Annotation of www/errata.html, Revision 1.439
1.435 naddy 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 deraadt 2: <html>
3: <head>
1.417 miod 4: <title>OpenBSD 3.2 errata</title>
1.435 naddy 5: <link rev=made href="mailto:www@openbsd.org">
1.1 deraadt 6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
1.372 horacio 10: <meta name="copyright" content="This document copyright 1997-2002 by OpenBSD.">
1.1 deraadt 11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
1.394 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.435 naddy 16: <h2><font color="#0000e0">
1.417 miod 17: This is the OpenBSD 3.2 release errata & patch list:
1.94 deraadt 18:
1.96 deraadt 19: </font></h2>
20:
1.94 deraadt 21: <hr>
1.240 jason 22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.380 espie 23: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 24: <br>
1.419 deraadt 25: For errata on a certain release, click below:<br>
1.418 deraadt 26: <a href="errata21.html">2.1</a>,
27: <a href="errata22.html">2.2</a>,
28: <a href="errata23.html">2.3</a>,
29: <a href="errata24.html">2.4</a>,
30: <a href="errata25.html">2.5</a>,
31: <a href="errata26.html">2.6</a>,
32: <a href="errata27.html">2.7</a>,
33: <a href="errata28.html">2.8</a>,
34: <a href="errata29.html">2.9</a>,
35: <a href="errata30.html">3.0</a>,
36: <a href="errata31.html">3.1</a>.
37: <br>
1.94 deraadt 38: <hr>
39:
1.435 naddy 40: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2.tar.gz">
1.142 deraadt 41: You can also fetch a tar.gz file containing all the following patches</a>.
42: This file is updated once a day.
43:
1.240 jason 44: <p> The patches below are available in CVS via the
1.420 deraadt 45: <code>OPENBSD_3_2</code> <a href="stable.html">patch branch</a>.
1.278 ericj 46:
47: <p>
1.420 deraadt 48: For more detailed information on how to install patches to OpenBSD, please
1.409 jufi 49: consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
1.142 deraadt 50: <hr>
51:
1.197 deraadt 52: <dl>
1.43 deraadt 53: <a name=all></a>
1.435 naddy 54: <li><h3><font color="#e00000">All architectures</font></h3>
1.25 deraadt 55: <ul>
1.439 ! millert 56: <a name=kerberos></a>
! 57: <li><font color="#009000"><strong>013: SECURITY FIX: March 24, 2003</strong></font><br>
! 58: A cryptographic weaknesses in the Kerberos v4 protocol can be exploited
! 59: on Kerberos v5 as well.
! 60: <br>
! 61: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/013_kerberos.patch">A
! 62: source code patch exists which remedies the problem</a>.
! 63: <p>
1.437 miod 64: <a name=kpr></a>
65: <li><font color="#009000"><strong>012: SECURITY FIX: March 19, 2003</strong></font><br>
1.438 jufi 66: OpenSSL is vulnerable to an extension of the ``Bleichenbacher'' attack designed
1.437 miod 67: by Czech researchers Klima, Pokorny and Rosa.
68: <br>
69: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/012_kpr.patch">A
70: source code patch exists which remedies the problem</a>.
71: <p>
1.436 miod 72: <a name=blinding></a>
73: <li><font color="#009000"><strong>011: SECURITY FIX: March 18, 2003</strong></font><br>
74: Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.
75: <br>
76: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/011_blinding.patch">An
77: ``RSA blinding'' source code patch exists which remedies the problem</a>.
78: <p>
1.434 millert 79: <a name=lprm></a>
1.435 naddy 80: <li><font color="#009000"><strong>010: SECURITY FIX: March 5, 2003</strong></font><br>
1.434 millert 81: A fix for an
82: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a>
83: bug made in 1996 contains an error that could lead to privilege escalation.
84: For OpenBSD 3.2 the impact is limited since
85: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a>
86: is setuid daemon, not setuid root.
87: <br>
88: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch">A
89: source code patch exists which remedies the problem</a>.
90: <p>
1.431 miod 91: <a name=sendmail></a>
1.435 naddy 92: <li><font color="#009000"><strong>009: SECURITY FIX: March 3, 2003</strong></font><br>
1.431 miod 93: A buffer overflow in the envelope comments processing in
94: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
95: may allow an attacker to gain root privileges.<br>
96: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/009_sendmail.patch">A
1.432 jufi 97: source code patch exists which remedies the problem</a>.
1.431 miod 98: <p>
1.430 margarid 99: <a name=httpd></a>
1.435 naddy 100: <li><font color="#009000"><strong>008: SECURITY FIX: February 25, 2003</strong></font><br>
1.431 miod 101: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.<br>
1.430 margarid 102: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">A source code patch exists which fixes these two issues</a>.
103: <p>
1.426 margarid 104: <a name=ssl></a>
1.435 naddy 105: <li><font color="#009000"><strong>007: SECURITY FIX: February 22, 2003</strong></font><br>
1.427 margarid 106: In
107: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation
1.433 nick 108: even if incorrect block cipher padding has been found, this is a
1.429 brad 109: countermeasure. Also, check for negative sizes in memory allocation routines.<br>
1.426 margarid 110: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/007_ssl.patch">A
111: source code patch exists which fixes these two issues</a>.
112: <p>
1.425 millert 113: <a name=cvs></a>
1.435 naddy 114: <li><font color="#009000"><strong>006: SECURITY FIX: January 20, 2003</strong></font><br>
1.425 millert 115: A double free in
116: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a>
117: could allow an attacker to execute code with the privileges of the
118: user running cvs. This is only an issue when the cvs command is
119: being run on a user's behalf as a different user. This means that,
120: in most cases, the issue only exists for cvs configurations that use
1.429 brad 121: the <em>pserver</em> client/server connection method.<br>
1.425 millert 122: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/006_cvs.patch">A
123: source code patch exists which remedies the problem</a>.
124: <p>
1.423 millert 125: <a name=named></a>
1.435 naddy 126: <li><font color="#009000"><strong>005: SECURITY FIX: November 14, 2002</strong></font><br>
1.423 millert 127: A buffer overflow in
128: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>
129: could allow an attacker to execute code with the privileges of named.
130: On OpenBSD, named runs as a non-root user in a chrooted environment
1.424 millert 131: which mitigates the effects of this bug.<br>
1.423 millert 132: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/005_named.patch">A
133: source code patch exists which remedies the problem</a>.
134: <p>
1.422 miod 135: <a name=pool></a>
1.435 naddy 136: <li><font color="#009000"><strong>004: RELIABILITY FIX: November 6, 2002</strong></font><br>
1.422 miod 137: A logic error in the
138: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool</a>
139: kernel memory allocator could cause memory corruption in low-memory situations,
140: causing the system to crash.<br>
141: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/004_pool.patch">A
142: source code patch exists which remedies the problem</a>.
143: <p>
144: <a name=smrsh></a>
1.435 naddy 145: <li><font color="#009000"><strong>003: SECURITY FIX: November 6, 2002</strong></font><br>
1.422 miod 146: An attacker can bypass the restrictions imposed by sendmail's restricted shell,
147: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>,
148: and execute arbitrary commands with the privileges of his own account.<br>
149: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/003_smrsh.patch">A
150: source code patch exists which remedies the problem</a>.
151: <p>
152: <a name=pfbridge></a>
1.435 naddy 153: <li><font color="#009000"><strong>002: RELIABILITY FIX: November 6, 2002</strong></font><br>
1.422 miod 154: Network
155: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridges</a>
156: running
157: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf</a>
158: with scrubbing enabled could cause mbuf corruption,
159: causing the system to crash.<br>
160: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/002_pfbridge.patch">A
161: source code patch exists which remedies the problem</a>.
162: <p>
1.421 miod 163: <a name=kadmin></a>
1.435 naddy 164: <li><font color="#009000"><strong>001: SECURITY FIX: October 21, 2002</strong></font><br>
1.421 miod 165: A buffer overflow can occur in the
166: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a>
167: daemon, leading to possible remote crash or exploit.<br>
168: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch">A source code patch exists which remedies the problem</a>.
169: <p>
1.25 deraadt 170: </ul>
1.177 deraadt 171: <p>
1.42 deraadt 172: <a name=i386></a>
1.435 naddy 173: <li><h3><font color="#e00000">i386</font></h3>
1.25 deraadt 174: <ul>
1.384 deraadt 175: <li>No problems identified yet.
1.323 deraadt 176: </ul>
1.285 deraadt 177: <p>
1.323 deraadt 178: <a name=alpha></a>
1.435 naddy 179: <li><h3><font color="#e00000">alpha</font></h3>
1.323 deraadt 180: <ul>
181: <li>No problems identified yet.
1.39 deraadt 182: </ul>
1.155 deraadt 183: <p>
1.47 deraadt 184: <a name=mac68k></a>
1.435 naddy 185: <li><h3><font color="#e00000">mac68k</font></h3>
1.39 deraadt 186: <ul>
1.323 deraadt 187: <li>No problems identified yet.
1.25 deraadt 188: </ul>
1.155 deraadt 189: <p>
1.65 deraadt 190: <a name=sparc></a>
1.435 naddy 191: <li><h3><font color="#e00000">sparc</font></h3>
1.25 deraadt 192: <ul>
1.323 deraadt 193: <li>No problems identified yet.
1.39 deraadt 194: </ul>
1.177 deraadt 195: <p>
1.355 deraadt 196: <a name=sparc64></a>
1.435 naddy 197: <li><h3><font color="#e00000">sparc64</font></h3>
1.93 deraadt 198: <ul>
1.384 deraadt 199: <li>No problems identified yet.
1.25 deraadt 200: </ul>
1.155 deraadt 201: <p>
1.355 deraadt 202: <a name=amiga></a>
1.435 naddy 203: <li><h3><font color="#e00000">amiga</font></h3>
1.25 deraadt 204: <ul>
1.281 deraadt 205: <li>No problems identified yet.
1.25 deraadt 206: </ul>
1.155 deraadt 207: <p>
1.281 deraadt 208: <a name=hp300></a>
1.435 naddy 209: <li><h3><font color="#e00000">hp300</font></h3>
1.59 deraadt 210: <ul>
1.323 deraadt 211: <li>No problems identified yet.
1.59 deraadt 212: </ul>
1.155 deraadt 213: <p>
1.281 deraadt 214: <a name=mvme68k></a>
1.435 naddy 215: <li><h3><font color="#e00000">mvme68k</font></h3>
1.56 deraadt 216: <ul>
1.323 deraadt 217: <li>No problems identified yet.
1.56 deraadt 218: </ul>
1.155 deraadt 219: <p>
1.355 deraadt 220: <a name=macppc></a>
1.435 naddy 221: <li><h3><font color="#e00000">macppc</font></h3>
1.110 millert 222: <ul>
1.384 deraadt 223: <li>No problems identified yet.
1.385 hugh 224: </ul>
1.386 hugh 225: <p>
1.281 deraadt 226: <a name=vax></a>
1.435 naddy 227: <li><h3><font color="#e00000">vax</font></h3>
1.25 deraadt 228: <ul>
1.232 deraadt 229: <li>No problems identified yet.
1.25 deraadt 230: </ul>
1.144 deraadt 231:
1.197 deraadt 232: </dl>
1.25 deraadt 233: <br>
1.75 deraadt 234:
1.25 deraadt 235: <hr>
1.240 jason 236: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.381 espie 237: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 238: <br>
1.419 deraadt 239: For errata on a certain release, click below:<br>
1.418 deraadt 240: <a href="errata21.html">2.1</a>,
241: <a href="errata22.html">2.2</a>,
242: <a href="errata23.html">2.3</a>,
243: <a href="errata24.html">2.4</a>,
244: <a href="errata25.html">2.5</a>,
245: <a href="errata26.html">2.6</a>,
246: <a href="errata27.html">2.7</a>,
247: <a href="errata28.html">2.8</a>,
248: <a href="errata29.html">2.9</a>,
249: <a href="errata30.html">3.0</a>,
250: <a href="errata31.html">3.1</a>.
251: <br>
252:
1.2 deraadt 253: <hr>
1.186 deraadt 254: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.435 naddy 255: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.439 ! millert 256: <br><small>$OpenBSD: errata.html,v 1.438 2003/03/20 17:04:31 jufi Exp $</small>
1.2 deraadt 257:
258: </body>
259: </html>