148: First off, AES (rijndael) encryption and decryption were broken for IPSec
149: and swap encryption.<br>
150: Secondly, the AES code did not work properly on big endian machines.<br>
1.284 jason 151: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch">
1.292 deraadt 152: A second revision source code patch exists which remedies the problem.</a>
1.284 jason 153: <p>
1.282 deraadt 154: <li><font color=#009000><strong>002: IMPLEMENTATION FIX: Nov 10, 2000</strong></font><br>
155: In ssh(1), skey support for SSH1 protocol was broken. Some people might consider
156: that kind of important.<br>
157: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patch>
158: A source code patch exists which remedies this problem.</a>
1.25 deraadt 159: </ul>
1.177 deraadt 160: <p>
1.42 deraadt 161: <a name=i386></a>
1.67 deraadt 162: <li><h3><font color=#e00000>i386</font></h3>
1.25 deraadt 163: <ul>
1.299 ericj 164: <a name=pms></a>
165: <li><font color=#009000><strong>015: STABILITY FIX: Dec 22, 2000</strong></font><br>
166: Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.<br>
167: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch">A source code patch exists which remedies this problem.</a>
168: <p>
1.285 deraadt 169: <a name=pcibios></a>
170: <li><font color=#009000><strong>006: STABILITY FIX: Dec 4, 2000</strong></font><br>
171: On some machines, a PCIBIOS device driver interrupt allocation bug can cause a
172: kernel hang while probing PCI devices. If you have this symptom, you can disable
173: PCIBIOS as a workaround. To do this,
174: <ul>
175: <li>Enter the User Kernel Configuration by booting with the
176: option "boot -c".
177: <li>Once at the <i>UKC></i> prompt, enter <pre><tt>
178: UKC> disable pcibios
179: UKC> quit
180: </tt></pre>
181: <li>See <a href="./faq/faq5.html#5.6">FAQ 5.6</a> after a successful
182: boot for instructions on how to re-write your kernel to disable PCIBIOS
183: permanently.
184: </ul>
185: <p>
1.39 deraadt 186: </ul>
1.155 deraadt 187: <p>
1.47 deraadt 188: <a name=mac68k></a>
1.67 deraadt 189: <li><h3><font color=#e00000>mac68k</font></h3>
1.39 deraadt 190: <ul>
1.285 deraadt 191: <a name=x_mac68k></a>
192: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
193: The X packages
194: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xshare28.tgz">share28.tgz</a>
195: and
196: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xfont28.tgz">font28.tgz</a>
197: were not on the CD, and only available via FTP install. These packages can be
198: added post-install by using the following command:
199: <tt><pre>
200: # cd /; tar xvfpz xshare28.tgz
201: # cd /; tar xvfpz xfont28.tgz
202: </pre></tt>
1.25 deraadt 203: </ul>
1.155 deraadt 204: <p>
1.65 deraadt 205: <a name=sparc></a>
1.67 deraadt 206: <li><h3><font color=#e00000>sparc</font></h3>
1.25 deraadt 207: <ul>
1.285 deraadt 208: <a name=x_sparc></a>
209: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
210: The X packages
211: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xshare28.tgz">share28.tgz</a>
212: and
213: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xfont28.tgz">font28.tgz</a>
214: were not on the CD, and only available via FTP install. These packages can be
215: added post-install by using the following command:
216: <tt><pre>
217: # cd /; tar xvfpz xshare28.tgz
218: # cd /; tar xvfpz xfont28.tgz
219: </pre></tt>
220: <p>
221: <a name=qe></a>
1.284 jason 222: <li><font color=#009000><strong>003: RELIABILITY FIX: Nov 17, 2000</strong></font><br>
223: Configuring a qec+qe causes a NMI panic.<br>
224: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/003_qe.patch>
225: A source code patch exists which remedies this problem.</a>
226: <p>
1.282 deraadt 227: <a name=zsconsole> </a>
228: <li><font color=#009000><strong>001: RELIABILITY FIX: Nov 10, 2000</strong></font><br>
229: When running a sparc with a serial console, certain types of interrupts would
230: cause great grief.<br>
231: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/001_zsconsole.patch>
232: A source code patch exists which remedies this problem.</a>
1.39 deraadt 233: </ul>
1.177 deraadt 234: <p>
1.93 deraadt 235: <a name=amiga></a>
1.67 deraadt 236: <li><h3><font color=#e00000>amiga</font></h3>
1.93 deraadt 237: <ul>
1.285 deraadt 238: <a name=x_amiga></a>
239: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
240: The X packages
241: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xshare28.tgz">share28.tgz</a>
242: and
243: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xfont28.tgz">font28.tgz</a>
244: were not on the CD, and only available via FTP install. These packages can be
245: added post-install by using the following command:
246: <tt><pre>
247: # cd /; tar xvfpz xshare28.tgz
248: # cd /; tar xvfpz xfont28.tgz
249: </pre></tt>
1.25 deraadt 250: </ul>
1.155 deraadt 251: <p>
1.65 deraadt 252: <a name=pmax></a>
1.67 deraadt 253: <li><h3><font color=#e00000>pmax</font></h3>
1.25 deraadt 254: <ul>
1.281 deraadt 255: <li>No problems identified yet.
1.25 deraadt 256: </ul>
1.155 deraadt 257: <p>
1.281 deraadt 258: <a name=hp300></a>
259: <li><h3><font color=#e00000>hp300</font></h3>
1.59 deraadt 260: <ul>
1.285 deraadt 261: <a name=x_hp300></a>
262: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
263: The X packages
264: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xshare28.tgz">share28.tgz</a>
265: and
266: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xfont28.tgz">font28.tgz</a>
267: were not on the CD, and only available via FTP install. These packages can be
268: added post-install by using the following command:
269: <tt><pre>
270: # cd /; tar xvfpz xshare28.tgz
271: # cd /; tar xvfpz xfont28.tgz
272: </pre></tt>
1.59 deraadt 273: </ul>
1.155 deraadt 274: <p>
1.281 deraadt 275: <a name=mvme68k></a>
276: <li><h3><font color=#e00000>mvme68k</font></h3>
1.56 deraadt 277: <ul>
1.285 deraadt 278: <a name=x_mvme68k></a>
279: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
280: The X packages
281: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xshare28.tgz">share28.tgz</a>
282: and
283: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xfont28.tgz">font28.tgz</a>
284: were not on the CD, and only available via FTP install. These packages can be
285: added post-install by using the following command:
286: <tt><pre>
287: # cd /; tar xvfpz xshare28.tgz
288: # cd /; tar xvfpz xfont28.tgz
289: </pre></tt>
1.56 deraadt 290: </ul>
1.155 deraadt 291: <p>
1.281 deraadt 292: <a name=powerpc></a>
293: <li><h3><font color=#e00000>powerpc</font></h3>
1.110 millert 294: <ul>
1.293 deraadt 295: <a name=imacdv></a>
296: <li><font color=#009000><strong>012: INSTALL PROBLEM: Dec 14, 2000</strong></font><br>
297: The IMac DV+ (and probably some other machines) incorrectly identify their video
298: hardware, but it is possible to work around the problem.<br>
1.309 jason 299: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/012_imacdv.patch">
1.293 deraadt 300: A source code patch exists which remedies the problem.</a>
1.56 deraadt 301: </ul>
1.155 deraadt 302: <p>
1.281 deraadt 303: <a name=vax></a>
304: <li><h3><font color=#e00000>vax</font></h3>
1.25 deraadt 305: <ul>
1.232 deraadt 306: <li>No problems identified yet.
1.25 deraadt 307: </ul>
1.155 deraadt 308: <p>
1.281 deraadt 309: <a name=sun3></a>
310: <li><h3><font color=#e00000>sun3</font></h3>
1.95 deraadt 311: <ul>
1.285 deraadt 312: <a name=x_sun3></a>
313: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
314: The X packages
315: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>
316: and
317: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xfont28.tgz">font28.tgz</a>
318: were not on the CD, and only available via FTP install. These packages can be
319: added post-install by using the following command:
320: <tt><pre>
321: # cd /; tar xvfpz xshare28.tgz
322: # cd /; tar xvfpz xfont28.tgz
323: </pre></tt>
1.144 deraadt 324: </ul>
325:
1.197 deraadt 326: </dl>
1.25 deraadt 327: <br>
1.75 deraadt 328:
1.25 deraadt 329: <hr>
1.240 jason 330: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.93 deraadt 331: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
332: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
1.144 deraadt 333: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
1.176 deraadt 334: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
1.198 deraadt 335: <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
1.232 deraadt 336: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
1.281 deraadt 337: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
1.2 deraadt 338: <hr>
1.176 deraadt 339:
1.186 deraadt 340: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.2 deraadt 341: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.311 ! millert 342: <br><small>$OpenBSD: errata.html,v 1.310 2001/02/16 01:15:40 beck Exp $</small>
1.2 deraadt 343:
344: </body>
345: </html>