Annotation of www/errata.html, Revision 1.430
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.417 miod 4: <title>OpenBSD 3.2 errata</title>
1.1 deraadt 5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
1.372 horacio 10: <meta name="copyright" content="This document copyright 1997-2002 by OpenBSD.">
1.1 deraadt 11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
1.394 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.68 deraadt 16: <h2><font color=#0000e0>
1.417 miod 17: This is the OpenBSD 3.2 release errata & patch list:
1.94 deraadt 18:
1.96 deraadt 19: </font></h2>
20:
1.94 deraadt 21: <hr>
1.240 jason 22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.380 espie 23: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 24: <br>
1.419 deraadt 25: For errata on a certain release, click below:<br>
1.418 deraadt 26: <a href="errata21.html">2.1</a>,
27: <a href="errata22.html">2.2</a>,
28: <a href="errata23.html">2.3</a>,
29: <a href="errata24.html">2.4</a>,
30: <a href="errata25.html">2.5</a>,
31: <a href="errata26.html">2.6</a>,
32: <a href="errata27.html">2.7</a>,
33: <a href="errata28.html">2.8</a>,
34: <a href="errata29.html">2.9</a>,
35: <a href="errata30.html">3.0</a>,
36: <a href="errata31.html">3.1</a>.
37: <br>
1.94 deraadt 38: <hr>
39:
1.417 miod 40: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2.tar.gz>
1.142 deraadt 41: You can also fetch a tar.gz file containing all the following patches</a>.
42: This file is updated once a day.
43:
1.240 jason 44: <p> The patches below are available in CVS via the
1.420 deraadt 45: <code>OPENBSD_3_2</code> <a href="stable.html">patch branch</a>.
1.278 ericj 46:
47: <p>
1.420 deraadt 48: For more detailed information on how to install patches to OpenBSD, please
1.409 jufi 49: consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
1.142 deraadt 50: <hr>
51:
1.197 deraadt 52: <dl>
1.43 deraadt 53: <a name=all></a>
1.67 deraadt 54: <li><h3><font color=#e00000>All architectures</font></h3>
1.25 deraadt 55: <ul>
1.430 ! margarid 56: <a name=httpd></a>
! 57: <li><font color=#009000><strong>008: SECURITY FIX: February 25, 2003</strong></font><br>
! 58: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.</br>
! 59: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">A source code patch exists which fixes these two issues</a>.
! 60: <p>
1.426 margarid 61: <a name=ssl></a>
62: <li><font color=#009000><strong>007: SECURITY FIX: February 22, 2003</strong></font><br>
1.427 margarid 63: In
64: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation
1.429 brad 65: even if incorrrect block cipher padding has been found, this is a
66: countermeasure. Also, check for negative sizes in memory allocation routines.<br>
1.426 margarid 67: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/007_ssl.patch">A
68: source code patch exists which fixes these two issues</a>.
69: <p>
1.425 millert 70: <a name=cvs></a>
71: <li><font color=#009000><strong>006: SECURITY FIX: January 20, 2003</strong></font><br>
72: A double free in
73: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a>
74: could allow an attacker to execute code with the privileges of the
75: user running cvs. This is only an issue when the cvs command is
76: being run on a user's behalf as a different user. This means that,
77: in most cases, the issue only exists for cvs configurations that use
1.429 brad 78: the <em>pserver</em> client/server connection method.<br>
1.425 millert 79: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/006_cvs.patch">A
80: source code patch exists which remedies the problem</a>.
81: <p>
1.423 millert 82: <a name=named></a>
83: <li><font color=#009000><strong>005: SECURITY FIX: November 14, 2002</strong></font><br>
84: A buffer overflow in
85: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>
86: could allow an attacker to execute code with the privileges of named.
87: On OpenBSD, named runs as a non-root user in a chrooted environment
1.424 millert 88: which mitigates the effects of this bug.<br>
1.423 millert 89: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/005_named.patch">A
90: source code patch exists which remedies the problem</a>.
91: <p>
1.422 miod 92: <a name=pool></a>
93: <li><font color=#009000><strong>004: RELIABILITY FIX: November 6, 2002</strong></font><br>
94: A logic error in the
95: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool</a>
96: kernel memory allocator could cause memory corruption in low-memory situations,
97: causing the system to crash.<br>
98: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/004_pool.patch">A
99: source code patch exists which remedies the problem</a>.
100: <p>
101: <a name=smrsh></a>
102: <li><font color=#009000><strong>003: SECURITY FIX: November 6, 2002</strong></font><br>
103: An attacker can bypass the restrictions imposed by sendmail's restricted shell,
104: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>,
105: and execute arbitrary commands with the privileges of his own account.<br>
106: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/003_smrsh.patch">A
107: source code patch exists which remedies the problem</a>.
108: <p>
109: <a name=pfbridge></a>
110: <li><font color=#009000><strong>002: RELIABILITY FIX: November 6, 2002</strong></font><br>
111: Network
112: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridges</a>
113: running
114: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf</a>
115: with scrubbing enabled could cause mbuf corruption,
116: causing the system to crash.<br>
117: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/002_pfbridge.patch">A
118: source code patch exists which remedies the problem</a>.
119: <p>
1.421 miod 120: <a name=kadmin></a>
121: <li><font color=#009000><strong>001: SECURITY FIX: October 21, 2002</strong></font><br>
122: A buffer overflow can occur in the
123: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a>
124: daemon, leading to possible remote crash or exploit.<br>
125: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch">A source code patch exists which remedies the problem</a>.
126: <p>
1.25 deraadt 127: </ul>
1.177 deraadt 128: <p>
1.42 deraadt 129: <a name=i386></a>
1.67 deraadt 130: <li><h3><font color=#e00000>i386</font></h3>
1.25 deraadt 131: <ul>
1.384 deraadt 132: <li>No problems identified yet.
1.323 deraadt 133: </ul>
1.285 deraadt 134: <p>
1.323 deraadt 135: <a name=alpha></a>
136: <li><h3><font color=#e00000>alpha</font></h3>
137: <ul>
138: <li>No problems identified yet.
1.39 deraadt 139: </ul>
1.155 deraadt 140: <p>
1.47 deraadt 141: <a name=mac68k></a>
1.67 deraadt 142: <li><h3><font color=#e00000>mac68k</font></h3>
1.39 deraadt 143: <ul>
1.323 deraadt 144: <li>No problems identified yet.
1.25 deraadt 145: </ul>
1.155 deraadt 146: <p>
1.65 deraadt 147: <a name=sparc></a>
1.67 deraadt 148: <li><h3><font color=#e00000>sparc</font></h3>
1.25 deraadt 149: <ul>
1.323 deraadt 150: <li>No problems identified yet.
1.39 deraadt 151: </ul>
1.177 deraadt 152: <p>
1.355 deraadt 153: <a name=sparc64></a>
154: <li><h3><font color=#e00000>sparc64</font></h3>
1.93 deraadt 155: <ul>
1.384 deraadt 156: <li>No problems identified yet.
1.25 deraadt 157: </ul>
1.155 deraadt 158: <p>
1.355 deraadt 159: <a name=amiga></a>
160: <li><h3><font color=#e00000>amiga</font></h3>
1.25 deraadt 161: <ul>
1.281 deraadt 162: <li>No problems identified yet.
1.25 deraadt 163: </ul>
1.155 deraadt 164: <p>
1.281 deraadt 165: <a name=hp300></a>
166: <li><h3><font color=#e00000>hp300</font></h3>
1.59 deraadt 167: <ul>
1.323 deraadt 168: <li>No problems identified yet.
1.59 deraadt 169: </ul>
1.155 deraadt 170: <p>
1.281 deraadt 171: <a name=mvme68k></a>
172: <li><h3><font color=#e00000>mvme68k</font></h3>
1.56 deraadt 173: <ul>
1.323 deraadt 174: <li>No problems identified yet.
1.56 deraadt 175: </ul>
1.155 deraadt 176: <p>
1.355 deraadt 177: <a name=macppc></a>
178: <li><h3><font color=#e00000>macppc</font></h3>
1.110 millert 179: <ul>
1.384 deraadt 180: <li>No problems identified yet.
1.385 hugh 181: </ul>
1.386 hugh 182: <p>
1.281 deraadt 183: <a name=vax></a>
184: <li><h3><font color=#e00000>vax</font></h3>
1.25 deraadt 185: <ul>
1.232 deraadt 186: <li>No problems identified yet.
1.25 deraadt 187: </ul>
1.144 deraadt 188:
1.197 deraadt 189: </dl>
1.25 deraadt 190: <br>
1.75 deraadt 191:
1.25 deraadt 192: <hr>
1.240 jason 193: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.381 espie 194: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 195: <br>
1.419 deraadt 196: For errata on a certain release, click below:<br>
1.418 deraadt 197: <a href="errata21.html">2.1</a>,
198: <a href="errata22.html">2.2</a>,
199: <a href="errata23.html">2.3</a>,
200: <a href="errata24.html">2.4</a>,
201: <a href="errata25.html">2.5</a>,
202: <a href="errata26.html">2.6</a>,
203: <a href="errata27.html">2.7</a>,
204: <a href="errata28.html">2.8</a>,
205: <a href="errata29.html">2.9</a>,
206: <a href="errata30.html">3.0</a>,
207: <a href="errata31.html">3.1</a>.
208: <br>
209:
1.2 deraadt 210: <hr>
1.186 deraadt 211: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.2 deraadt 212: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.430 ! margarid 213: <br><small>$OpenBSD: errata.html,v 1.429 2003/02/23 20:21:41 brad Exp $</small>
1.2 deraadt 214:
215: </body>
216: </html>