Annotation of www/errata.html, Revision 1.437
1.435 naddy 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 deraadt 2: <html>
3: <head>
1.417 miod 4: <title>OpenBSD 3.2 errata</title>
1.435 naddy 5: <link rev=made href="mailto:www@openbsd.org">
1.1 deraadt 6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
1.372 horacio 10: <meta name="copyright" content="This document copyright 1997-2002 by OpenBSD.">
1.1 deraadt 11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
1.394 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.435 naddy 16: <h2><font color="#0000e0">
1.417 miod 17: This is the OpenBSD 3.2 release errata & patch list:
1.94 deraadt 18:
1.96 deraadt 19: </font></h2>
20:
1.94 deraadt 21: <hr>
1.240 jason 22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.380 espie 23: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 24: <br>
1.419 deraadt 25: For errata on a certain release, click below:<br>
1.418 deraadt 26: <a href="errata21.html">2.1</a>,
27: <a href="errata22.html">2.2</a>,
28: <a href="errata23.html">2.3</a>,
29: <a href="errata24.html">2.4</a>,
30: <a href="errata25.html">2.5</a>,
31: <a href="errata26.html">2.6</a>,
32: <a href="errata27.html">2.7</a>,
33: <a href="errata28.html">2.8</a>,
34: <a href="errata29.html">2.9</a>,
35: <a href="errata30.html">3.0</a>,
36: <a href="errata31.html">3.1</a>.
37: <br>
1.94 deraadt 38: <hr>
39:
1.435 naddy 40: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2.tar.gz">
1.142 deraadt 41: You can also fetch a tar.gz file containing all the following patches</a>.
42: This file is updated once a day.
43:
1.240 jason 44: <p> The patches below are available in CVS via the
1.420 deraadt 45: <code>OPENBSD_3_2</code> <a href="stable.html">patch branch</a>.
1.278 ericj 46:
47: <p>
1.420 deraadt 48: For more detailed information on how to install patches to OpenBSD, please
1.409 jufi 49: consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
1.142 deraadt 50: <hr>
51:
1.197 deraadt 52: <dl>
1.43 deraadt 53: <a name=all></a>
1.435 naddy 54: <li><h3><font color="#e00000">All architectures</font></h3>
1.25 deraadt 55: <ul>
1.437 ! miod 56: <a name=kpr></a>
! 57: <li><font color="#009000"><strong>012: SECURITY FIX: March 19, 2003</strong></font><br>
! 58: OpenSSL is vulnerable to an extension of the ``Bleichenbacher'' attach designed
! 59: by Czech researchers Klima, Pokorny and Rosa.
! 60: <br>
! 61: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/012_kpr.patch">A
! 62: source code patch exists which remedies the problem</a>.
! 63: <p>
1.436 miod 64: <a name=blinding></a>
65: <li><font color="#009000"><strong>011: SECURITY FIX: March 18, 2003</strong></font><br>
66: Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.
67: <br>
68: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/011_blinding.patch">An
69: ``RSA blinding'' source code patch exists which remedies the problem</a>.
70: <p>
1.434 millert 71: <a name=lprm></a>
1.435 naddy 72: <li><font color="#009000"><strong>010: SECURITY FIX: March 5, 2003</strong></font><br>
1.434 millert 73: A fix for an
74: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a>
75: bug made in 1996 contains an error that could lead to privilege escalation.
76: For OpenBSD 3.2 the impact is limited since
77: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a>
78: is setuid daemon, not setuid root.
79: <br>
80: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch">A
81: source code patch exists which remedies the problem</a>.
82: <p>
1.431 miod 83: <a name=sendmail></a>
1.435 naddy 84: <li><font color="#009000"><strong>009: SECURITY FIX: March 3, 2003</strong></font><br>
1.431 miod 85: A buffer overflow in the envelope comments processing in
86: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
87: may allow an attacker to gain root privileges.<br>
88: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/009_sendmail.patch">A
1.432 jufi 89: source code patch exists which remedies the problem</a>.
1.431 miod 90: <p>
1.430 margarid 91: <a name=httpd></a>
1.435 naddy 92: <li><font color="#009000"><strong>008: SECURITY FIX: February 25, 2003</strong></font><br>
1.431 miod 93: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.<br>
1.430 margarid 94: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">A source code patch exists which fixes these two issues</a>.
95: <p>
1.426 margarid 96: <a name=ssl></a>
1.435 naddy 97: <li><font color="#009000"><strong>007: SECURITY FIX: February 22, 2003</strong></font><br>
1.427 margarid 98: In
99: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation
1.433 nick 100: even if incorrect block cipher padding has been found, this is a
1.429 brad 101: countermeasure. Also, check for negative sizes in memory allocation routines.<br>
1.426 margarid 102: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/007_ssl.patch">A
103: source code patch exists which fixes these two issues</a>.
104: <p>
1.425 millert 105: <a name=cvs></a>
1.435 naddy 106: <li><font color="#009000"><strong>006: SECURITY FIX: January 20, 2003</strong></font><br>
1.425 millert 107: A double free in
108: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a>
109: could allow an attacker to execute code with the privileges of the
110: user running cvs. This is only an issue when the cvs command is
111: being run on a user's behalf as a different user. This means that,
112: in most cases, the issue only exists for cvs configurations that use
1.429 brad 113: the <em>pserver</em> client/server connection method.<br>
1.425 millert 114: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/006_cvs.patch">A
115: source code patch exists which remedies the problem</a>.
116: <p>
1.423 millert 117: <a name=named></a>
1.435 naddy 118: <li><font color="#009000"><strong>005: SECURITY FIX: November 14, 2002</strong></font><br>
1.423 millert 119: A buffer overflow in
120: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>
121: could allow an attacker to execute code with the privileges of named.
122: On OpenBSD, named runs as a non-root user in a chrooted environment
1.424 millert 123: which mitigates the effects of this bug.<br>
1.423 millert 124: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/005_named.patch">A
125: source code patch exists which remedies the problem</a>.
126: <p>
1.422 miod 127: <a name=pool></a>
1.435 naddy 128: <li><font color="#009000"><strong>004: RELIABILITY FIX: November 6, 2002</strong></font><br>
1.422 miod 129: A logic error in the
130: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool</a>
131: kernel memory allocator could cause memory corruption in low-memory situations,
132: causing the system to crash.<br>
133: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/004_pool.patch">A
134: source code patch exists which remedies the problem</a>.
135: <p>
136: <a name=smrsh></a>
1.435 naddy 137: <li><font color="#009000"><strong>003: SECURITY FIX: November 6, 2002</strong></font><br>
1.422 miod 138: An attacker can bypass the restrictions imposed by sendmail's restricted shell,
139: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>,
140: and execute arbitrary commands with the privileges of his own account.<br>
141: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/003_smrsh.patch">A
142: source code patch exists which remedies the problem</a>.
143: <p>
144: <a name=pfbridge></a>
1.435 naddy 145: <li><font color="#009000"><strong>002: RELIABILITY FIX: November 6, 2002</strong></font><br>
1.422 miod 146: Network
147: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridges</a>
148: running
149: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf</a>
150: with scrubbing enabled could cause mbuf corruption,
151: causing the system to crash.<br>
152: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/002_pfbridge.patch">A
153: source code patch exists which remedies the problem</a>.
154: <p>
1.421 miod 155: <a name=kadmin></a>
1.435 naddy 156: <li><font color="#009000"><strong>001: SECURITY FIX: October 21, 2002</strong></font><br>
1.421 miod 157: A buffer overflow can occur in the
158: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a>
159: daemon, leading to possible remote crash or exploit.<br>
160: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch">A source code patch exists which remedies the problem</a>.
161: <p>
1.25 deraadt 162: </ul>
1.177 deraadt 163: <p>
1.42 deraadt 164: <a name=i386></a>
1.435 naddy 165: <li><h3><font color="#e00000">i386</font></h3>
1.25 deraadt 166: <ul>
1.384 deraadt 167: <li>No problems identified yet.
1.323 deraadt 168: </ul>
1.285 deraadt 169: <p>
1.323 deraadt 170: <a name=alpha></a>
1.435 naddy 171: <li><h3><font color="#e00000">alpha</font></h3>
1.323 deraadt 172: <ul>
173: <li>No problems identified yet.
1.39 deraadt 174: </ul>
1.155 deraadt 175: <p>
1.47 deraadt 176: <a name=mac68k></a>
1.435 naddy 177: <li><h3><font color="#e00000">mac68k</font></h3>
1.39 deraadt 178: <ul>
1.323 deraadt 179: <li>No problems identified yet.
1.25 deraadt 180: </ul>
1.155 deraadt 181: <p>
1.65 deraadt 182: <a name=sparc></a>
1.435 naddy 183: <li><h3><font color="#e00000">sparc</font></h3>
1.25 deraadt 184: <ul>
1.323 deraadt 185: <li>No problems identified yet.
1.39 deraadt 186: </ul>
1.177 deraadt 187: <p>
1.355 deraadt 188: <a name=sparc64></a>
1.435 naddy 189: <li><h3><font color="#e00000">sparc64</font></h3>
1.93 deraadt 190: <ul>
1.384 deraadt 191: <li>No problems identified yet.
1.25 deraadt 192: </ul>
1.155 deraadt 193: <p>
1.355 deraadt 194: <a name=amiga></a>
1.435 naddy 195: <li><h3><font color="#e00000">amiga</font></h3>
1.25 deraadt 196: <ul>
1.281 deraadt 197: <li>No problems identified yet.
1.25 deraadt 198: </ul>
1.155 deraadt 199: <p>
1.281 deraadt 200: <a name=hp300></a>
1.435 naddy 201: <li><h3><font color="#e00000">hp300</font></h3>
1.59 deraadt 202: <ul>
1.323 deraadt 203: <li>No problems identified yet.
1.59 deraadt 204: </ul>
1.155 deraadt 205: <p>
1.281 deraadt 206: <a name=mvme68k></a>
1.435 naddy 207: <li><h3><font color="#e00000">mvme68k</font></h3>
1.56 deraadt 208: <ul>
1.323 deraadt 209: <li>No problems identified yet.
1.56 deraadt 210: </ul>
1.155 deraadt 211: <p>
1.355 deraadt 212: <a name=macppc></a>
1.435 naddy 213: <li><h3><font color="#e00000">macppc</font></h3>
1.110 millert 214: <ul>
1.384 deraadt 215: <li>No problems identified yet.
1.385 hugh 216: </ul>
1.386 hugh 217: <p>
1.281 deraadt 218: <a name=vax></a>
1.435 naddy 219: <li><h3><font color="#e00000">vax</font></h3>
1.25 deraadt 220: <ul>
1.232 deraadt 221: <li>No problems identified yet.
1.25 deraadt 222: </ul>
1.144 deraadt 223:
1.197 deraadt 224: </dl>
1.25 deraadt 225: <br>
1.75 deraadt 226:
1.25 deraadt 227: <hr>
1.240 jason 228: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.381 espie 229: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 230: <br>
1.419 deraadt 231: For errata on a certain release, click below:<br>
1.418 deraadt 232: <a href="errata21.html">2.1</a>,
233: <a href="errata22.html">2.2</a>,
234: <a href="errata23.html">2.3</a>,
235: <a href="errata24.html">2.4</a>,
236: <a href="errata25.html">2.5</a>,
237: <a href="errata26.html">2.6</a>,
238: <a href="errata27.html">2.7</a>,
239: <a href="errata28.html">2.8</a>,
240: <a href="errata29.html">2.9</a>,
241: <a href="errata30.html">3.0</a>,
242: <a href="errata31.html">3.1</a>.
243: <br>
244:
1.2 deraadt 245: <hr>
1.186 deraadt 246: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.435 naddy 247: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.437 ! miod 248: <br><small>$OpenBSD: errata.html,v 1.436 2003/03/19 01:47:10 miod Exp $</small>
1.2 deraadt 249:
250: </body>
251: </html>