=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata22.html,v retrieving revision 1.58 retrieving revision 1.59 diff -c -r1.58 -r1.59 *** www/errata22.html 2010/03/08 21:53:37 1.58 --- www/errata22.html 2010/07/08 19:00:07 1.59 *************** *** 52,58 ****
! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. --- 52,58 ----
! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. *************** *** 70,76 **** If IPSEC communication is attempted by starting photurisd(8) (which is disabled by default), a system crash may be evoked from remote if an attacker uses some classes of invalid packets. ! A source code patch exists which remedies this problem.

  • --- 70,76 ---- If IPSEC communication is attempted by starting photurisd(8) (which is disabled by default), a system crash may be evoked from remote if an attacker uses some classes of invalid packets. ! A source code patch exists which remedies this problem.

  • *************** *** 85,91 **** a security vulnerability for any setuid-root program that uses the Xaw library (including xterm). Patch1 from XFree86 3.3.2 corrects these problems. ! We provide a version of this patch file specifically for the OpenBSD 2.2 tree.

  • --- 85,91 ---- a security vulnerability for any setuid-root program that uses the Xaw library (including xterm). Patch1 from XFree86 3.3.2 corrects these problems. ! We provide a version of this patch file specifically for the OpenBSD 2.2 tree.

  • *************** *** 94,114 **** lprm and lpd. The problem is exploitable by users on a particular machine if there is an entry in /etc/printcap which points at a remote printer. ! A patch is available which corrects this behaviour.

  • SECURITY FIX
    A DNS-based vulnerability exists when uucpd is used. By default uucpd is not enabled in the OpenBSD releases, but some sites may have enabled it. ! A patch is available which corrects this behaviour.

  • SECURITY FIX
    A vulnerability exists when (and only when) /etc/named.conf has the fake-iquery option enabled. ! A patch is available which corrects this behaviour.

  • --- 94,114 ---- lprm and lpd. The problem is exploitable by users on a particular machine if there is an entry in /etc/printcap which points at a remote printer. ! A patch is available which corrects this behaviour.

  • SECURITY FIX
    A DNS-based vulnerability exists when uucpd is used. By default uucpd is not enabled in the OpenBSD releases, but some sites may have enabled it. ! A patch is available which corrects this behaviour.

  • SECURITY FIX
    A vulnerability exists when (and only when) /etc/named.conf has the fake-iquery option enabled. ! A patch is available which corrects this behaviour.

  • *************** *** 117,123 **** routes, an attacker can spoof a reply packet that will overflow inside ping. Preliminary investigation makes it look the worst attack possible is to make ping crash, but one never knows... ! A patch is available which corrects this behaviour.

  • --- 117,123 ---- routes, an attacker can spoof a reply packet that will overflow inside ping. Preliminary investigation makes it look the worst attack possible is to make ping crash, but one never knows... ! A patch is available which corrects this behaviour.

  • *************** *** 129,135 **** itself. Our fix changes the net.inet.ip.sourceroute variable semantics to mean that all source routed packets should be blocked completely. ! A kernel patch is provided.

  • --- 129,135 ---- itself. Our fix changes the net.inet.ip.sourceroute variable semantics to mean that all source routed packets should be blocked completely. ! A kernel patch is provided.

  • *************** *** 145,155 ****

    --- 145,155 ----

    *************** *** 172,178 **** safety semantics which securelevels are supposed to provide. If a user manages to gain kmem group permissions, using this problem they can then gain root trivially and/or turn securelevels off. ! A kernel patch is available which corrects this behaviour (this is revision 3 of this patch).

    --- 172,178 ---- safety semantics which securelevels are supposed to provide. If a user manages to gain kmem group permissions, using this problem they can then gain root trivially and/or turn securelevels off. ! A kernel patch is available which corrects this behaviour (this is revision 3 of this patch).

    *************** *** 182,188 **** whose target name is exactly 33 characters). As a workaround you have to either provide the source tree read/write, or install a newer version of /usr/bin/readlink. ! A replacement source file exists.

  • --- 182,188 ---- whose target name is exactly 33 characters). As a workaround you have to either provide the source tree read/write, or install a newer version of /usr/bin/readlink. ! A replacement source file exists.

  • *************** *** 190,202 **** If a line in /etc/exports which contains hostnames results in an empty list because none of the supplied hostnames is known, mountd(8) will accidentally export the filesystem to the world. ! A patch is available which corrects this behaviour.

  • RELIABILITY FIX
    Setting the MSG_EOR flag on a tcp packet in the send(2) family of system calls could cause a kernel panic. ! A patch to return EINVAL in this case is available.

    --- 190,202 ---- If a line in /etc/exports which contains hostnames results in an empty list because none of the supplied hostnames is known, mountd(8) will accidentally export the filesystem to the world. ! A patch is available which corrects this behaviour.

  • RELIABILITY FIX
    Setting the MSG_EOR flag on a tcp packet in the send(2) family of system calls could cause a kernel panic. ! A patch to return EINVAL in this case is available.

    *************** *** 210,228 **** to lock your machine up using a 4-line program. The problem only affects Intel P5 processors (the i386, i486, P-Pro, and P-II are not vulnerable, nor are processors by other manufacturers). ! A kernel source-code patch is available.

  • FUNCTIONALITY FIX
    Some Linux binaries will execute in SVR4 emulation mode, which is definitely a problem for people who need Linux emulation to work correctly. To solve this mis-identification problem, ! a patch file is provided.

  • RELIABILITY FIX
    APM can crash on machines without it. ! A kernel source-code patch is available.

  • INSTALLATION PROCESS FLAW
    --- 210,228 ---- to lock your machine up using a 4-line program. The problem only affects Intel P5 processors (the i386, i486, P-Pro, and P-II are not vulnerable, nor are processors by other manufacturers). ! A kernel source-code patch is available.

  • FUNCTIONALITY FIX
    Some Linux binaries will execute in SVR4 emulation mode, which is definitely a problem for people who need Linux emulation to work correctly. To solve this mis-identification problem, ! a patch file is provided.

  • RELIABILITY FIX
    APM can crash on machines without it. ! A kernel source-code patch is available.

  • INSTALLATION PROCESS FLAW
    *************** *** 242,266 ****
  • NEW SOFTWARE
    Unfortunately, X11 binaries for the mac68k did not manage to make it onto the CDROM. However, X11 for the mac68k is immediately available from ! ! ftp://ftp.OpenBSD.org/pub/OpenBSD/2.2/mac68k/X11/X11R6.tar.gz. Please ! be sure to read the README file also in that directory for instructions on installing and setting up X.

  • INSTALLATION PROCESS FLAW
    As shipped on the CDROM, both the ! generic kernel and the ! genericsbc kernel extract themselves into the wrong place in the filesystem. Both should extract a kernel named /bsd, but they extract the kernel into /usr/src/sys/arch/mac68k/compile instead.

    This has been fixed on the ftp release of OpenBSD 2.2, and ! fresh kernels are available from ! ftp://ftp.OpenBSD.ORG/pub/OpenBSD/2.2/mac68k/. If at all possible, installing these kernels is recommended.

    A number of possible workarounds exist if you don't have easy access to ftp --- 242,266 ----

  • NEW SOFTWARE
    Unfortunately, X11 binaries for the mac68k did not manage to make it onto the CDROM. However, X11 for the mac68k is immediately available from ! ! http://ftp.OpenBSD.org/pub/OpenBSD/2.2/mac68k/X11/X11R6.tar.gz. Please ! be sure to read the README file also in that directory for instructions on installing and setting up X.

  • INSTALLATION PROCESS FLAW
    As shipped on the CDROM, both the ! generic kernel and the ! genericsbc kernel extract themselves into the wrong place in the filesystem. Both should extract a kernel named /bsd, but they extract the kernel into /usr/src/sys/arch/mac68k/compile instead.

    This has been fixed on the ftp release of OpenBSD 2.2, and ! fresh kernels are available from ! http://ftp.OpenBSD.ORG/pub/OpenBSD/2.2/mac68k/. If at all possible, installing these kernels is recommended.

    A number of possible workarounds exist if you don't have easy access to ftp *************** *** 276,293 ****

  • RELIABILITY FIX
    Older 4/xxx systems (particularly the 4/300's) cannot boot with the 2.2 kernel due to bugs in the scsi device driver. ! A kernel source patch is available. Replacement kernels are available for: ! bsd, ! bsd.scsi3, and a replacement for bsd.rd is coming soon.

  • RELIABILITY FIX
    SPARCstation 4 and 5 (Microsparc 2) users may see kernel panics when using a custom kernel configured for option sun4m only. ! A workaround (kernel source patch) is available. Apply the patch and then re-build your kernel.

    --- 276,293 ----

  • RELIABILITY FIX
    Older 4/xxx systems (particularly the 4/300's) cannot boot with the 2.2 kernel due to bugs in the scsi device driver. ! A kernel source patch is available. Replacement kernels are available for: ! bsd, ! bsd.scsi3, and a replacement for bsd.rd is coming soon.

  • RELIABILITY FIX
    SPARCstation 4 and 5 (Microsparc 2) users may see kernel panics when using a custom kernel configured for option sun4m only. ! A workaround (kernel source patch) is available. Apply the patch and then re-build your kernel.

    *************** *** 297,303 ****

    *************** *** 342,348 **** A security problem in the shared library linker ld.so requires that you replace it with a new binary. The following binary will work on both pmax and arc machines. ! The replacement binary is here.

    --- 342,348 ---- A security problem in the shared library linker ld.so requires that you replace it with a new binary. The following binary will work on both pmax and arc machines. ! The replacement binary is here.

    *************** *** 405,411 ****

    OpenBSD www@openbsd.org !
    $OpenBSD: errata22.html,v 1.58 2010/03/08 21:53:37 deraadt Exp $ --- 405,411 ----
    OpenBSD www@openbsd.org !
    $OpenBSD: errata22.html,v 1.59 2010/07/08 19:00:07 sthen Exp $