| version 1.76, 2014/10/02 14:34:45 |
version 1.77, 2015/02/14 04:36:51 |
|
|
| <hr> |
<hr> |
| |
|
| <ul> |
<ul> |
| <li><a name="ipsec"></a> |
<li id="ipsec"> |
| <font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| If IPSEC communication is attempted by starting photurisd(8) (which is |
If IPSEC communication is attempted by starting photurisd(8) (which is |
|
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/ipsec.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/ipsec.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li><a name="xterm-xaw"></a> |
<li id="xterm-xaw"> |
| <font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| As stated in CERT advisory VB-98.04, there are buffer |
As stated in CERT advisory VB-98.04, there are buffer |
|
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/xterm-xaw.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/xterm-xaw.patch"> |
| We provide a version of this patch file specifically for the OpenBSD 2.2 tree</a>. |
We provide a version of this patch file specifically for the OpenBSD 2.2 tree</a>. |
| <p> |
<p> |
| <li><a name="rmjob"></a> |
<li id="rmjob"> |
| <font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| An exploitable buffer mismanagement exists in a subroutine used by |
An exploitable buffer mismanagement exists in a subroutine used by |
|
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/rmjob.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/rmjob.patch"> |
| A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
| <p> |
<p> |
| <li><a name="uucpd"></a> |
<li id="uucpd"> |
| <font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A DNS-based vulnerability exists when uucpd is used. By default uucpd |
A DNS-based vulnerability exists when uucpd is used. By default uucpd |
|
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/uucpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/uucpd.patch"> |
| A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
| <p> |
<p> |
| <li><a name="named"></a> |
<li id="named"> |
| <font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A vulnerability exists when (and only when) /etc/named.conf has the |
A vulnerability exists when (and only when) /etc/named.conf has the |
|
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/named.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/named.patch"> |
| A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
| <p> |
<p> |
| <li><a name="ping"></a> |
<li id="ping"> |
| <font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A vulnerability exists in ping(8); if the -R option is used to record |
A vulnerability exists in ping(8); if the -R option is used to record |
|
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/ping.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/ping.patch"> |
| A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
| <p> |
<p> |
| <li><a name="sourceroute"></a> |
<li id="sourceroute"> |
| <strong><font color="#009000">SECURITY FIX</font></strong> <i>All architectures</i><br> |
<strong><font color="#009000">SECURITY FIX</font></strong> <i>All architectures</i><br> |
| If the sysctl variable <strong>net.inet.ip.forwarding</strong> is |
If the sysctl variable <strong>net.inet.ip.forwarding</strong> is |
| enabled (value 1), but the variable <strong>net.inet.ip.sourceroute</strong> |
enabled (value 1), but the variable <strong>net.inet.ip.sourceroute</strong> |
|
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/sourceroute.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/sourceroute.patch"> |
| A kernel patch is provided</a>. |
A kernel patch is provided</a>. |
| <p> |
<p> |
| <li><a name="ruserok"></a> |
<li id="ruserok"> |
| <font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A combination localhost+remote host security problem exists if a |
A combination localhost+remote host security problem exists if a |
|
|
| The problem with the ruserok() function appears to also exist in |
The problem with the ruserok() function appears to also exist in |
| ssh 1.2.21 and previous (the ssh people have been alerted). |
ssh 1.2.21 and previous (the ssh people have been alerted). |
| <p> |
<p> |
| <li><a name="mmap"></a> |
<li id="mmap"> |
| <strong><font color="#009000">SECURITY FIX</font></strong> <i>All architectures</i><br> |
<strong><font color="#009000">SECURITY FIX</font></strong> <i>All architectures</i><br> |
| A bug in the vm system permits a file descriptor opened read-only on a |
A bug in the vm system permits a file descriptor opened read-only on a |
| device, to later on be mmap(2)'d read-write, and then modified. This |
device, to later on be mmap(2)'d read-write, and then modified. This |
|
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/readlink.c"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/readlink.c"> |
| A replacement source file exists</a>. |
A replacement source file exists</a>. |
| <p> |
<p> |
| <li><a name="mountd"></a> |
<li id="mountd"> |
| <font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| If a line in /etc/exports which contains hostnames results in an empty |
If a line in /etc/exports which contains hostnames results in an empty |
|
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/send.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/send.patch"> |
| A patch</a> to return EINVAL in this case is available. |
A patch</a> to return EINVAL in this case is available. |
| <p> |
<p> |
| <li><a name="f00f"></a> |
<li id="f00f"> |
| <font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
| The Intel P5 F00F bug was discovered after the CDRs had already been |
The Intel P5 F00F bug was discovered after the CDRs had already been |
| sent to the manufacturer. This problem permits any user who has an account |
sent to the manufacturer. This problem permits any user who has an account |
|
|
| <a href="http://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/bsd.scsi3">bsd.scsi3</a>, |
<a href="http://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/bsd.scsi3">bsd.scsi3</a>, |
| and a replacement for bsd.rd is coming soon. |
and a replacement for bsd.rd is coming soon. |
| <p> |
<p> |
| <li><a name="sparciommu"></a> |
<li id="sparciommu"> |
| <font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
| SPARCstation 4 and 5 (Microsparc 2) users may see kernel panics when |
SPARCstation 4 and 5 (Microsparc 2) users may see kernel panics when |
| using a custom kernel configured for option sun4m only. |
using a custom kernel configured for option sun4m only. |
|
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/fb.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/fb.patch"> |
| A source code patch is available</a>. |
A source code patch is available</a>. |
| <p> |
<p> |
| <li><a name="ldso"></a> |
<li id="ldso"> |
| <font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
| A security problem in the shared library linker <strong>ld.so</strong> |
A security problem in the shared library linker <strong>ld.so</strong> |
| requires that you replace it with a new binary. The following binary |
requires that you replace it with a new binary. The following binary |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata22.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www