Annotation of www/errata.html, Revision 1.426
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.417 miod 4: <title>OpenBSD 3.2 errata</title>
1.1 deraadt 5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
1.372 horacio 10: <meta name="copyright" content="This document copyright 1997-2002 by OpenBSD.">
1.1 deraadt 11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
1.394 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.68 deraadt 16: <h2><font color=#0000e0>
1.417 miod 17: This is the OpenBSD 3.2 release errata & patch list:
1.94 deraadt 18:
1.96 deraadt 19: </font></h2>
20:
1.94 deraadt 21: <hr>
1.240 jason 22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.380 espie 23: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 24: <br>
1.419 deraadt 25: For errata on a certain release, click below:<br>
1.418 deraadt 26: <a href="errata21.html">2.1</a>,
27: <a href="errata22.html">2.2</a>,
28: <a href="errata23.html">2.3</a>,
29: <a href="errata24.html">2.4</a>,
30: <a href="errata25.html">2.5</a>,
31: <a href="errata26.html">2.6</a>,
32: <a href="errata27.html">2.7</a>,
33: <a href="errata28.html">2.8</a>,
34: <a href="errata29.html">2.9</a>,
35: <a href="errata30.html">3.0</a>,
36: <a href="errata31.html">3.1</a>.
37: <br>
1.94 deraadt 38: <hr>
39:
1.417 miod 40: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2.tar.gz>
1.142 deraadt 41: You can also fetch a tar.gz file containing all the following patches</a>.
42: This file is updated once a day.
43:
1.240 jason 44: <p> The patches below are available in CVS via the
1.420 deraadt 45: <code>OPENBSD_3_2</code> <a href="stable.html">patch branch</a>.
1.278 ericj 46:
47: <p>
1.420 deraadt 48: For more detailed information on how to install patches to OpenBSD, please
1.409 jufi 49: consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
1.142 deraadt 50: <hr>
51:
1.197 deraadt 52: <dl>
1.43 deraadt 53: <a name=all></a>
1.67 deraadt 54: <li><h3><font color=#e00000>All architectures</font></h3>
1.25 deraadt 55: <ul>
1.426 ! margarid 56: <a name=ssl></a>
! 57: <li><font color=#009000><strong>007: SECURITY FIX: February 22, 2003</strong></font><br>
! 58: An information leak can occur via timing by performing a MAC computation
! 59: even if incorrrect block cipher padding has been found. This fix is a
! 60: countermeasure against active attacks where the attacker has to distinguish
! 61: between bad padding and a MAC verification error. (CAN-2003-0078).
! 62: Also, check for negative sizes in memory allocation routines.
! 63: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/007_ssl.patch">A
! 64: source code patch exists which fixes these two issues</a>.
! 65: <p>
1.425 millert 66: <a name=cvs></a>
67: <li><font color=#009000><strong>006: SECURITY FIX: January 20, 2003</strong></font><br>
68: A double free in
69: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a>
70: could allow an attacker to execute code with the privileges of the
71: user running cvs. This is only an issue when the cvs command is
72: being run on a user's behalf as a different user. This means that,
73: in most cases, the issue only exists for cvs configurations that use
74: the <em>pserver</em> client/server connection method.
75: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/006_cvs.patch">A
76: source code patch exists which remedies the problem</a>.
77: <p>
1.423 millert 78: <a name=named></a>
79: <li><font color=#009000><strong>005: SECURITY FIX: November 14, 2002</strong></font><br>
80: A buffer overflow in
81: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>
82: could allow an attacker to execute code with the privileges of named.
83: On OpenBSD, named runs as a non-root user in a chrooted environment
1.424 millert 84: which mitigates the effects of this bug.<br>
1.423 millert 85: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/005_named.patch">A
86: source code patch exists which remedies the problem</a>.
87: <p>
1.422 miod 88: <a name=pool></a>
89: <li><font color=#009000><strong>004: RELIABILITY FIX: November 6, 2002</strong></font><br>
90: A logic error in the
91: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool</a>
92: kernel memory allocator could cause memory corruption in low-memory situations,
93: causing the system to crash.<br>
94: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/004_pool.patch">A
95: source code patch exists which remedies the problem</a>.
96: <p>
97: <a name=smrsh></a>
98: <li><font color=#009000><strong>003: SECURITY FIX: November 6, 2002</strong></font><br>
99: An attacker can bypass the restrictions imposed by sendmail's restricted shell,
100: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>,
101: and execute arbitrary commands with the privileges of his own account.<br>
102: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/003_smrsh.patch">A
103: source code patch exists which remedies the problem</a>.
104: <p>
105: <a name=pfbridge></a>
106: <li><font color=#009000><strong>002: RELIABILITY FIX: November 6, 2002</strong></font><br>
107: Network
108: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridges</a>
109: running
110: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf</a>
111: with scrubbing enabled could cause mbuf corruption,
112: causing the system to crash.<br>
113: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/002_pfbridge.patch">A
114: source code patch exists which remedies the problem</a>.
115: <p>
1.421 miod 116: <a name=kadmin></a>
117: <li><font color=#009000><strong>001: SECURITY FIX: October 21, 2002</strong></font><br>
118: A buffer overflow can occur in the
119: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a>
120: daemon, leading to possible remote crash or exploit.<br>
121: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch">A source code patch exists which remedies the problem</a>.
122: <p>
1.25 deraadt 123: </ul>
1.177 deraadt 124: <p>
1.42 deraadt 125: <a name=i386></a>
1.67 deraadt 126: <li><h3><font color=#e00000>i386</font></h3>
1.25 deraadt 127: <ul>
1.384 deraadt 128: <li>No problems identified yet.
1.323 deraadt 129: </ul>
1.285 deraadt 130: <p>
1.323 deraadt 131: <a name=alpha></a>
132: <li><h3><font color=#e00000>alpha</font></h3>
133: <ul>
134: <li>No problems identified yet.
1.39 deraadt 135: </ul>
1.155 deraadt 136: <p>
1.47 deraadt 137: <a name=mac68k></a>
1.67 deraadt 138: <li><h3><font color=#e00000>mac68k</font></h3>
1.39 deraadt 139: <ul>
1.323 deraadt 140: <li>No problems identified yet.
1.25 deraadt 141: </ul>
1.155 deraadt 142: <p>
1.65 deraadt 143: <a name=sparc></a>
1.67 deraadt 144: <li><h3><font color=#e00000>sparc</font></h3>
1.25 deraadt 145: <ul>
1.323 deraadt 146: <li>No problems identified yet.
1.39 deraadt 147: </ul>
1.177 deraadt 148: <p>
1.355 deraadt 149: <a name=sparc64></a>
150: <li><h3><font color=#e00000>sparc64</font></h3>
1.93 deraadt 151: <ul>
1.384 deraadt 152: <li>No problems identified yet.
1.25 deraadt 153: </ul>
1.155 deraadt 154: <p>
1.355 deraadt 155: <a name=amiga></a>
156: <li><h3><font color=#e00000>amiga</font></h3>
1.25 deraadt 157: <ul>
1.281 deraadt 158: <li>No problems identified yet.
1.25 deraadt 159: </ul>
1.155 deraadt 160: <p>
1.281 deraadt 161: <a name=hp300></a>
162: <li><h3><font color=#e00000>hp300</font></h3>
1.59 deraadt 163: <ul>
1.323 deraadt 164: <li>No problems identified yet.
1.59 deraadt 165: </ul>
1.155 deraadt 166: <p>
1.281 deraadt 167: <a name=mvme68k></a>
168: <li><h3><font color=#e00000>mvme68k</font></h3>
1.56 deraadt 169: <ul>
1.323 deraadt 170: <li>No problems identified yet.
1.56 deraadt 171: </ul>
1.155 deraadt 172: <p>
1.355 deraadt 173: <a name=macppc></a>
174: <li><h3><font color=#e00000>macppc</font></h3>
1.110 millert 175: <ul>
1.384 deraadt 176: <li>No problems identified yet.
1.385 hugh 177: </ul>
1.386 hugh 178: <p>
1.281 deraadt 179: <a name=vax></a>
180: <li><h3><font color=#e00000>vax</font></h3>
1.25 deraadt 181: <ul>
1.232 deraadt 182: <li>No problems identified yet.
1.25 deraadt 183: </ul>
1.144 deraadt 184:
1.197 deraadt 185: </dl>
1.25 deraadt 186: <br>
1.75 deraadt 187:
1.25 deraadt 188: <hr>
1.240 jason 189: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.381 espie 190: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 191: <br>
1.419 deraadt 192: For errata on a certain release, click below:<br>
1.418 deraadt 193: <a href="errata21.html">2.1</a>,
194: <a href="errata22.html">2.2</a>,
195: <a href="errata23.html">2.3</a>,
196: <a href="errata24.html">2.4</a>,
197: <a href="errata25.html">2.5</a>,
198: <a href="errata26.html">2.6</a>,
199: <a href="errata27.html">2.7</a>,
200: <a href="errata28.html">2.8</a>,
201: <a href="errata29.html">2.9</a>,
202: <a href="errata30.html">3.0</a>,
203: <a href="errata31.html">3.1</a>.
204: <br>
205:
1.2 deraadt 206: <hr>
1.186 deraadt 207: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.2 deraadt 208: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.426 ! margarid 209: <br><small>$OpenBSD: errata.html,v 1.425 2003/01/21 03:47:10 millert Exp $</small>
1.2 deraadt 210:
211: </body>
212: </html>