version 1.95, 2019/05/27 22:55:19 |
version 1.96, 2019/05/28 16:32:41 |
|
|
<hr> |
<hr> |
|
|
<ul> |
<ul> |
|
|
<li id="ipsec"> |
<li id="ipsec"> |
<strong>SECURITY FIX</strong> |
<strong>001: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
If IPSEC communication is attempted by starting photurisd(8) (which is |
If IPSEC communication is attempted by starting photurisd(8) (which is |
disabled by default), a system crash may be evoked from remote if |
disabled by default), a system crash may be evoked from remote if |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/ipsec.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/ipsec.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="xterm-xaw"> |
<li id="xterm-xaw"> |
<strong>SECURITY FIX</strong> |
<strong>002: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
As stated in CERT advisory VB-98.04, there are buffer |
As stated in CERT advisory VB-98.04, there are buffer |
overrun problems in <b>xterm</b> related to the input-Method, |
overrun problems in <b>xterm</b> related to the input-Method, |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/xterm-xaw.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/xterm-xaw.patch"> |
We provide a version of this patch file specifically for the OpenBSD 2.2 tree</a>. |
We provide a version of this patch file specifically for the OpenBSD 2.2 tree</a>. |
<p> |
<p> |
|
|
<li id="rmjob"> |
<li id="rmjob"> |
<strong>SECURITY FIX</strong> |
<strong>003: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
An exploitable buffer mismanagement exists in a subroutine used by |
An exploitable buffer mismanagement exists in a subroutine used by |
lprm and lpd. The problem is exploitable by users on a particular |
lprm and lpd. The problem is exploitable by users on a particular |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/rmjob.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/rmjob.patch"> |
A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
<p> |
<p> |
|
|
<li id="uucpd"> |
<li id="uucpd"> |
<strong>SECURITY FIX</strong> |
<strong>004: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A DNS-based vulnerability exists when uucpd is used. By default uucpd |
A DNS-based vulnerability exists when uucpd is used. By default uucpd |
is not enabled in the OpenBSD releases, but some sites may have enabled it. |
is not enabled in the OpenBSD releases, but some sites may have enabled it. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/uucpd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/uucpd.patch"> |
A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
<p> |
<p> |
|
|
<li id="named"> |
<li id="named"> |
<strong>SECURITY FIX</strong> |
<strong>005: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A vulnerability exists when (and only when) /etc/named.conf has the |
A vulnerability exists when (and only when) /etc/named.conf has the |
<b>fake-iquery</b> option enabled. |
<b>fake-iquery</b> option enabled. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/named.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/named.patch"> |
A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
<p> |
<p> |
|
|
<li id="ping"> |
<li id="ping"> |
<strong>SECURITY FIX</strong> |
<strong>006: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A vulnerability exists in ping(8); if the -R option is used to record |
A vulnerability exists in ping(8); if the -R option is used to record |
routes, an attacker can spoof a reply packet that will overflow inside |
routes, an attacker can spoof a reply packet that will overflow inside |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/ping.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/ping.patch"> |
A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
<p> |
<p> |
|
|
<li id="sourceroute"> |
<li id="sourceroute"> |
<strong>SECURITY FIX</strong> <i>All architectures</i><br> |
<strong>007: SECURITY FIX</strong> <i>All architectures</i><br> |
If the sysctl variable <b>net.inet.ip.forwarding</b> is |
If the sysctl variable <b>net.inet.ip.forwarding</b> is |
enabled (value 1), but the variable <b>net.inet.ip.sourceroute</b> |
enabled (value 1), but the variable <b>net.inet.ip.sourceroute</b> |
is disabled (value 0), the kernel will block source routed packets from |
is disabled (value 0), the kernel will block source routed packets from |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/sourceroute.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/sourceroute.patch"> |
A kernel patch is provided</a>. |
A kernel patch is provided</a>. |
<p> |
<p> |
|
|
<li id="ruserok"> |
<li id="ruserok"> |
<strong>SECURITY FIX</strong> |
<strong>008: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A combination localhost+remote host security problem exists if a |
A combination localhost+remote host security problem exists if a |
local user running a setuid binary causes a non-existent root .rhosts |
local user running a setuid binary causes a non-existent root .rhosts |
|
|
The problem with the ruserok() function appears to also exist in |
The problem with the ruserok() function appears to also exist in |
ssh 1.2.21 and previous (the ssh people have been alerted). |
ssh 1.2.21 and previous (the ssh people have been alerted). |
<p> |
<p> |
|
|
<li id="mmap"> |
<li id="mmap"> |
<strong>SECURITY FIX</strong> <i>All architectures</i><br> |
<strong>009: SECURITY FIX</strong> <i>All architectures</i><br> |
A bug in the vm system permits a file descriptor opened read-only on a |
A bug in the vm system permits a file descriptor opened read-only on a |
device, to later on be mmap(2)'d read-write, and then modified. This |
device, to later on be mmap(2)'d read-write, and then modified. This |
does not result in a security hole by itself, but it does violate the |
does not result in a security hole by itself, but it does violate the |
|
|
A kernel patch is available which corrects this behaviour (this is |
A kernel patch is available which corrects this behaviour (this is |
revision 3 of this patch)</a>. |
revision 3 of this patch)</a>. |
<p> |
<p> |
<li><strong>BUILD PROCESS FIX</strong> |
<li><strong>010: BUILD PROCESS FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Building an object tree from a read-only source tree (such as off a CDROM) |
Building an object tree from a read-only source tree (such as off a CDROM) |
may fail under certain circumstances (e.g. when creating a symlink on sparc |
may fail under certain circumstances (e.g. when creating a symlink on sparc |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/readlink.c"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/readlink.c"> |
A replacement source file exists</a>. |
A replacement source file exists</a>. |
<p> |
<p> |
|
|
<li id="mountd"> |
<li id="mountd"> |
<strong>SECURITY FIX</strong> |
<strong>011: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
If a line in /etc/exports which contains hostnames results in an empty |
If a line in /etc/exports which contains hostnames results in an empty |
list because none of the supplied hostnames is known, mountd(8) will |
list because none of the supplied hostnames is known, mountd(8) will |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/mountd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/mountd.patch"> |
A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
<p> |
<p> |
<li><strong>RELIABILITY FIX</strong> |
<li><strong>012: RELIABILITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Setting the MSG_EOR flag on a tcp packet in the send(2) family of |
Setting the MSG_EOR flag on a tcp packet in the send(2) family of |
system calls could cause a kernel panic. |
system calls could cause a kernel panic. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/send.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/send.patch"> |
A patch</a> to return EINVAL in this case is available. |
A patch</a> to return EINVAL in this case is available. |
<p> |
<p> |
|
|
<li id="f00f"> |
<li id="f00f"> |
<strong>RELIABILITY FIX</strong><br> |
<strong>013: RELIABILITY FIX</strong><br> |
The Intel P5 F00F bug was discovered after the CDRs had already been |
The Intel P5 F00F bug was discovered after the CDRs had already been |
sent to the manufacturer. This problem permits any user who has an account |
sent to the manufacturer. This problem permits any user who has an account |
to lock your machine up using a 4-line program. The problem only affects |
to lock your machine up using a 4-line program. The problem only affects |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/i386/f00f.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/i386/f00f.patch"> |
A kernel source-code patch is available</a>. |
A kernel source-code patch is available</a>. |
<p> |
<p> |
<li><strong>FUNCTIONALITY FIX</strong><br> |
<li><strong>014: FUNCTIONALITY FIX</strong><br> |
Some Linux binaries will execute in SVR4 emulation mode, which is |
Some Linux binaries will execute in SVR4 emulation mode, which is |
definitely a problem for people who need Linux emulation to work correctly. |
definitely a problem for people who need Linux emulation to work correctly. |
To solve this mis-identification problem, |
To solve this mis-identification problem, |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/i386/compat_linux.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/i386/compat_linux.patch"> |
a patch file is provided</a>. |
a patch file is provided</a>. |
<p> |
<p> |
<li><strong>RELIABILITY FIX</strong><br> |
<li><strong>015: RELIABILITY FIX</strong><br> |
APM can crash on machines without it. |
APM can crash on machines without it. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/i386/apm.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/i386/apm.patch"> |
A kernel source-code patch is available</a>. |
A kernel source-code patch is available</a>. |
<p> |
<p> |
<li><strong>INSTALLATION PROCESS FLAW</strong><br> |
<li><strong>016: INSTALLATION PROCESS FLAW</strong><br> |
A few people are running into this problem, particularly if they had some |
A few people are running into this problem, particularly if they had some |
other *BSD operating system on their machine before trying OpenBSD: if after |
other *BSD operating system on their machine before trying OpenBSD: if after |
installation onto an IDE-based machine, the kernel fails to mount the root |
installation onto an IDE-based machine, the kernel fails to mount the root |
|
|
To repair this, use the floppy to run "disklabel -E wd0", then using the |
To repair this, use the floppy to run "disklabel -E wd0", then using the |
"edit" command ensure the type field is set to "ST506". |
"edit" command ensure the type field is set to "ST506". |
<p> |
<p> |
<li><strong>NEW SOFTWARE</strong><br> |
<li><strong>017: NEW SOFTWARE</strong><br> |
Unfortunately, X11 binaries for the mac68k did not manage to make it onto the |
Unfortunately, X11 binaries for the mac68k did not manage to make it onto the |
CDROM. However, X11 for the mac68k is immediately available from |
CDROM. However, X11 for the mac68k is immediately available from |
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.2/mac68k/X11/X11R6.tar.gz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.2/mac68k/X11/X11R6.tar.gz"> |
|
|
be sure to read the <a href="https://ftp.openbsd.org/pub/OpenBSD/2.2/mac68k/X11/README.X11">README file</a> also in that directory for instructions on installing |
be sure to read the <a href="https://ftp.openbsd.org/pub/OpenBSD/2.2/mac68k/X11/README.X11">README file</a> also in that directory for instructions on installing |
and setting up X. |
and setting up X. |
<p> |
<p> |
<li><strong>INSTALLATION PROCESS FLAW</strong><br> |
<li><strong>018: INSTALLATION PROCESS FLAW</strong><br> |
As shipped on the CDROM, both the |
As shipped on the CDROM, both the |
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.2/mac68k/bsd-generic.tar.gz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.2/mac68k/bsd-generic.tar.gz"> |
generic kernel</a> |
generic kernel</a> |
|
|
mini-shell to "cpin" the kernel. Alternately, you could install the kernel |
mini-shell to "cpin" the kernel. Alternately, you could install the kernel |
with the Installer and use the mini-shell to move the binary from <code>/usr/src/...</code> to <code>/bsd</code>. |
with the Installer and use the mini-shell to move the binary from <code>/usr/src/...</code> to <code>/bsd</code>. |
<p> |
<p> |
<li><strong>RELIABILITY FIX</strong><br> |
<li><strong>019: RELIABILITY FIX</strong><br> |
Older 4/xxx systems (particularly the 4/300's) cannot boot |
Older 4/xxx systems (particularly the 4/300's) cannot boot |
with the 2.2 kernel due to bugs in the scsi device driver. |
with the 2.2 kernel due to bugs in the scsi device driver. |
<a href="https://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/esp.patch"> |
<a href="https://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/esp.patch"> |
|
|
<a href="https://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/bsd.scsi3">bsd.scsi3</a>, |
<a href="https://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/bsd.scsi3">bsd.scsi3</a>, |
and a replacement for bsd.rd is coming soon. |
and a replacement for bsd.rd is coming soon. |
<p> |
<p> |
|
|
<li id="sparciommu"> |
<li id="sparciommu"> |
<strong>RELIABILITY FIX</strong><br> |
<strong>020: RELIABILITY FIX</strong><br> |
SPARCstation 4 and 5 (Microsparc 2) users may see kernel panics when |
SPARCstation 4 and 5 (Microsparc 2) users may see kernel panics when |
using a custom kernel configured for option sun4m only. |
using a custom kernel configured for option sun4m only. |
<a href="https://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/sun4m.patch"> |
<a href="https://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/sun4m.patch"> |
A workaround (kernel source patch) is available</a>. Apply the patch and |
A workaround (kernel source patch) is available</a>. Apply the patch and |
then re-build your kernel. |
then re-build your kernel. |
<p> |
<p> |
<li><strong>FUNCTIONALITY FIX</strong><br> |
<li><strong>021: FUNCTIONALITY FIX</strong><br> |
Missing Xamiga manual pages. Get |
Missing Xamiga manual pages. Get |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/amiga/Xamiga-manual.tgz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/amiga/Xamiga-manual.tgz"> |
this package</a> and execute, <i>as root</i>:<br> |
this package</a> and execute, <i>as root</i>:<br> |
<b><b># </b>pkg_add Xamiga-manual.tgz</b><br> |
<b><b># </b>pkg_add Xamiga-manual.tgz</b><br> |
The MD5 checksum of this package is:<br> |
The MD5 checksum of this package is:<br> |
<b>MD5 (Xamiga-manual.tgz) = 2362a7857264b9d17f65cca258b42031</b><p> |
<b>MD5 (Xamiga-manual.tgz) = 2362a7857264b9d17f65cca258b42031</b> |
<li><strong>FUNCTIONALITY FIX</strong><br> |
<p> |
|
<li><strong>022: FUNCTIONALITY FIX</strong><br> |
The Ariadne ethernet support was broken, there will be both binary and |
The Ariadne ethernet support was broken, there will be both binary and |
source level fixes available shortly. If you are in a hurry mail |
source level fixes available shortly. If you are in a hurry mail |
<a href="mailto:niklas@openbsd.org">Niklas</a> for a test kernel.<p> |
<a href="mailto:niklas@openbsd.org">Niklas</a> for a test kernel.<p> |
<p> |
<p> |
<li><strong>FUNCTIONALITY FIX</strong><br> |
<li><strong>023: FUNCTIONALITY FIX</strong><br> |
There is a Year-1998 problem in the time-setting code (which causes the |
There is a Year-1998 problem in the time-setting code (which causes the |
date and time to be set incorrectly after a reboot in 1998). |
date and time to be set incorrectly after a reboot in 1998). |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/clock.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/clock.patch"> |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/bsd">bsd</a>, |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/bsd">bsd</a>, |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/bsd.rz0">bsd.rz0</a>. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/bsd.rz0">bsd.rz0</a>. |
<p> |
<p> |
<li><strong>FUNCTIONALITY FIX</strong><br> |
<li><strong>024: FUNCTIONALITY FIX</strong><br> |
X11 support for the 3min and 3maxplus machines was broken |
X11 support for the 3min and 3maxplus machines was broken |
due to a kernel bug. |
due to a kernel bug. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/fb.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/fb.patch"> |
A source code patch is available</a>. |
A source code patch is available</a>. |
<p> |
<p> |
|
|
<li id="ldso"> |
<li id="ldso"> |
<strong>SECURITY FIX</strong><br> |
<strong>025: SECURITY FIX</strong><br> |
A security problem in the shared library linker <b>ld.so</b> |
A security problem in the shared library linker <b>ld.so</b> |
requires that you replace it with a new binary. The following binary |
requires that you replace it with a new binary. The following binary |
will work on both pmax and arc machines. |
will work on both pmax and arc machines. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/ld.so"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/ld.so"> |
The replacement binary is here</a>. |
The replacement binary is here</a>. |
<p> |
<p> |
<li><strong>SECURITY FIX</strong><br> |
<li><strong>026: SECURITY FIX</strong><br> |
A security problem in the shared library linker <b>ld.so</b> requires |
A security problem in the shared library linker <b>ld.so</b> requires |
that you replace it with a new binary. The following binary |
that you replace it with a new binary. The following binary |
will work on both pmax and arc machines. |
will work on both pmax and arc machines. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/ld.so"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/ld.so"> |
The replacement binary is here</a>. |
The replacement binary is here</a>. |
<p> |
<p> |
<li><strong>MISSING FUNCTIONALITY</strong><br> |
<li><strong>027: MISSING FUNCTIONALITY</strong><br> |
Network Address Translation and other parts of IP Filtering do not work |
Network Address Translation and other parts of IP Filtering do not work |
on the alpha. This will be fixed in the 2.3 release, and perhaps earlier |
on the alpha. This will be fixed in the 2.3 release, and perhaps earlier |
in a snapshot. There is no patch for 2.2. |
in a snapshot. There is no patch for 2.2. |