File: [local] / www / errata.html (download) (as text)
Revision 1.256, Wed Jul 5 22:53:09 2000 UTC (23 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.255: +2 -3 lines
only affects anonftp
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
<html>
<head>
<title>OpenBSD 2.7 errata</title>
<link rev=made href=mailto:www@openbsd.org>
<meta name="resource-type" content="document">
<meta name="description" content="the OpenBSD CD errata page">
<meta name="keywords" content="openbsd,cd,errata">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1997-1998 by OpenBSD.">
</head>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
<img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
<h2><font color=#0000e0>
This is the OpenBSD 2.7 release errata & patch list:
</font></h2>
<hr>
<a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
<a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
<a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
<a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
<a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
<a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
<a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
<hr>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7.tar.gz>
You can also fetch a tar.gz file containing all the following patches</a>.
This file is updated once a day.
<p> The patches below are available in CVS via the
<code>OPENBSD_2_7</code> <a href="stable.html">patch branch</a>.
<hr>
<dl>
<a name=all></a>
<li><h3><font color=#e00000>All architectures</font></h3>
<ul>
<a name=ftpd></a>
<li><font color=#009000><strong>019: SECURITY FIX: July 5, 2000</strong></font><br>
Just like pretty much all the other unix ftp daemons on the planet,
ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default.
The problem exists if anonymous ftp is enabled.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/019_ftpd.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=mopd></a>
<li><font color=#009000><strong>018: SECURITY FIX: July 5, 2000</strong></font><br>
Mopd contained a buffer overflow.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/018_mopd.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=screen></a>
<li><font color=#009000><strong>017: INSTALLATION FIX: July 3, 2000</strong></font>
<br>
The screen package shipped with 2.7 does not install itself properly. The
existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to
screen-3.9.5.tgz.old and a replacement package has been provided under the
name screen-3.9.5p1.tgz.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/ports/017_screen.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=libedit></a>
<li><font color=#009000><strong>013: SECURITY FIX: June 28, 2000</strong></font><br>
libedit would check for a <b>.editrc</b> file in the current directory.
That behaviour is not nice; this does not turn into a security problem in
any real world situation that we know of, but a patch is available anyways.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/013_libedit.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=dhclient></a>
<li><font color=#009000><strong>012: SECURITY FIX: June 24, 2000</strong></font><br>
A serious bug in dhclient(8) could allow strings from a malicious dhcp
server to be executed in the shell as root.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/012_dhclient.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=isakmpd></a>
<li><font color=#009000><strong>009: SECURITY FIX: June 9, 2000</strong></font><br>
A serious bug in isakmpd(8) policy handling wherein policy
verification could be completely bypassed in isakmpd.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/009_isakmpd.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=msdosfs></a>
<li><font color=#009000><strong>008: RELIABILITY FIX: June 8, 2000</strong></font><br>
Some operations in msdosfs could result in a system panic.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/008_msdosfs.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=cd9660></a>
<li><font color=#009000><strong>007: RELIABILITY FIX: June 8, 2000</strong></font><br>
NFS exporting of CD filesystems caused a system panic.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/007_cd9660.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=uselogin></a>
<li><font color=#009000><strong>006: SECURITY FIX: June 6, 2000</strong></font><br>
The non-default UseLogin feature in <b>/etc/sshd_config</b> is broken and should not
be used. On other operating systems, it results in a hole.<br>
Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
<p>
<a name=ipopts></a>
<li><font color=#009000><strong>005: RELIABILITY FIX: May 29, 2000</strong></font><br>
Parse IPv4 options more carefully. It is not yet clear if this can even be used
to crash the machine remote or locally.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/005_ipopts.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=route></a>
<li><font color=#009000><strong>004: RELIABILITY FIX: May 29, 2000</strong></font><br>
Certain routing table modifications by the superuser could cause a system panic.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/004_route.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=bridge></a>
<li><font color=#009000><strong>003: SECURITY FIX: May 26, 2000</strong></font><br>
It is possible to bypass the <i>learning</i> flag on an interface if frames
go directly to the machine acting as a
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge</a>.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/003_bridge.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=ef></a>
<li><font color=#009000><strong>002: DRIVER FIX: May 26, 2000</strong></font><br>
The
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ef&sektion=4">ef(4)</a>
driver will complain when adding an address with ifconfig
(ifconfig: SIOCAIFADDR: Invalid argument).<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/002_ef.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=ipf></a>
<li><font color=#009000><strong>001: SECURITY FIX: May 25, 2000</strong></font><br>
A misuse of
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=8">ipf(8)</a>
<i>keep-state</i> rules can result in firewall rules being bypassed.<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/001_ipf.patch>
A source code patch exists</a>, which remedies this problem, and updates ipf
to version 3.3.16.
<p>
</ul>
<p>
<a name=i386></a>
<li><h3><font color=#e00000>i386</font></h3>
<ul>
<a name=xlhash></a>
<li><font color=#009000><strong>016: DRIVER BUG: July 2, 2000</strong></font><br>
The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>
driver supporting various 3com cards, had a bug which prevented the multicast
filter from working correctly on the 3c905B, thus preventing many IPv6 things
from working.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/i386/016_xlhash.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=ste></a>
<li><font color=#009000><strong>015: DRIVER BUG: June 30, 2000</strong></font><br>
The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ste&sektion=4">ste(4)</a>
driver supporting Ethernet cards based on the Sundance ST201 chipset
(i.e., the D-Link 550TX) has a bug which causes the machine to panic at
boot-time.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/i386/015_ste.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=pcvt></a>
<li><font color=#009000><strong>014: DRIVER BUG: June 30, 2000</strong></font><br>
The PC console driver (PCVT) has two bugs. Display problems can result if
reverse video mode is turned on or off twice in a row. This patch also
fixes a problem with scrolling region handling that has been seen by many
users trying to use the BitchX irc client with the screen program.<br>
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/i386/014_pcvt.patch>
There is now a second revision of the source code patch which remedies this problem.</a>
<p>
<a name=if_an></a>
<li><font color=#009000><strong>011: DRIVER BUG: June 17, 2000</strong></font><br>
The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=an&sektion=4">an(4)</a>
Aironet Communications 4500/4800 IEEE 802.11DS driver has a bug which prevents
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ancontrol&sektion=8">ancontrol(8)</a> from working correctly, instead causing a panic.
<br>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/i386/011_an.patch>
A source code patch exists which remedies this problem.</a>
<p>
</ul>
<p>
<a name=mac68k></a>
<li><h3><font color=#e00000>mac68k</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=sparc></a>
<li><h3><font color=#e00000>sparc</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=amiga></a>
<li><h3><font color=#e00000>amiga</font></h3>
<ul>
<a name=amiga_cd></a>
<li><font color=#009000><strong>010: CD DISTRIBUTION ERROR: June 15, 2000</strong></font><br>
On the 2.7 CD media, the <b>amiga</b> distribution contains two pairs of archives
files for installation, ie:
<pre>
-rw-r--r-- 1 root mirftp 20191465 Apr 29 14:27 base27.tar.gz
-rw-r--r-- 1 root mirftp 20291753 May 13 19:33 base27.tgz
-rw-r--r-- 1 root mirftp 13699507 Apr 29 14:26 comp27.tar.gz
-rw-r--r-- 1 root mirftp 13748096 May 13 19:33 comp27.tgz
-rw-r--r-- 1 root mirftp 1005376 Apr 29 14:26 etc27.tar.gz
-rw-r--r-- 1 root mirftp 1010772 May 13 19:33 etc27.tgz
-rw-r--r-- 1 root mirftp 2755567 Apr 29 14:26 game27.tar.gz
-rw-r--r-- 1 root mirftp 2755624 May 13 19:33 game27.tgz
-rw-r--r-- 1 root mirftp 5002872 Apr 29 14:26 man27.tar.gz
-rw-r--r-- 1 root mirftp 5038896 May 13 19:33 man27.tgz
-rw-r--r-- 1 root mirftp 1684356 Apr 29 14:26 misc27.tar.gz
-rw-r--r-- 1 root mirftp 1684381 May 13 19:33 misc27.tgz
</pre>
The installation script will list ALL of these files. For proper
operation one should install the <b>*.tgz</b> versions, and deselect
the <b>*.tar.gz</b> versions.<br>
The FTP area sets do not suffer from this problem.
<p>
</ul>
<p>
<a name=pmax></a>
<li><h3><font color=#e00000>pmax</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=arc></a>
<li><h3><font color=#e00000>arc</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=alpha></a>
<li><h3><font color=#e00000>alpha</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=hp300></a>
<li><h3><font color=#e00000>hp300</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=mvme68k></a>
<li><h3><font color=#e00000>mvme68k</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=powerpc></a>
<li><h3><font color=#e00000>powerpc</font></h3>
<ul>
<li>No problems identified yet.
</ul>
</dl>
<br>
<hr>
<a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
<a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
<a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
<a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
<a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
<a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
<a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
<hr>
<a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
<a href=mailto:www@openbsd.org>www@openbsd.org</a>
<br><small>$OpenBSD: errata.html,v 1.256 2000/07/05 22:53:09 deraadt Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www