===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata23.html,v
retrieving revision 1.30
retrieving revision 1.31
diff -c -r1.30 -r1.31
*** www/errata23.html 2003/10/24 22:12:40 1.30
--- www/errata23.html 2003/11/21 16:55:15 1.31
***************
*** 8,13 ****
--- 8,14 ----
+
***************
*** 48,107 ****
!
!
!
All architectures
!
! - SECURITY FIX
A remotely exploitable problem exists in bootpd(8). bootpd is disabled
by default, but some people may actually be using it.
A source code patch exists which remedies this problem, this is the
second version of the patch.
!
!
- SECURITY FIX
A remote machine lockup problem exists in the TCP decoding code.
A source code patch exists which remedies this problem.
!
!
- HARDWARE SUPPORT
Some ATAPI cdroms which do not support the full mandatory command set,
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver.
A patch is
available here.
!
!
- SECURITY FIX
Chpass(1) has a file descriptor leak which allows an
attacker to modify /etc/master.passwd.
A source code patch exists which remedies this problem.
!
!
- RELIABILITY FIX
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a
kernel panic. This is the third revision of this patch.
A source code patch exists which remedies this problem.
!
!
- SECURITY FIX
Inetd had a file descriptor leak. A patch is
available here.
!
!
- BUG FIX
As shipped, unionfs had some serious problems.
A patch is available to solve this.
!
!
- SECURITY FIX
Some non-allocated file descriptors have implied uses according to
system libraries, and hence setuid and setgid processes should not
be executed with these descriptors unallocated. A patch which forces
--- 49,107 ----
!
! All architectures
! -
! SECURITY FIX
A remotely exploitable problem exists in bootpd(8). bootpd is disabled
by default, but some people may actually be using it.
A source code patch exists which remedies this problem, this is the
second version of the patch.
!
-
! SECURITY FIX
A remote machine lockup problem exists in the TCP decoding code.
A source code patch exists which remedies this problem.
!
-
! HARDWARE SUPPORT
Some ATAPI cdroms which do not support the full mandatory command set,
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver.
A patch is
available here.
!
-
! SECURITY FIX
Chpass(1) has a file descriptor leak which allows an
attacker to modify /etc/master.passwd.
A source code patch exists which remedies this problem.
!
-
! RELIABILITY FIX
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a
kernel panic. This is the third revision of this patch.
A source code patch exists which remedies this problem.
!
-
! SECURITY FIX
Inetd had a file descriptor leak. A patch is
available here.
!
-
! BUG FIX
As shipped, unionfs had some serious problems.
A patch is available to solve this.
!
-
! SECURITY FIX
Some non-allocated file descriptors have implied uses according to
system libraries, and hence setuid and setgid processes should not
be executed with these descriptors unallocated. A patch which forces
***************
*** 110,125 ****
available here.
!
!
- SECURITY FIX
A benign looking buffer overflow in the resolver routines was re-introduced
accidentally. The previously fixed behaviour is more correct. A patch
to fix this is
available here.
!
!
- SECURITY FIX
Vulnerabilities have been found in the X11, Xt, Xaw and Xmu
libraries. These affect xterm and all other setuid-root programs that
use these libraries. The problems are associated with buffer overflows
--- 110,125 ----
available here.
!
-
! SECURITY FIX
A benign looking buffer overflow in the resolver routines was re-introduced
accidentally. The previously fixed behaviour is more correct. A patch
to fix this is
available here.
!
-
! SECURITY FIX
Vulnerabilities have been found in the X11, Xt, Xaw and Xmu
libraries. These affect xterm and all other setuid-root programs that
use these libraries. The problems are associated with buffer overflows
***************
*** 133,140 ****
The 2nd source patch for these problems, specifically adapted to the
OpenBSD 2.3 X11 tree, is available now.
!
!
- SECURITY FIX
The kill(2) system call previously would permit a large set of signals to
be delivered to setuid or setgid processes. If such processes were using
those signals in dubious ways, this could have resulted in security
--- 133,140 ----
The 2nd source patch for these problems, specifically adapted to the
OpenBSD 2.3 X11 tree, is available now.
!
-
! SECURITY FIX
The kill(2) system call previously would permit a large set of signals to
be delivered to setuid or setgid processes. If such processes were using
those signals in dubious ways, this could have resulted in security
***************
*** 143,150 ****
The fourth revision of a source code patch which solves the problem is
available.
!
!
- SECURITY FIX
A possible new security problem exists if you rely on securelevels and
immutable or append-only files or character devices. The fix does not
permit mmap'ing of immutable or append-only files which are otherwise
--- 143,150 ----
The fourth revision of a source code patch which solves the problem is
available.
!
-
! SECURITY FIX
A possible new security problem exists if you rely on securelevels and
immutable or append-only files or character devices. The fix does not
permit mmap'ing of immutable or append-only files which are otherwise
***************
*** 153,167 ****
A source code patch exists which remedies this problem.
!
!
- SECURITY FIX
If IPSEC communication is attempted by starting photurisd(8) (which is
disabled by default), a system crash may be evoked from remote if
an attacker uses some classes of invalid packets.
A source code patch exists which remedies this problem.
!
- SECURITY FIX
As stated in CERT advisory VB-98.04, there are buffer
overrun problems in xterm related to the input-Method,
--- 153,167 ----
A source code patch exists which remedies this problem.
!
-
! SECURITY FIX
If IPSEC communication is attempted by starting photurisd(8) (which is
disabled by default), a system crash may be evoked from remote if
an attacker uses some classes of invalid packets.
A source code patch exists which remedies this problem.
!
- SECURITY FIX
As stated in CERT advisory VB-98.04, there are buffer
overrun problems in xterm related to the input-Method,
***************
*** 192,202 ****
arc.
!
! i386
!
! - RELIABILITY FIX
The pctr(4) driver has bugs that permit any user to crash the machine,
if the CPU is not an Intel CPU. This problem has been properly fixed
since, but fixes are hard to apply to the 2.2 or 2.3 releases. To avoid
--- 192,202 ----
arc.
!
! i386
! -
! RELIABILITY FIX
The pctr(4) driver has bugs that permit any user to crash the machine,
if the CPU is not an Intel CPU. This problem has been properly fixed
since, but fixes are hard to apply to the 2.2 or 2.3 releases. To avoid
***************
*** 215,221 ****
- SHA1 (ghostscript-5.10.tgz) = bd9374fa547ac0078d5207463d3b0a19d80d213c
!
- RELIABILITY FIX
The pcvt(4) console driver has a bug that can cause some keyboard
controllers to lock up when a key is pressed that toggles the status
--- 215,221 ----
- SHA1 (ghostscript-5.10.tgz) = bd9374fa547ac0078d5207463d3b0a19d80d213c
!
RELIABILITY FIX
The pcvt(4) console driver has a bug that can cause some keyboard
controllers to lock up when a key is pressed that toggles the status
***************
*** 226,239 ****
A source code patch exists which remedies this problem.
!
!
mac68k
- No problems identified yet.
!
! sparc
- RELIABILITY FIX
The 2.3 release does not run reliably on the sun4m LX/LC machines
--- 226,239 ----
A source code patch exists which remedies this problem.
!
! mac68k
- No problems identified yet.
!
! sparc
- RELIABILITY FIX
The 2.3 release does not run reliably on the sun4m LX/LC machines
***************
*** 247,254 ****
also available.
!
! amiga
- MINOR INCOMPATIBILITY
The AmigaOS patch
--- 247,254 ----
also available.
!
! amiga
- MINOR INCOMPATIBILITY
The AmigaOS patch
***************
*** 263,270 ****
PoolMem-aware.
!
! pmax
- RELEASE WARNING
The XFree86 binary set shipped on the CD and FTP site are not the
--- 263,270 ----
PoolMem-aware.
!
! pmax
!
! arc
!
! arc
- RELEASE WARNING
The XFree86 binary set shipped on the CD and FTP site are not the
***************
*** 317,339 ****
The XFree86 binary set was linked with an older version of the C
library. To work around the problem, do the following as root.
!
! cd /usr/lib/
!
! ln -s libc.so.18.0 libc.so.17
!
!
! alpha
- RELEASE WARNING
When you start the install an upgrade option is advertised but
there really is no such option.
!
! hp300
!
! alpha
- RELEASE WARNING
When you start the install an upgrade option is advertised but
there really is no such option.
!
! hp300
- RELEASE WARNING
When you start the install an upgrade option is advertised but
***************
*** 344,357 ****
A fix will be made available when 2.3 is out.
!
! mvme68k
- No problems identified yet.
!
! powerpc
- SECURITY FIX
The powerpc release shipped on the OpenBSD 2.3 CD does not contain
--- 341,354 ----
A fix will be made available when 2.3 is out.
!
! mvme68k
- No problems identified yet.
!
! powerpc
- SECURITY FIX
The powerpc release shipped on the OpenBSD 2.3 CD does not contain
***************
*** 362,368 ****
-
--- 359,364 ----
***************
*** 387,393 ****
www@openbsd.org
!
$OpenBSD: errata23.html,v 1.30 2003/10/24 22:12:40 david Exp $