Annotation of www/errata.html, Revision 1.454
1.435 naddy 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 deraadt 2: <html>
3: <head>
1.440 deraadt 4: <title>OpenBSD 3.3 errata</title>
1.435 naddy 5: <link rev=made href="mailto:www@openbsd.org">
1.1 deraadt 6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
1.441 margarid 10: <meta name="copyright" content="This document copyright 1997-2003 by OpenBSD.">
1.1 deraadt 11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
1.394 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.435 naddy 16: <h2><font color="#0000e0">
1.440 deraadt 17: This is the OpenBSD 3.3 release errata & patch list:
1.94 deraadt 18:
1.96 deraadt 19: </font></h2>
20:
1.94 deraadt 21: <hr>
1.240 jason 22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.380 espie 23: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 24: <br>
1.419 deraadt 25: For errata on a certain release, click below:<br>
1.418 deraadt 26: <a href="errata21.html">2.1</a>,
27: <a href="errata22.html">2.2</a>,
28: <a href="errata23.html">2.3</a>,
29: <a href="errata24.html">2.4</a>,
30: <a href="errata25.html">2.5</a>,
31: <a href="errata26.html">2.6</a>,
32: <a href="errata27.html">2.7</a>,
33: <a href="errata28.html">2.8</a>,
34: <a href="errata29.html">2.9</a>,
35: <a href="errata30.html">3.0</a>,
1.440 deraadt 36: <a href="errata31.html">3.1</a>,
37: <a href="errata32.html">3.2</a>.
1.418 deraadt 38: <br>
1.94 deraadt 39: <hr>
40:
1.441 margarid 41: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3.tar.gz">
1.142 deraadt 42: You can also fetch a tar.gz file containing all the following patches</a>.
43: This file is updated once a day.
44:
1.240 jason 45: <p> The patches below are available in CVS via the
1.441 margarid 46: <code>OPENBSD_3_3</code> <a href="stable.html">patch branch</a>.
1.278 ericj 47:
48: <p>
1.420 deraadt 49: For more detailed information on how to install patches to OpenBSD, please
1.409 jufi 50: consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
1.142 deraadt 51: <hr>
52:
1.197 deraadt 53: <dl>
1.43 deraadt 54: <a name=all></a>
1.435 naddy 55: <li><h3><font color="#e00000">All architectures</font></h3>
1.25 deraadt 56: <ul>
1.453 millert 57: <a name=asn1></a>
58: <li><font color="#009000"><strong>007: SECURITY FIX: October 1, 2003</strong></font><br>
59: The use of certain ASN.1 encodings or malformed public keys may allow an
60: attacker to mount a denial of service attack against applications linked with
61: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>.
62: This does not affect OpenSSH.
63: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch">A source code patch exists which remedies the problem</a>.<br>
1.454 ! mcbride 64: <a name=pfnorm></a>
! 65: <li><font color="#009000"><strong>006: SECURITY FIX: October 1, 2003</strong></font><br>
! 66: Three cases of potential access to freed memory have been found in
! 67: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=4">pf</a>.
! 68: At least one of them could be used to panic pf with active scrub rules remotely.
! 69: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch">A source code patch exists which remedies the problem</a>.<br>
1.451 millert 70: <a name=sendmail></a>
71: <li><font color="#009000"><strong>005: SECURITY FIX: September 17, 2003</strong></font><br>
72: A buffer overflow in the address parsing in
73: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
74: may allow an attacker to gain root privileges.<br>
1.452 millert 75: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch">A source code patch exists which remedies the problem</a>.<br>
76: NOTE: this is the <em>second</em> revision of the patch that fixes an additional
77: problem.
1.451 millert 78: <p>
1.449 millert 79: <a name=sshbuffer></a>
80: <li><font color="#009000"><strong>004: SECURITY FIX: September 16, 2003</strong></font><br>
81: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.
1.451 millert 82: It is unclear whether or not this bug is exploitable.<br>
1.449 millert 83: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch">A
1.451 millert 84: source code patch exists which remedies the problem</a>.<br>
1.450 millert 85: NOTE: this is the <em>second</em> revision of the patch that fixes an additional
86: problem.
1.449 millert 87: <p>
1.448 millert 88: <a name=sysvsem></a>
89: <li><font color="#009000"><strong>003: SECURITY FIX: September 10, 2003</strong></font><br>
90: Root may be able to reduce the security level by taking advantage of
91: an integer overflow when the semaphore limits are made very large.<br>
92: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch">A
93: source code patch exists which remedies the problem</a>.
94: <p>
95: <a name=semget></a>
1.446 millert 96: <li><font color="#009000"><strong>002: RELIABILITY FIX: August 20, 2003</strong></font><br>
1.445 millert 97: An improper bounds check in the
1.446 millert 98: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semget&sektion=2">semget(2)</a>
1.445 millert 99: system call can allow a local user to cause a kernel panic.<br>
100: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch">A
101: source code patch exists which remedies the problem</a>.
1.443 millert 102: <a name=realpath></a>
1.447 jufi 103: <p>
1.443 millert 104: <li><font color="#009000"><strong>001: SECURITY FIX: August 4, 2003</strong></font><br>
105: An off-by-one error exists in the C library function
106: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realpath&sektion=3">realpath(3)</a>.
107: Since this same bug resulted in a root compromise in the wu-ftpd ftp server
108: it is possible that this bug may allow an attacker to gain escalated privileges
109: on OpenBSD.<br>
1.444 millert 110: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch">A
1.443 millert 111: source code patch exists which remedies the problem</a>.
112: <p>
1.25 deraadt 113: </ul>
1.177 deraadt 114: <p>
1.42 deraadt 115: <a name=i386></a>
1.435 naddy 116: <li><h3><font color="#e00000">i386</font></h3>
1.25 deraadt 117: <ul>
1.384 deraadt 118: <li>No problems identified yet.
1.323 deraadt 119: </ul>
1.285 deraadt 120: <p>
1.323 deraadt 121: <a name=alpha></a>
1.435 naddy 122: <li><h3><font color="#e00000">alpha</font></h3>
1.323 deraadt 123: <ul>
124: <li>No problems identified yet.
1.39 deraadt 125: </ul>
1.155 deraadt 126: <p>
1.47 deraadt 127: <a name=mac68k></a>
1.435 naddy 128: <li><h3><font color="#e00000">mac68k</font></h3>
1.39 deraadt 129: <ul>
1.323 deraadt 130: <li>No problems identified yet.
1.25 deraadt 131: </ul>
1.155 deraadt 132: <p>
1.65 deraadt 133: <a name=sparc></a>
1.435 naddy 134: <li><h3><font color="#e00000">sparc</font></h3>
1.25 deraadt 135: <ul>
1.323 deraadt 136: <li>No problems identified yet.
1.39 deraadt 137: </ul>
1.177 deraadt 138: <p>
1.355 deraadt 139: <a name=sparc64></a>
1.435 naddy 140: <li><h3><font color="#e00000">sparc64</font></h3>
1.93 deraadt 141: <ul>
1.384 deraadt 142: <li>No problems identified yet.
1.25 deraadt 143: </ul>
1.155 deraadt 144: <p>
1.442 henning 145: <a name=hppa></a>
146: <li><h3><font color="#e00000">hppa</font></h3>
1.25 deraadt 147: <ul>
1.281 deraadt 148: <li>No problems identified yet.
1.25 deraadt 149: </ul>
1.155 deraadt 150: <p>
1.281 deraadt 151: <a name=hp300></a>
1.435 naddy 152: <li><h3><font color="#e00000">hp300</font></h3>
1.59 deraadt 153: <ul>
1.323 deraadt 154: <li>No problems identified yet.
1.59 deraadt 155: </ul>
1.155 deraadt 156: <p>
1.281 deraadt 157: <a name=mvme68k></a>
1.435 naddy 158: <li><h3><font color="#e00000">mvme68k</font></h3>
1.56 deraadt 159: <ul>
1.323 deraadt 160: <li>No problems identified yet.
1.56 deraadt 161: </ul>
1.155 deraadt 162: <p>
1.355 deraadt 163: <a name=macppc></a>
1.435 naddy 164: <li><h3><font color="#e00000">macppc</font></h3>
1.110 millert 165: <ul>
1.384 deraadt 166: <li>No problems identified yet.
1.385 hugh 167: </ul>
1.386 hugh 168: <p>
1.281 deraadt 169: <a name=vax></a>
1.435 naddy 170: <li><h3><font color="#e00000">vax</font></h3>
1.25 deraadt 171: <ul>
1.232 deraadt 172: <li>No problems identified yet.
1.25 deraadt 173: </ul>
1.144 deraadt 174:
1.197 deraadt 175: </dl>
1.25 deraadt 176: <br>
1.75 deraadt 177:
1.25 deraadt 178: <hr>
1.240 jason 179: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.381 espie 180: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
1.418 deraadt 181: <br>
1.419 deraadt 182: For errata on a certain release, click below:<br>
1.418 deraadt 183: <a href="errata21.html">2.1</a>,
184: <a href="errata22.html">2.2</a>,
185: <a href="errata23.html">2.3</a>,
186: <a href="errata24.html">2.4</a>,
187: <a href="errata25.html">2.5</a>,
188: <a href="errata26.html">2.6</a>,
189: <a href="errata27.html">2.7</a>,
190: <a href="errata28.html">2.8</a>,
191: <a href="errata29.html">2.9</a>,
192: <a href="errata30.html">3.0</a>,
1.440 deraadt 193: <a href="errata31.html">3.1</a>,
194: <a href="errata32.html">3.2</a>.
1.418 deraadt 195: <br>
196:
1.2 deraadt 197: <hr>
1.186 deraadt 198: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.435 naddy 199: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.454 ! mcbride 200: <br><small>$OpenBSD: errata.html,v 1.453 2003/10/03 22:40:47 millert Exp $</small>
1.2 deraadt 201:
202: </body>
203: </html>