File: [local] / www / errata.html (download) (as text)
Revision 1.565, Wed Sep 27 10:37:09 2006 UTC (17 years, 8 months ago) by tom
Branch: MAIN
Changes since 1.564: +1 -2 lines
Remove repeated anchor (name="mvme88k")
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>OpenBSD 3.9 errata</title>
<link rev=made href="mailto:www@openbsd.org">
<meta name="resource-type" content="document">
<meta name="description" content="the OpenBSD CD errata page">
<meta name="keywords" content="openbsd,cd,errata">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1997-2004 by OpenBSD.">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000" link="#23238E">
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
<h2><font color="#0000e0">
This is the OpenBSD 3.9 release errata & patch list:
</font></h2>
<hr>
<a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
<a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
<br>
For errata on a certain release, click below:<br>
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata27.html">2.7</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>,
<a href="errata35.html">3.5</a>,
<a href="errata36.html">3.6</a>,
<a href="errata37.html">3.7</a>,
<a href="errata38.html">3.8</a>.
<br>
<hr>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9.tar.gz">
You can also fetch a tar.gz file containing all the following patches</a>.
This file is updated once a day.
<p> The patches below are available in CVS via the
<code>OPENBSD_3_9</code> <a href="stable.html">patch branch</a>.
<p>
For more detailed information on how to install patches to OpenBSD, please
consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
<hr>
<!-- Temporarily put anchors for all archs here. Remove later. -->
<a name="all"></a>
<a name="alpha"></a>
<a name="amd64"></a>
<a name="cats"></a>
<a name="hp300"></a>
<a name="hppa"></a>
<a name="i386"></a>
<a name="mac68k"></a>
<a name="macppc"></a>
<a name="mvme68k"></a>
<a name="mvme88k"></a>
<a name="sparc"></a>
<a name="sparc64"></a>
<a name="vax"></a>
<ul>
<li><a name="openssl"></a>
<font color="#009000"><strong>011: SECURITY FIX: September 8, 2006</strong></font> <i>All architectures</i><br>
Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for
an attacker to construct an invalid signature which OpenSSL would accept as a
valid PKCS#1 v1.5 signature.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339">CVE-2006-4339</a>
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/011_openssl.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="bind"></a>
<font color="#009000"><strong>010: SECURITY FIX: September 8, 2006</strong></font> <i>All architectures</i><br>
Two Denial of Service issues have been found with BIND.
An attacker who can perform recursive lookups on a DNS server and is able
to send a sufficiently large number of recursive queries, or is able to
get the DNS server to return more than one SIG(covered) RRsets can stop
the functionality of the DNS service.
An attacker querying an authoritative DNS server serving a RFC 2535
DNSSEC zone may be able to crash the DNS server.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095">CVE-2006-4095</a>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096">CVE-2006-4096</a>
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/010_bind.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="sppp"></a>
<font color="#009000"><strong>009: SECURITY FIX: September 2, 2006</strong></font> <i>All architectures</i><br>
Due to the failure to correctly validate LCP configuration option lengths,
it is possible for an attacker to send LCP packets via an
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&sektion=4">sppp(4)</a>
connection causing the kernel to panic.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4304">CVE-2006-4304</a>
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/009_sppp.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="isakmpd"></a>
<font color="#009000"><strong>008: SECURITY FIX: August 25, 2006</strong></font> <i>All architectures</i><br>
A problem in
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>
caused IPsec to run partly without replay protection. If
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>
was acting as responder during SA negotiation, SA's with a replay window of size 0 were created.
An attacker could reinject sniffed IPsec packets, which will be accepted without checking the
replay counter.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/008_isakmpd.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="sem"></a>
<font color="#009000"><strong>007: SECURITY FIX: August 25, 2006</strong></font> <i>All architectures</i><br>
It is possible to cause the kernel to panic when more than the default number of
sempahores have been allocated.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/007_sem.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="dhcpd"></a>
<font color="#009000"><strong>006: SECURITY FIX: August 25, 2006</strong></font> <i>All architectures</i><br>
Due to an off-by-one error in
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>,
it is possible to cause
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>
to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3122">CVE-2006-3122</a>
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/006_dhcpd.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="sendmail3"></a>
<font color="#009000"><strong>005: SECURITY FIX: August 25, 2006</strong></font> <i>All architectures</i><br>
A potential denial of service problem has been found in sendmail. A message
with really long header lines could trigger a use-after-free bug causing
sendmail to crash.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/005_sendmail3.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="httpd"></a>
<font color="#009000"><strong>004: SECURITY FIX: July 30, 2006</strong></font> <i>All architectures</i><br>
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>'s
mod_rewrite has a potentially exploitable off-by-one buffer overflow.
The buffer overflow may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration files,
could be triggered remotely. The default install is not affected by the
buffer overflow. CVE-2006-3747
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/004_httpd.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="sendmail2"></a>
<font color="#009000"><strong>003: SECURITY FIX: June 15, 2006</strong></font> <i>All architectures</i><br>
A potential denial of service problem has been found in sendmail. A malformed MIME
message could trigger excessive recursion which will lead to stack exhaustion.
This denial of service attack only affects delivery of mail from the queue and
delivery of a malformed message. Other incoming mail is still accepted and
delivered. However, mail messages in the queue may not be reattempted if a
malformed MIME message exists.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/003_sendmail2.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="xorg"></a>
<font color="#009000"><strong>002: SECURITY FIX: May 2, 2006</strong></font> <i>All architectures</i><br>
A security vulnerability has been found in the X.Org server --
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526">CVE-2006-1526</a>.
Clients authorized to connect to the X server are able to crash it and to execute
malicious code within the X server.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/002_xorg.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="sendmail"></a>
<font color="#009000"><strong>001: SECURITY FIX: March 25, 2006</strong></font> <i>All architectures</i><br>
A race condition has been reported to exist in the handling by sendmail of
asynchronous signals. A remote attacker may be able to execute arbitrary code with the
privileges of the user running sendmail, typically root. This is the second revision of
this patch.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/001_sendmail.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
</ul>
<br>
<hr>
<a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
<a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
<br>
For errata on a certain release, click below:<br>
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata27.html">2.7</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>,
<a href="errata35.html">3.5</a>,
<a href="errata36.html">3.6</a>,
<a href="errata37.html">3.7</a>,
<a href="errata38.html">3.8</a>.
<br>
<hr>
<a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
<a href="mailto:www@openbsd.org">www@openbsd.org</a>
<br><small>$OpenBSD: errata.html,v 1.565 2006/09/27 10:37:09 tom Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www