Annotation of www/errata.html, Revision 1.436
1.435 naddy 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 deraadt 2: <html>
3: <head>
1.417 miod 4: <title>OpenBSD 3.2 errata</title>
1.435 naddy 5: <link rev=made href="mailto:www@openbsd.org">
1.1 deraadt 6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
1.372 horacio 10: <meta name="copyright" content="This document copyright 1997-2002 by OpenBSD.">
1.1 deraadt 11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
1.394 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.435 naddy 16: <h2><font color="#0000e0">
1.417 miod 17: This is the OpenBSD 3.2 release errata & patch list:
1.94 deraadt 18:
1.96 deraadt 19: </font></h2>
20:
1.94 deraadt 21: <hr>
1.240 jason 22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.380 espie 23: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 24: <br>
1.419 deraadt 25: For errata on a certain release, click below:<br>
1.418 deraadt 26: <a href="errata21.html">2.1</a>,
27: <a href="errata22.html">2.2</a>,
28: <a href="errata23.html">2.3</a>,
29: <a href="errata24.html">2.4</a>,
30: <a href="errata25.html">2.5</a>,
31: <a href="errata26.html">2.6</a>,
32: <a href="errata27.html">2.7</a>,
33: <a href="errata28.html">2.8</a>,
34: <a href="errata29.html">2.9</a>,
35: <a href="errata30.html">3.0</a>,
36: <a href="errata31.html">3.1</a>.
37: <br>
1.94 deraadt 38: <hr>
39:
1.435 naddy 40: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2.tar.gz">
1.142 deraadt 41: You can also fetch a tar.gz file containing all the following patches</a>.
42: This file is updated once a day.
43:
1.240 jason 44: <p> The patches below are available in CVS via the
1.420 deraadt 45: <code>OPENBSD_3_2</code> <a href="stable.html">patch branch</a>.
1.278 ericj 46:
47: <p>
1.420 deraadt 48: For more detailed information on how to install patches to OpenBSD, please
1.409 jufi 49: consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
1.142 deraadt 50: <hr>
51:
1.197 deraadt 52: <dl>
1.43 deraadt 53: <a name=all></a>
1.435 naddy 54: <li><h3><font color="#e00000">All architectures</font></h3>
1.25 deraadt 55: <ul>
1.436 ! miod 56: <a name=blinding></a>
! 57: <li><font color="#009000"><strong>011: SECURITY FIX: March 18, 2003</strong></font><br>
! 58: Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.
! 59: <br>
! 60: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/011_blinding.patch">An
! 61: ``RSA blinding'' source code patch exists which remedies the problem</a>.
! 62: <p>
1.434 millert 63: <a name=lprm></a>
1.435 naddy 64: <li><font color="#009000"><strong>010: SECURITY FIX: March 5, 2003</strong></font><br>
1.434 millert 65: A fix for an
66: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a>
67: bug made in 1996 contains an error that could lead to privilege escalation.
68: For OpenBSD 3.2 the impact is limited since
69: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a>
70: is setuid daemon, not setuid root.
71: <br>
72: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch">A
73: source code patch exists which remedies the problem</a>.
74: <p>
1.431 miod 75: <a name=sendmail></a>
1.435 naddy 76: <li><font color="#009000"><strong>009: SECURITY FIX: March 3, 2003</strong></font><br>
1.431 miod 77: A buffer overflow in the envelope comments processing in
78: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
79: may allow an attacker to gain root privileges.<br>
80: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/009_sendmail.patch">A
1.432 jufi 81: source code patch exists which remedies the problem</a>.
1.431 miod 82: <p>
1.430 margarid 83: <a name=httpd></a>
1.435 naddy 84: <li><font color="#009000"><strong>008: SECURITY FIX: February 25, 2003</strong></font><br>
1.431 miod 85: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.<br>
1.430 margarid 86: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">A source code patch exists which fixes these two issues</a>.
87: <p>
1.426 margarid 88: <a name=ssl></a>
1.435 naddy 89: <li><font color="#009000"><strong>007: SECURITY FIX: February 22, 2003</strong></font><br>
1.427 margarid 90: In
91: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation
1.433 nick 92: even if incorrect block cipher padding has been found, this is a
1.429 brad 93: countermeasure. Also, check for negative sizes in memory allocation routines.<br>
1.426 margarid 94: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/007_ssl.patch">A
95: source code patch exists which fixes these two issues</a>.
96: <p>
1.425 millert 97: <a name=cvs></a>
1.435 naddy 98: <li><font color="#009000"><strong>006: SECURITY FIX: January 20, 2003</strong></font><br>
1.425 millert 99: A double free in
100: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a>
101: could allow an attacker to execute code with the privileges of the
102: user running cvs. This is only an issue when the cvs command is
103: being run on a user's behalf as a different user. This means that,
104: in most cases, the issue only exists for cvs configurations that use
1.429 brad 105: the <em>pserver</em> client/server connection method.<br>
1.425 millert 106: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/006_cvs.patch">A
107: source code patch exists which remedies the problem</a>.
108: <p>
1.423 millert 109: <a name=named></a>
1.435 naddy 110: <li><font color="#009000"><strong>005: SECURITY FIX: November 14, 2002</strong></font><br>
1.423 millert 111: A buffer overflow in
112: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>
113: could allow an attacker to execute code with the privileges of named.
114: On OpenBSD, named runs as a non-root user in a chrooted environment
1.424 millert 115: which mitigates the effects of this bug.<br>
1.423 millert 116: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/005_named.patch">A
117: source code patch exists which remedies the problem</a>.
118: <p>
1.422 miod 119: <a name=pool></a>
1.435 naddy 120: <li><font color="#009000"><strong>004: RELIABILITY FIX: November 6, 2002</strong></font><br>
1.422 miod 121: A logic error in the
122: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool</a>
123: kernel memory allocator could cause memory corruption in low-memory situations,
124: causing the system to crash.<br>
125: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/004_pool.patch">A
126: source code patch exists which remedies the problem</a>.
127: <p>
128: <a name=smrsh></a>
1.435 naddy 129: <li><font color="#009000"><strong>003: SECURITY FIX: November 6, 2002</strong></font><br>
1.422 miod 130: An attacker can bypass the restrictions imposed by sendmail's restricted shell,
131: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>,
132: and execute arbitrary commands with the privileges of his own account.<br>
133: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/003_smrsh.patch">A
134: source code patch exists which remedies the problem</a>.
135: <p>
136: <a name=pfbridge></a>
1.435 naddy 137: <li><font color="#009000"><strong>002: RELIABILITY FIX: November 6, 2002</strong></font><br>
1.422 miod 138: Network
139: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridges</a>
140: running
141: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf</a>
142: with scrubbing enabled could cause mbuf corruption,
143: causing the system to crash.<br>
144: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/002_pfbridge.patch">A
145: source code patch exists which remedies the problem</a>.
146: <p>
1.421 miod 147: <a name=kadmin></a>
1.435 naddy 148: <li><font color="#009000"><strong>001: SECURITY FIX: October 21, 2002</strong></font><br>
1.421 miod 149: A buffer overflow can occur in the
150: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a>
151: daemon, leading to possible remote crash or exploit.<br>
152: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch">A source code patch exists which remedies the problem</a>.
153: <p>
1.25 deraadt 154: </ul>
1.177 deraadt 155: <p>
1.42 deraadt 156: <a name=i386></a>
1.435 naddy 157: <li><h3><font color="#e00000">i386</font></h3>
1.25 deraadt 158: <ul>
1.384 deraadt 159: <li>No problems identified yet.
1.323 deraadt 160: </ul>
1.285 deraadt 161: <p>
1.323 deraadt 162: <a name=alpha></a>
1.435 naddy 163: <li><h3><font color="#e00000">alpha</font></h3>
1.323 deraadt 164: <ul>
165: <li>No problems identified yet.
1.39 deraadt 166: </ul>
1.155 deraadt 167: <p>
1.47 deraadt 168: <a name=mac68k></a>
1.435 naddy 169: <li><h3><font color="#e00000">mac68k</font></h3>
1.39 deraadt 170: <ul>
1.323 deraadt 171: <li>No problems identified yet.
1.25 deraadt 172: </ul>
1.155 deraadt 173: <p>
1.65 deraadt 174: <a name=sparc></a>
1.435 naddy 175: <li><h3><font color="#e00000">sparc</font></h3>
1.25 deraadt 176: <ul>
1.323 deraadt 177: <li>No problems identified yet.
1.39 deraadt 178: </ul>
1.177 deraadt 179: <p>
1.355 deraadt 180: <a name=sparc64></a>
1.435 naddy 181: <li><h3><font color="#e00000">sparc64</font></h3>
1.93 deraadt 182: <ul>
1.384 deraadt 183: <li>No problems identified yet.
1.25 deraadt 184: </ul>
1.155 deraadt 185: <p>
1.355 deraadt 186: <a name=amiga></a>
1.435 naddy 187: <li><h3><font color="#e00000">amiga</font></h3>
1.25 deraadt 188: <ul>
1.281 deraadt 189: <li>No problems identified yet.
1.25 deraadt 190: </ul>
1.155 deraadt 191: <p>
1.281 deraadt 192: <a name=hp300></a>
1.435 naddy 193: <li><h3><font color="#e00000">hp300</font></h3>
1.59 deraadt 194: <ul>
1.323 deraadt 195: <li>No problems identified yet.
1.59 deraadt 196: </ul>
1.155 deraadt 197: <p>
1.281 deraadt 198: <a name=mvme68k></a>
1.435 naddy 199: <li><h3><font color="#e00000">mvme68k</font></h3>
1.56 deraadt 200: <ul>
1.323 deraadt 201: <li>No problems identified yet.
1.56 deraadt 202: </ul>
1.155 deraadt 203: <p>
1.355 deraadt 204: <a name=macppc></a>
1.435 naddy 205: <li><h3><font color="#e00000">macppc</font></h3>
1.110 millert 206: <ul>
1.384 deraadt 207: <li>No problems identified yet.
1.385 hugh 208: </ul>
1.386 hugh 209: <p>
1.281 deraadt 210: <a name=vax></a>
1.435 naddy 211: <li><h3><font color="#e00000">vax</font></h3>
1.25 deraadt 212: <ul>
1.232 deraadt 213: <li>No problems identified yet.
1.25 deraadt 214: </ul>
1.144 deraadt 215:
1.197 deraadt 216: </dl>
1.25 deraadt 217: <br>
1.75 deraadt 218:
1.25 deraadt 219: <hr>
1.240 jason 220: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.381 espie 221: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 222: <br>
1.419 deraadt 223: For errata on a certain release, click below:<br>
1.418 deraadt 224: <a href="errata21.html">2.1</a>,
225: <a href="errata22.html">2.2</a>,
226: <a href="errata23.html">2.3</a>,
227: <a href="errata24.html">2.4</a>,
228: <a href="errata25.html">2.5</a>,
229: <a href="errata26.html">2.6</a>,
230: <a href="errata27.html">2.7</a>,
231: <a href="errata28.html">2.8</a>,
232: <a href="errata29.html">2.9</a>,
233: <a href="errata30.html">3.0</a>,
234: <a href="errata31.html">3.1</a>.
235: <br>
236:
1.2 deraadt 237: <hr>
1.186 deraadt 238: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.435 naddy 239: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.436 ! miod 240: <br><small>$OpenBSD: errata.html,v 1.435 2003/03/06 21:44:07 naddy Exp $</small>
1.2 deraadt 241:
242: </body>
243: </html>