version 1.61, 2014/03/31 03:12:47 |
version 1.62, 2014/03/31 03:36:54 |
|
|
|
|
<hr> |
<hr> |
|
|
<a name="all"></a> |
|
<h3><font color="#e00000">All architectures</font></h3> |
|
<ul> |
<ul> |
<li><a name="bootpd"></a> |
<li><a name="bootpd"></a> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
by default, but some people may actually be using it. |
by default, but some people may actually be using it. |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/bootpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/bootpd.patch"> |
|
|
This is the second version of the patch. |
This is the second version of the patch. |
<p> |
<p> |
<li><a name="tcpfix"></a> |
<li><a name="tcpfix"></a> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
A remote machine lockup problem exists in the TCP decoding code. |
A remote machine lockup problem exists in the TCP decoding code. |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="atapi"></a> |
<li><a name="atapi"></a> |
<font color="#009000"><strong>HARDWARE SUPPORT</strong></font><br> |
<font color="#009000"><strong>HARDWARE SUPPORT</strong></font> <i>All architectures</i><br> |
Some ATAPI cdroms which do not support the full mandatory command set, |
Some ATAPI cdroms which do not support the full mandatory command set, |
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. |
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. |
A patch is |
A patch is |
|
|
available here.</a> |
available here.</a> |
<p> |
<p> |
<li><a name="chpass"></a> |
<li><a name="chpass"></a> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
Chpass(1) has a file descriptor leak which allows an |
Chpass(1) has a file descriptor leak which allows an |
attacker to modify /etc/master.passwd. |
attacker to modify /etc/master.passwd. |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/chpass.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/chpass.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="resid"></a> |
<li><a name="resid"></a> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font> <i>All architectures</i><br> |
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a |
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a |
kernel panic. This is the third revision of this patch. |
kernel panic. This is the third revision of this patch. |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resid.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resid.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="inetd"></a> |
<li><a name="inetd"></a> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
Inetd had a file descriptor leak. A patch is |
Inetd had a file descriptor leak. A patch is |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch"> |
available here.</a> |
available here.</a> |
<p> |
<p> |
<li><a name="unionfs"></a> |
<li><a name="unionfs"></a> |
<font color="#009000"><strong>BUG FIX</strong></font><br> |
<font color="#009000"><strong>BUG FIX</strong></font> <i>All architectures</i><br> |
As shipped, unionfs had some serious problems. |
As shipped, unionfs had some serious problems. |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch"> |
A patch is available to solve this</a>. |
A patch is available to solve this</a>. |
<p> |
<p> |
<li><a name="fdalloc"></a> |
<li><a name="fdalloc"></a> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
Some non-allocated file descriptors have implied uses according to |
Some non-allocated file descriptors have implied uses according to |
system libraries, and hence setuid and setgid processes should not |
system libraries, and hence setuid and setgid processes should not |
be executed with these descriptors unallocated. A patch which forces |
be executed with these descriptors unallocated. A patch which forces |
|
|
available here.</a> |
available here.</a> |
<p> |
<p> |
<li><a name="resolver"></a> |
<li><a name="resolver"></a> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
A benign looking buffer overflow in the resolver routines was re-introduced |
A benign looking buffer overflow in the resolver routines was re-introduced |
accidentally. The previously fixed behaviour is more correct. A patch |
accidentally. The previously fixed behaviour is more correct. A patch |
to fix this is |
to fix this is |
|
|
available here.</a> |
available here.</a> |
<p> |
<p> |
<li><a name="xlib"></a> |
<li><a name="xlib"></a> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
Vulnerabilities have been found in the X11, Xt, Xaw and Xmu |
Vulnerabilities have been found in the X11, Xt, Xaw and Xmu |
libraries. These affect xterm and all other setuid-root programs that |
libraries. These affect xterm and all other setuid-root programs that |
use these libraries. The problems are associated with buffer overflows |
use these libraries. The problems are associated with buffer overflows |
|
|
OpenBSD 2.3 X11 tree, is available now. |
OpenBSD 2.3 X11 tree, is available now. |
<p> |
<p> |
<li><a name="kill"></a> |
<li><a name="kill"></a> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
The kill(2) system call previously would permit a large set of signals to |
The kill(2) system call previously would permit a large set of signals to |
be delivered to setuid or setgid processes. If such processes were using |
be delivered to setuid or setgid processes. If such processes were using |
those signals in dubious ways, this could have resulted in security |
those signals in dubious ways, this could have resulted in security |
|
|
available.</a> |
available.</a> |
<p> |
<p> |
<li><a name="immutable"></a> |
<li><a name="immutable"></a> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
A possible new security problem exists if you rely on securelevels and |
A possible new security problem exists if you rely on securelevels and |
immutable or append-only files or character devices. The fix does not |
immutable or append-only files or character devices. The fix does not |
permit mmap'ing of immutable or append-only files which are otherwise |
permit mmap'ing of immutable or append-only files which are otherwise |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="ipsec"></a> |
<li><a name="ipsec"></a> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
If IPSEC communication is attempted by starting photurisd(8) (which is |
If IPSEC communication is attempted by starting photurisd(8) (which is |
disabled by default), a system crash may be evoked from remote if |
disabled by default), a system crash may be evoked from remote if |
an attacker uses some classes of invalid packets. |
an attacker uses some classes of invalid packets. |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<a name="xterm-xaw"></a> |
<a name="xterm-xaw"></a> |
<li><font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<li><font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
As stated in CERT advisory VB-98.04, there are buffer |
As stated in CERT advisory VB-98.04, there are buffer |
overrun problems in <strong>xterm</strong> related to the input-Method, |
overrun problems in <strong>xterm</strong> related to the input-Method, |
preeditType, and *Keymap resources. Additional buffer overruns exist in |
preeditType, and *Keymap resources. Additional buffer overruns exist in |