| version 1.61, 2014/03/31 03:12:47 |
version 1.62, 2014/03/31 03:36:54 |
|
|
| |
|
| <hr> |
<hr> |
| |
|
| <a name="all"></a> |
|
| <h3><font color="#e00000">All architectures</font></h3> |
|
| <ul> |
<ul> |
| <li><a name="bootpd"></a> |
<li><a name="bootpd"></a> |
| <font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
| A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
| by default, but some people may actually be using it. |
by default, but some people may actually be using it. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/bootpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/bootpd.patch"> |
|
|
| This is the second version of the patch. |
This is the second version of the patch. |
| <p> |
<p> |
| <li><a name="tcpfix"></a> |
<li><a name="tcpfix"></a> |
| <font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
| A remote machine lockup problem exists in the TCP decoding code. |
A remote machine lockup problem exists in the TCP decoding code. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li><a name="atapi"></a> |
<li><a name="atapi"></a> |
| <font color="#009000"><strong>HARDWARE SUPPORT</strong></font><br> |
<font color="#009000"><strong>HARDWARE SUPPORT</strong></font> <i>All architectures</i><br> |
| Some ATAPI cdroms which do not support the full mandatory command set, |
Some ATAPI cdroms which do not support the full mandatory command set, |
| (e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. |
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. |
| A patch is |
A patch is |
|
|
| available here.</a> |
available here.</a> |
| <p> |
<p> |
| <li><a name="chpass"></a> |
<li><a name="chpass"></a> |
| <font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
| Chpass(1) has a file descriptor leak which allows an |
Chpass(1) has a file descriptor leak which allows an |
| attacker to modify /etc/master.passwd. |
attacker to modify /etc/master.passwd. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/chpass.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/chpass.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li><a name="resid"></a> |
<li><a name="resid"></a> |
| <font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font> <i>All architectures</i><br> |
| Calling readv(2) with iov_len < 0 or > INT_MAX would result in a |
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a |
| kernel panic. This is the third revision of this patch. |
kernel panic. This is the third revision of this patch. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resid.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resid.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li><a name="inetd"></a> |
<li><a name="inetd"></a> |
| <font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
| Inetd had a file descriptor leak. A patch is |
Inetd had a file descriptor leak. A patch is |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch"> |
| available here.</a> |
available here.</a> |
| <p> |
<p> |
| <li><a name="unionfs"></a> |
<li><a name="unionfs"></a> |
| <font color="#009000"><strong>BUG FIX</strong></font><br> |
<font color="#009000"><strong>BUG FIX</strong></font> <i>All architectures</i><br> |
| As shipped, unionfs had some serious problems. |
As shipped, unionfs had some serious problems. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch"> |
| A patch is available to solve this</a>. |
A patch is available to solve this</a>. |
| <p> |
<p> |
| <li><a name="fdalloc"></a> |
<li><a name="fdalloc"></a> |
| <font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
| Some non-allocated file descriptors have implied uses according to |
Some non-allocated file descriptors have implied uses according to |
| system libraries, and hence setuid and setgid processes should not |
system libraries, and hence setuid and setgid processes should not |
| be executed with these descriptors unallocated. A patch which forces |
be executed with these descriptors unallocated. A patch which forces |
|
|
| available here.</a> |
available here.</a> |
| <p> |
<p> |
| <li><a name="resolver"></a> |
<li><a name="resolver"></a> |
| <font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
| A benign looking buffer overflow in the resolver routines was re-introduced |
A benign looking buffer overflow in the resolver routines was re-introduced |
| accidentally. The previously fixed behaviour is more correct. A patch |
accidentally. The previously fixed behaviour is more correct. A patch |
| to fix this is |
to fix this is |
|
|
| available here.</a> |
available here.</a> |
| <p> |
<p> |
| <li><a name="xlib"></a> |
<li><a name="xlib"></a> |
| <font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
| Vulnerabilities have been found in the X11, Xt, Xaw and Xmu |
Vulnerabilities have been found in the X11, Xt, Xaw and Xmu |
| libraries. These affect xterm and all other setuid-root programs that |
libraries. These affect xterm and all other setuid-root programs that |
| use these libraries. The problems are associated with buffer overflows |
use these libraries. The problems are associated with buffer overflows |
|
|
| OpenBSD 2.3 X11 tree, is available now. |
OpenBSD 2.3 X11 tree, is available now. |
| <p> |
<p> |
| <li><a name="kill"></a> |
<li><a name="kill"></a> |
| <font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
| The kill(2) system call previously would permit a large set of signals to |
The kill(2) system call previously would permit a large set of signals to |
| be delivered to setuid or setgid processes. If such processes were using |
be delivered to setuid or setgid processes. If such processes were using |
| those signals in dubious ways, this could have resulted in security |
those signals in dubious ways, this could have resulted in security |
|
|
| available.</a> |
available.</a> |
| <p> |
<p> |
| <li><a name="immutable"></a> |
<li><a name="immutable"></a> |
| <font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
| A possible new security problem exists if you rely on securelevels and |
A possible new security problem exists if you rely on securelevels and |
| immutable or append-only files or character devices. The fix does not |
immutable or append-only files or character devices. The fix does not |
| permit mmap'ing of immutable or append-only files which are otherwise |
permit mmap'ing of immutable or append-only files which are otherwise |
|
|
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li><a name="ipsec"></a> |
<li><a name="ipsec"></a> |
| <font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
| If IPSEC communication is attempted by starting photurisd(8) (which is |
If IPSEC communication is attempted by starting photurisd(8) (which is |
| disabled by default), a system crash may be evoked from remote if |
disabled by default), a system crash may be evoked from remote if |
| an attacker uses some classes of invalid packets. |
an attacker uses some classes of invalid packets. |
|
|
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <a name="xterm-xaw"></a> |
<a name="xterm-xaw"></a> |
| <li><font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<li><font color="#009000"><strong>SECURITY FIX</strong></font> <i>All architectures</i><br> |
| As stated in CERT advisory VB-98.04, there are buffer |
As stated in CERT advisory VB-98.04, there are buffer |
| overrun problems in <strong>xterm</strong> related to the input-Method, |
overrun problems in <strong>xterm</strong> related to the input-Method, |
| preeditType, and *Keymap resources. Additional buffer overruns exist in |
preeditType, and *Keymap resources. Additional buffer overruns exist in |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata23.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www