Annotation of www/errata.html, Revision 1.433
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.417 miod 4: <title>OpenBSD 3.2 errata</title>
1.1 deraadt 5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
1.372 horacio 10: <meta name="copyright" content="This document copyright 1997-2002 by OpenBSD.">
1.1 deraadt 11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
1.394 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.68 deraadt 16: <h2><font color=#0000e0>
1.417 miod 17: This is the OpenBSD 3.2 release errata & patch list:
1.94 deraadt 18:
1.96 deraadt 19: </font></h2>
20:
1.94 deraadt 21: <hr>
1.240 jason 22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.380 espie 23: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 24: <br>
1.419 deraadt 25: For errata on a certain release, click below:<br>
1.418 deraadt 26: <a href="errata21.html">2.1</a>,
27: <a href="errata22.html">2.2</a>,
28: <a href="errata23.html">2.3</a>,
29: <a href="errata24.html">2.4</a>,
30: <a href="errata25.html">2.5</a>,
31: <a href="errata26.html">2.6</a>,
32: <a href="errata27.html">2.7</a>,
33: <a href="errata28.html">2.8</a>,
34: <a href="errata29.html">2.9</a>,
35: <a href="errata30.html">3.0</a>,
36: <a href="errata31.html">3.1</a>.
37: <br>
1.94 deraadt 38: <hr>
39:
1.417 miod 40: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2.tar.gz>
1.142 deraadt 41: You can also fetch a tar.gz file containing all the following patches</a>.
42: This file is updated once a day.
43:
1.240 jason 44: <p> The patches below are available in CVS via the
1.420 deraadt 45: <code>OPENBSD_3_2</code> <a href="stable.html">patch branch</a>.
1.278 ericj 46:
47: <p>
1.420 deraadt 48: For more detailed information on how to install patches to OpenBSD, please
1.409 jufi 49: consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
1.142 deraadt 50: <hr>
51:
1.197 deraadt 52: <dl>
1.43 deraadt 53: <a name=all></a>
1.67 deraadt 54: <li><h3><font color=#e00000>All architectures</font></h3>
1.25 deraadt 55: <ul>
1.431 miod 56: <a name=sendmail></a>
57: <li><font color=#009000><strong>009: SECURITY FIX: March 3, 2003</strong></font><br>
58: A buffer overflow in the envelope comments processing in
59: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
60: may allow an attacker to gain root privileges.<br>
61: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/009_sendmail.patch">A
1.432 jufi 62: source code patch exists which remedies the problem</a>.
1.431 miod 63: <p>
1.430 margarid 64: <a name=httpd></a>
65: <li><font color=#009000><strong>008: SECURITY FIX: February 25, 2003</strong></font><br>
1.431 miod 66: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.<br>
1.430 margarid 67: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">A source code patch exists which fixes these two issues</a>.
68: <p>
1.426 margarid 69: <a name=ssl></a>
70: <li><font color=#009000><strong>007: SECURITY FIX: February 22, 2003</strong></font><br>
1.427 margarid 71: In
72: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation
1.433 ! nick 73: even if incorrect block cipher padding has been found, this is a
1.429 brad 74: countermeasure. Also, check for negative sizes in memory allocation routines.<br>
1.426 margarid 75: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/007_ssl.patch">A
76: source code patch exists which fixes these two issues</a>.
77: <p>
1.425 millert 78: <a name=cvs></a>
79: <li><font color=#009000><strong>006: SECURITY FIX: January 20, 2003</strong></font><br>
80: A double free in
81: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a>
82: could allow an attacker to execute code with the privileges of the
83: user running cvs. This is only an issue when the cvs command is
84: being run on a user's behalf as a different user. This means that,
85: in most cases, the issue only exists for cvs configurations that use
1.429 brad 86: the <em>pserver</em> client/server connection method.<br>
1.425 millert 87: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/006_cvs.patch">A
88: source code patch exists which remedies the problem</a>.
89: <p>
1.423 millert 90: <a name=named></a>
91: <li><font color=#009000><strong>005: SECURITY FIX: November 14, 2002</strong></font><br>
92: A buffer overflow in
93: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>
94: could allow an attacker to execute code with the privileges of named.
95: On OpenBSD, named runs as a non-root user in a chrooted environment
1.424 millert 96: which mitigates the effects of this bug.<br>
1.423 millert 97: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/005_named.patch">A
98: source code patch exists which remedies the problem</a>.
99: <p>
1.422 miod 100: <a name=pool></a>
101: <li><font color=#009000><strong>004: RELIABILITY FIX: November 6, 2002</strong></font><br>
102: A logic error in the
103: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool</a>
104: kernel memory allocator could cause memory corruption in low-memory situations,
105: causing the system to crash.<br>
106: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/004_pool.patch">A
107: source code patch exists which remedies the problem</a>.
108: <p>
109: <a name=smrsh></a>
110: <li><font color=#009000><strong>003: SECURITY FIX: November 6, 2002</strong></font><br>
111: An attacker can bypass the restrictions imposed by sendmail's restricted shell,
112: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>,
113: and execute arbitrary commands with the privileges of his own account.<br>
114: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/003_smrsh.patch">A
115: source code patch exists which remedies the problem</a>.
116: <p>
117: <a name=pfbridge></a>
118: <li><font color=#009000><strong>002: RELIABILITY FIX: November 6, 2002</strong></font><br>
119: Network
120: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridges</a>
121: running
122: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf</a>
123: with scrubbing enabled could cause mbuf corruption,
124: causing the system to crash.<br>
125: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/002_pfbridge.patch">A
126: source code patch exists which remedies the problem</a>.
127: <p>
1.421 miod 128: <a name=kadmin></a>
129: <li><font color=#009000><strong>001: SECURITY FIX: October 21, 2002</strong></font><br>
130: A buffer overflow can occur in the
131: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a>
132: daemon, leading to possible remote crash or exploit.<br>
133: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch">A source code patch exists which remedies the problem</a>.
134: <p>
1.25 deraadt 135: </ul>
1.177 deraadt 136: <p>
1.42 deraadt 137: <a name=i386></a>
1.67 deraadt 138: <li><h3><font color=#e00000>i386</font></h3>
1.25 deraadt 139: <ul>
1.384 deraadt 140: <li>No problems identified yet.
1.323 deraadt 141: </ul>
1.285 deraadt 142: <p>
1.323 deraadt 143: <a name=alpha></a>
144: <li><h3><font color=#e00000>alpha</font></h3>
145: <ul>
146: <li>No problems identified yet.
1.39 deraadt 147: </ul>
1.155 deraadt 148: <p>
1.47 deraadt 149: <a name=mac68k></a>
1.67 deraadt 150: <li><h3><font color=#e00000>mac68k</font></h3>
1.39 deraadt 151: <ul>
1.323 deraadt 152: <li>No problems identified yet.
1.25 deraadt 153: </ul>
1.155 deraadt 154: <p>
1.65 deraadt 155: <a name=sparc></a>
1.67 deraadt 156: <li><h3><font color=#e00000>sparc</font></h3>
1.25 deraadt 157: <ul>
1.323 deraadt 158: <li>No problems identified yet.
1.39 deraadt 159: </ul>
1.177 deraadt 160: <p>
1.355 deraadt 161: <a name=sparc64></a>
162: <li><h3><font color=#e00000>sparc64</font></h3>
1.93 deraadt 163: <ul>
1.384 deraadt 164: <li>No problems identified yet.
1.25 deraadt 165: </ul>
1.155 deraadt 166: <p>
1.355 deraadt 167: <a name=amiga></a>
168: <li><h3><font color=#e00000>amiga</font></h3>
1.25 deraadt 169: <ul>
1.281 deraadt 170: <li>No problems identified yet.
1.25 deraadt 171: </ul>
1.155 deraadt 172: <p>
1.281 deraadt 173: <a name=hp300></a>
174: <li><h3><font color=#e00000>hp300</font></h3>
1.59 deraadt 175: <ul>
1.323 deraadt 176: <li>No problems identified yet.
1.59 deraadt 177: </ul>
1.155 deraadt 178: <p>
1.281 deraadt 179: <a name=mvme68k></a>
180: <li><h3><font color=#e00000>mvme68k</font></h3>
1.56 deraadt 181: <ul>
1.323 deraadt 182: <li>No problems identified yet.
1.56 deraadt 183: </ul>
1.155 deraadt 184: <p>
1.355 deraadt 185: <a name=macppc></a>
186: <li><h3><font color=#e00000>macppc</font></h3>
1.110 millert 187: <ul>
1.384 deraadt 188: <li>No problems identified yet.
1.385 hugh 189: </ul>
1.386 hugh 190: <p>
1.281 deraadt 191: <a name=vax></a>
192: <li><h3><font color=#e00000>vax</font></h3>
1.25 deraadt 193: <ul>
1.232 deraadt 194: <li>No problems identified yet.
1.25 deraadt 195: </ul>
1.144 deraadt 196:
1.197 deraadt 197: </dl>
1.25 deraadt 198: <br>
1.75 deraadt 199:
1.25 deraadt 200: <hr>
1.240 jason 201: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.381 espie 202: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 203: <br>
1.419 deraadt 204: For errata on a certain release, click below:<br>
1.418 deraadt 205: <a href="errata21.html">2.1</a>,
206: <a href="errata22.html">2.2</a>,
207: <a href="errata23.html">2.3</a>,
208: <a href="errata24.html">2.4</a>,
209: <a href="errata25.html">2.5</a>,
210: <a href="errata26.html">2.6</a>,
211: <a href="errata27.html">2.7</a>,
212: <a href="errata28.html">2.8</a>,
213: <a href="errata29.html">2.9</a>,
214: <a href="errata30.html">3.0</a>,
215: <a href="errata31.html">3.1</a>.
216: <br>
217:
1.2 deraadt 218: <hr>
1.186 deraadt 219: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.2 deraadt 220: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.433 ! nick 221: <br><small>$OpenBSD: errata.html,v 1.432 2003/03/03 18:16:12 jufi Exp $</small>
1.2 deraadt 222:
223: </body>
224: </html>