Annotation of www/errata.html, Revision 1.435
1.435 ! naddy 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 deraadt 2: <html>
3: <head>
1.417 miod 4: <title>OpenBSD 3.2 errata</title>
1.435 ! naddy 5: <link rev=made href="mailto:www@openbsd.org">
1.1 deraadt 6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
1.372 horacio 10: <meta name="copyright" content="This document copyright 1997-2002 by OpenBSD.">
1.1 deraadt 11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
1.394 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.435 ! naddy 16: <h2><font color="#0000e0">
1.417 miod 17: This is the OpenBSD 3.2 release errata & patch list:
1.94 deraadt 18:
1.96 deraadt 19: </font></h2>
20:
1.94 deraadt 21: <hr>
1.240 jason 22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.380 espie 23: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 24: <br>
1.419 deraadt 25: For errata on a certain release, click below:<br>
1.418 deraadt 26: <a href="errata21.html">2.1</a>,
27: <a href="errata22.html">2.2</a>,
28: <a href="errata23.html">2.3</a>,
29: <a href="errata24.html">2.4</a>,
30: <a href="errata25.html">2.5</a>,
31: <a href="errata26.html">2.6</a>,
32: <a href="errata27.html">2.7</a>,
33: <a href="errata28.html">2.8</a>,
34: <a href="errata29.html">2.9</a>,
35: <a href="errata30.html">3.0</a>,
36: <a href="errata31.html">3.1</a>.
37: <br>
1.94 deraadt 38: <hr>
39:
1.435 ! naddy 40: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2.tar.gz">
1.142 deraadt 41: You can also fetch a tar.gz file containing all the following patches</a>.
42: This file is updated once a day.
43:
1.240 jason 44: <p> The patches below are available in CVS via the
1.420 deraadt 45: <code>OPENBSD_3_2</code> <a href="stable.html">patch branch</a>.
1.278 ericj 46:
47: <p>
1.420 deraadt 48: For more detailed information on how to install patches to OpenBSD, please
1.409 jufi 49: consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
1.142 deraadt 50: <hr>
51:
1.197 deraadt 52: <dl>
1.43 deraadt 53: <a name=all></a>
1.435 ! naddy 54: <li><h3><font color="#e00000">All architectures</font></h3>
1.25 deraadt 55: <ul>
1.434 millert 56: <a name=lprm></a>
1.435 ! naddy 57: <li><font color="#009000"><strong>010: SECURITY FIX: March 5, 2003</strong></font><br>
1.434 millert 58: A fix for an
59: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a>
60: bug made in 1996 contains an error that could lead to privilege escalation.
61: For OpenBSD 3.2 the impact is limited since
62: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a>
63: is setuid daemon, not setuid root.
64: <br>
65: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch">A
66: source code patch exists which remedies the problem</a>.
67: <p>
1.431 miod 68: <a name=sendmail></a>
1.435 ! naddy 69: <li><font color="#009000"><strong>009: SECURITY FIX: March 3, 2003</strong></font><br>
1.431 miod 70: A buffer overflow in the envelope comments processing in
71: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
72: may allow an attacker to gain root privileges.<br>
73: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/009_sendmail.patch">A
1.432 jufi 74: source code patch exists which remedies the problem</a>.
1.431 miod 75: <p>
1.430 margarid 76: <a name=httpd></a>
1.435 ! naddy 77: <li><font color="#009000"><strong>008: SECURITY FIX: February 25, 2003</strong></font><br>
1.431 miod 78: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.<br>
1.430 margarid 79: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">A source code patch exists which fixes these two issues</a>.
80: <p>
1.426 margarid 81: <a name=ssl></a>
1.435 ! naddy 82: <li><font color="#009000"><strong>007: SECURITY FIX: February 22, 2003</strong></font><br>
1.427 margarid 83: In
84: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation
1.433 nick 85: even if incorrect block cipher padding has been found, this is a
1.429 brad 86: countermeasure. Also, check for negative sizes in memory allocation routines.<br>
1.426 margarid 87: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/007_ssl.patch">A
88: source code patch exists which fixes these two issues</a>.
89: <p>
1.425 millert 90: <a name=cvs></a>
1.435 ! naddy 91: <li><font color="#009000"><strong>006: SECURITY FIX: January 20, 2003</strong></font><br>
1.425 millert 92: A double free in
93: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a>
94: could allow an attacker to execute code with the privileges of the
95: user running cvs. This is only an issue when the cvs command is
96: being run on a user's behalf as a different user. This means that,
97: in most cases, the issue only exists for cvs configurations that use
1.429 brad 98: the <em>pserver</em> client/server connection method.<br>
1.425 millert 99: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/006_cvs.patch">A
100: source code patch exists which remedies the problem</a>.
101: <p>
1.423 millert 102: <a name=named></a>
1.435 ! naddy 103: <li><font color="#009000"><strong>005: SECURITY FIX: November 14, 2002</strong></font><br>
1.423 millert 104: A buffer overflow in
105: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>
106: could allow an attacker to execute code with the privileges of named.
107: On OpenBSD, named runs as a non-root user in a chrooted environment
1.424 millert 108: which mitigates the effects of this bug.<br>
1.423 millert 109: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/005_named.patch">A
110: source code patch exists which remedies the problem</a>.
111: <p>
1.422 miod 112: <a name=pool></a>
1.435 ! naddy 113: <li><font color="#009000"><strong>004: RELIABILITY FIX: November 6, 2002</strong></font><br>
1.422 miod 114: A logic error in the
115: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool</a>
116: kernel memory allocator could cause memory corruption in low-memory situations,
117: causing the system to crash.<br>
118: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/004_pool.patch">A
119: source code patch exists which remedies the problem</a>.
120: <p>
121: <a name=smrsh></a>
1.435 ! naddy 122: <li><font color="#009000"><strong>003: SECURITY FIX: November 6, 2002</strong></font><br>
1.422 miod 123: An attacker can bypass the restrictions imposed by sendmail's restricted shell,
124: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>,
125: and execute arbitrary commands with the privileges of his own account.<br>
126: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/003_smrsh.patch">A
127: source code patch exists which remedies the problem</a>.
128: <p>
129: <a name=pfbridge></a>
1.435 ! naddy 130: <li><font color="#009000"><strong>002: RELIABILITY FIX: November 6, 2002</strong></font><br>
1.422 miod 131: Network
132: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridges</a>
133: running
134: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf</a>
135: with scrubbing enabled could cause mbuf corruption,
136: causing the system to crash.<br>
137: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/002_pfbridge.patch">A
138: source code patch exists which remedies the problem</a>.
139: <p>
1.421 miod 140: <a name=kadmin></a>
1.435 ! naddy 141: <li><font color="#009000"><strong>001: SECURITY FIX: October 21, 2002</strong></font><br>
1.421 miod 142: A buffer overflow can occur in the
143: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a>
144: daemon, leading to possible remote crash or exploit.<br>
145: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch">A source code patch exists which remedies the problem</a>.
146: <p>
1.25 deraadt 147: </ul>
1.177 deraadt 148: <p>
1.42 deraadt 149: <a name=i386></a>
1.435 ! naddy 150: <li><h3><font color="#e00000">i386</font></h3>
1.25 deraadt 151: <ul>
1.384 deraadt 152: <li>No problems identified yet.
1.323 deraadt 153: </ul>
1.285 deraadt 154: <p>
1.323 deraadt 155: <a name=alpha></a>
1.435 ! naddy 156: <li><h3><font color="#e00000">alpha</font></h3>
1.323 deraadt 157: <ul>
158: <li>No problems identified yet.
1.39 deraadt 159: </ul>
1.155 deraadt 160: <p>
1.47 deraadt 161: <a name=mac68k></a>
1.435 ! naddy 162: <li><h3><font color="#e00000">mac68k</font></h3>
1.39 deraadt 163: <ul>
1.323 deraadt 164: <li>No problems identified yet.
1.25 deraadt 165: </ul>
1.155 deraadt 166: <p>
1.65 deraadt 167: <a name=sparc></a>
1.435 ! naddy 168: <li><h3><font color="#e00000">sparc</font></h3>
1.25 deraadt 169: <ul>
1.323 deraadt 170: <li>No problems identified yet.
1.39 deraadt 171: </ul>
1.177 deraadt 172: <p>
1.355 deraadt 173: <a name=sparc64></a>
1.435 ! naddy 174: <li><h3><font color="#e00000">sparc64</font></h3>
1.93 deraadt 175: <ul>
1.384 deraadt 176: <li>No problems identified yet.
1.25 deraadt 177: </ul>
1.155 deraadt 178: <p>
1.355 deraadt 179: <a name=amiga></a>
1.435 ! naddy 180: <li><h3><font color="#e00000">amiga</font></h3>
1.25 deraadt 181: <ul>
1.281 deraadt 182: <li>No problems identified yet.
1.25 deraadt 183: </ul>
1.155 deraadt 184: <p>
1.281 deraadt 185: <a name=hp300></a>
1.435 ! naddy 186: <li><h3><font color="#e00000">hp300</font></h3>
1.59 deraadt 187: <ul>
1.323 deraadt 188: <li>No problems identified yet.
1.59 deraadt 189: </ul>
1.155 deraadt 190: <p>
1.281 deraadt 191: <a name=mvme68k></a>
1.435 ! naddy 192: <li><h3><font color="#e00000">mvme68k</font></h3>
1.56 deraadt 193: <ul>
1.323 deraadt 194: <li>No problems identified yet.
1.56 deraadt 195: </ul>
1.155 deraadt 196: <p>
1.355 deraadt 197: <a name=macppc></a>
1.435 ! naddy 198: <li><h3><font color="#e00000">macppc</font></h3>
1.110 millert 199: <ul>
1.384 deraadt 200: <li>No problems identified yet.
1.385 hugh 201: </ul>
1.386 hugh 202: <p>
1.281 deraadt 203: <a name=vax></a>
1.435 ! naddy 204: <li><h3><font color="#e00000">vax</font></h3>
1.25 deraadt 205: <ul>
1.232 deraadt 206: <li>No problems identified yet.
1.25 deraadt 207: </ul>
1.144 deraadt 208:
1.197 deraadt 209: </dl>
1.25 deraadt 210: <br>
1.75 deraadt 211:
1.25 deraadt 212: <hr>
1.240 jason 213: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.381 espie 214: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 215: <br>
1.419 deraadt 216: For errata on a certain release, click below:<br>
1.418 deraadt 217: <a href="errata21.html">2.1</a>,
218: <a href="errata22.html">2.2</a>,
219: <a href="errata23.html">2.3</a>,
220: <a href="errata24.html">2.4</a>,
221: <a href="errata25.html">2.5</a>,
222: <a href="errata26.html">2.6</a>,
223: <a href="errata27.html">2.7</a>,
224: <a href="errata28.html">2.8</a>,
225: <a href="errata29.html">2.9</a>,
226: <a href="errata30.html">3.0</a>,
227: <a href="errata31.html">3.1</a>.
228: <br>
229:
1.2 deraadt 230: <hr>
1.186 deraadt 231: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.435 ! naddy 232: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
! 233: <br><small>$OpenBSD: errata.html,v 1.434 2003/03/05 19:58:18 millert Exp $</small>
1.2 deraadt 234:
235: </body>
236: </html>