File: [local] / www / errata.html (download) (as text)
Revision 1.495, Sun May 30 22:40:51 2004 UTC (20 years ago) by beck
Branch: MAIN
Changes since 1.494: +17 -1 lines
Add kerberos patch info for kdc cross-realm trust flaw
ok brad@
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>OpenBSD 3.5 errata</title>
<link rev=made href="mailto:www@openbsd.org">
<meta name="resource-type" content="document">
<meta name="description" content="the OpenBSD CD errata page">
<meta name="keywords" content="openbsd,cd,errata">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1997-2004 by OpenBSD.">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000" link="#23238E">
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
<h2><font color="#0000e0">
This is the OpenBSD 3.5 release errata & patch list:
</font></h2>
<hr>
<a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
<a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
<br>
For errata on a certain release, click below:<br>
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata27.html">2.7</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>.
<br>
<hr>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5.tar.gz">
You can also fetch a tar.gz file containing all the following patches</a>.
This file is updated once a day.
<p> The patches below are available in CVS via the
<code>OPENBSD_3_5</code> <a href="stable.html">patch branch</a>.
<p>
For more detailed information on how to install patches to OpenBSD, please
consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
<hr>
<a name="all"></a>
<h3><font color="#e00000">All architectures</font></h3>
<ul>
<li><a name="kerberos"></a>
<font color="#00900"><strong>008: SECURITY FIX: May 30,
2004</strong></font><br>
A flaw in the Kerberos V <A
HREF="http://www.openbsd.org/cgi-bin/man.cgi?query=kdc">kdc(8)</a>
server could result in the administrator of a Kerberos realm having
the ability to impersonate any principal in any other realm which
has established a cross-realm trust with their realm. The flaw is due to
inadequate checking of the "transited" field in a Kerberos request. For
more details see <A HREF="http://www.pdc.kth.se/heimdal/advisory/2004-04-01/">
Heimdal's announcement</A>.
<br>
<a
href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/009_kerberos.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="xdm"></a>
<font color="#00900"><strong>008: SECURITY FIX: May 26,
2004</strong></font><br>
With the introduction of IPv6 code in
<a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html">xdm(1)</a>,
one test on the 'requestPort' resource was deleted by accident. This
makes xdm create the chooser socket even if xdmcp is disabled in
xdm-config, by setting requestPort to 0. See
<a href="http://bugs.xfree86.org/show_bug.cgi?id=1376">XFree86
bugzilla</a> for details.
<br>
<a
href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/008_xdm.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="cvs2"></a>
<font color="#009000"><strong>007: SECURITY FIX: May 20,
2004</strong></font><br>
A heap overflow in the
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">cvs(1)</a>
server has been discovered that can be exploited by clients sending
malformed requests, enabling these clients to run arbitrary code
with the same privileges as the CVS server program.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/007_cvs2.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="procfs"></a>
<font color="#009000"><strong>006: SECURITY FIX: May 13,
2004</strong></font><br>
Check for integer overflow in procfs. Use of procfs is not recommended.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="tcp"></a>
<font color="#009000"><strong>005: RELIABILITY FIX: May 6,
2004</strong></font><br>
Reply to in-window SYN with a rate-limited ACK.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/005_tcp.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="scsi"></a>
<font color="#009000"><strong>004: RELIABILITY FIX: May 5,
2004</strong></font><br>
Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e.
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">siop(4)</a>,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trm&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">trm(4)</a>,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iha&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">iha(4)</a>
).
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/004_scsi.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="gdt"></a>
<font color="#009000"><strong>003: RELIABILITY FIX: May 5,
2004</strong></font><br>
Under load "recent model"
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gdt&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">gdt(4)</a>
controllers will lock up.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/003_gdt.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="cvs"></a>
<font color="#009000"><strong>002: SECURITY FIX: May 5,
2004</strong></font><br>
Pathname validation problems have been found in
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">cvs(1)</a>,
allowing malicious clients to create files outside the repository, allowing
malicious servers to overwrite files outside the local CVS tree on
the client and allowing clients to check out files outside the CVS
repository.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
</ul>
<p>
<a name="i386"></a>
<h3><font color="#e00000">i386</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name="alpha"></a>
<h3><font color="#e00000">alpha</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name="amd64"></a>
<h3><font color="#e00000">amd64</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name="cats"></a>
<h3><font color="#e00000">cats</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name="mac68k"></a>
<h3><font color="#e00000">mac68k</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name="sparc"></a>
<h3><font color="#e00000">sparc</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name="sparc64"></a>
<h3><font color="#e00000">sparc64</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name="hppa"></a>
<h3><font color="#e00000">hppa</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name="hp300"></a>
<h3><font color="#e00000">hp300</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name="mvme68k"></a>
<h3><font color="#e00000">mvme68k</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name="mvme88k"></a>
<h3><font color="#e00000">mvme88k</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name="macppc"></a>
<h3><font color="#e00000">macppc</font></h3>
<ul>
<li><a name="autobook_package"></a>
<font color="#009000"><strong>001: BROKEN PACKAGE ON CD: May 4, 2004</strong></font><br>
The powerpc autobook-1.3.tgz package found on CD2 has been found to be corrupt,
and will not extract.
A replacement package can be found on the ftp sites.
<p>
</ul>
<p>
<a name="vax"></a>
<h3><font color="#e00000">vax</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<br>
<hr>
<a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
<a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
<br>
For errata on a certain release, click below:<br>
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata27.html">2.7</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>.
<br>
<hr>
<a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
<a href="mailto:www@openbsd.org">www@openbsd.org</a>
<br><small>$OpenBSD: errata.html,v 1.495 2004/05/30 22:40:51 beck Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www