version 1.76, 2014/10/02 14:34:45 |
version 1.77, 2015/02/14 04:36:51 |
|
|
<hr> |
<hr> |
|
|
<ul> |
<ul> |
<li><a name="ipsec"></a> |
<li id="ipsec"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
If IPSEC communication is attempted by starting photurisd(8) (which is |
If IPSEC communication is attempted by starting photurisd(8) (which is |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/ipsec.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/ipsec.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="xterm-xaw"></a> |
<li id="xterm-xaw"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
As stated in CERT advisory VB-98.04, there are buffer |
As stated in CERT advisory VB-98.04, there are buffer |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/xterm-xaw.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/xterm-xaw.patch"> |
We provide a version of this patch file specifically for the OpenBSD 2.2 tree</a>. |
We provide a version of this patch file specifically for the OpenBSD 2.2 tree</a>. |
<p> |
<p> |
<li><a name="rmjob"></a> |
<li id="rmjob"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
An exploitable buffer mismanagement exists in a subroutine used by |
An exploitable buffer mismanagement exists in a subroutine used by |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/rmjob.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/rmjob.patch"> |
A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
<p> |
<p> |
<li><a name="uucpd"></a> |
<li id="uucpd"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A DNS-based vulnerability exists when uucpd is used. By default uucpd |
A DNS-based vulnerability exists when uucpd is used. By default uucpd |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/uucpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/uucpd.patch"> |
A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
<p> |
<p> |
<li><a name="named"></a> |
<li id="named"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A vulnerability exists when (and only when) /etc/named.conf has the |
A vulnerability exists when (and only when) /etc/named.conf has the |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/named.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/named.patch"> |
A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
<p> |
<p> |
<li><a name="ping"></a> |
<li id="ping"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A vulnerability exists in ping(8); if the -R option is used to record |
A vulnerability exists in ping(8); if the -R option is used to record |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/ping.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/ping.patch"> |
A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
<p> |
<p> |
<li><a name="sourceroute"></a> |
<li id="sourceroute"> |
<strong><font color="#009000">SECURITY FIX</font></strong> <i>All architectures</i><br> |
<strong><font color="#009000">SECURITY FIX</font></strong> <i>All architectures</i><br> |
If the sysctl variable <strong>net.inet.ip.forwarding</strong> is |
If the sysctl variable <strong>net.inet.ip.forwarding</strong> is |
enabled (value 1), but the variable <strong>net.inet.ip.sourceroute</strong> |
enabled (value 1), but the variable <strong>net.inet.ip.sourceroute</strong> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/sourceroute.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/sourceroute.patch"> |
A kernel patch is provided</a>. |
A kernel patch is provided</a>. |
<p> |
<p> |
<li><a name="ruserok"></a> |
<li id="ruserok"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A combination localhost+remote host security problem exists if a |
A combination localhost+remote host security problem exists if a |
|
|
The problem with the ruserok() function appears to also exist in |
The problem with the ruserok() function appears to also exist in |
ssh 1.2.21 and previous (the ssh people have been alerted). |
ssh 1.2.21 and previous (the ssh people have been alerted). |
<p> |
<p> |
<li><a name="mmap"></a> |
<li id="mmap"> |
<strong><font color="#009000">SECURITY FIX</font></strong> <i>All architectures</i><br> |
<strong><font color="#009000">SECURITY FIX</font></strong> <i>All architectures</i><br> |
A bug in the vm system permits a file descriptor opened read-only on a |
A bug in the vm system permits a file descriptor opened read-only on a |
device, to later on be mmap(2)'d read-write, and then modified. This |
device, to later on be mmap(2)'d read-write, and then modified. This |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/readlink.c"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/readlink.c"> |
A replacement source file exists</a>. |
A replacement source file exists</a>. |
<p> |
<p> |
<li><a name="mountd"></a> |
<li id="mountd"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
If a line in /etc/exports which contains hostnames results in an empty |
If a line in /etc/exports which contains hostnames results in an empty |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/send.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/send.patch"> |
A patch</a> to return EINVAL in this case is available. |
A patch</a> to return EINVAL in this case is available. |
<p> |
<p> |
<li><a name="f00f"></a> |
<li id="f00f"> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
The Intel P5 F00F bug was discovered after the CDRs had already been |
The Intel P5 F00F bug was discovered after the CDRs had already been |
sent to the manufacturer. This problem permits any user who has an account |
sent to the manufacturer. This problem permits any user who has an account |
|
|
<a href="http://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/bsd.scsi3">bsd.scsi3</a>, |
<a href="http://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/bsd.scsi3">bsd.scsi3</a>, |
and a replacement for bsd.rd is coming soon. |
and a replacement for bsd.rd is coming soon. |
<p> |
<p> |
<li><a name="sparciommu"></a> |
<li id="sparciommu"> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
SPARCstation 4 and 5 (Microsparc 2) users may see kernel panics when |
SPARCstation 4 and 5 (Microsparc 2) users may see kernel panics when |
using a custom kernel configured for option sun4m only. |
using a custom kernel configured for option sun4m only. |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/fb.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/fb.patch"> |
A source code patch is available</a>. |
A source code patch is available</a>. |
<p> |
<p> |
<li><a name="ldso"></a> |
<li id="ldso"> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
A security problem in the shared library linker <strong>ld.so</strong> |
A security problem in the shared library linker <strong>ld.so</strong> |
requires that you replace it with a new binary. The following binary |
requires that you replace it with a new binary. The following binary |