=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata23.html,v retrieving revision 1.30 retrieving revision 1.31 diff -c -r1.30 -r1.31 *** www/errata23.html 2003/10/24 22:12:40 1.30 --- www/errata23.html 2003/11/21 16:55:15 1.31 *************** *** 8,13 **** --- 8,14 ---- + *************** *** 48,107 ****

! !

All architectures

SECURITY FIX
A remotely exploitable problem exists in bootpd(8). bootpd is disabled by default, but some people may actually be using it. A source code patch exists which remedies this problem, this is the second version of the patch.
! !
SECURITY FIX
A remote machine lockup problem exists in the TCP decoding code. A source code patch exists which remedies this problem.
! !
HARDWARE SUPPORT
Some ATAPI cdroms which do not support the full mandatory command set, (e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. A patch is available here.
! !
SECURITY FIX
Chpass(1) has a file descriptor leak which allows an attacker to modify /etc/master.passwd. A source code patch exists which remedies this problem.
! !
RELIABILITY FIX
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a kernel panic. This is the third revision of this patch. A source code patch exists which remedies this problem.
! !
SECURITY FIX
Inetd had a file descriptor leak. A patch is available here.
! !
BUG FIX
As shipped, unionfs had some serious problems. A patch is available to solve this.
! !
SECURITY FIX
Some non-allocated file descriptors have implied uses according to system libraries, and hence setuid and setgid processes should not be executed with these descriptors unallocated. A patch which forces --- 49,107 ----
! !
All architectures
- ! SECURITY FIX
  A remotely exploitable problem exists in bootpd(8). bootpd is disabled by default, but some people may actually be using it. A source code patch exists which remedies this problem, this is the second version of the patch.
  !
- ! SECURITY FIX
  A remote machine lockup problem exists in the TCP decoding code. A source code patch exists which remedies this problem.
  !
- ! HARDWARE SUPPORT
  Some ATAPI cdroms which do not support the full mandatory command set, (e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. A patch is available here.
  !
- ! SECURITY FIX
  Chpass(1) has a file descriptor leak which allows an attacker to modify /etc/master.passwd. A source code patch exists which remedies this problem.
  !
- ! RELIABILITY FIX
  Calling readv(2) with iov_len < 0 or > INT_MAX would result in a kernel panic. This is the third revision of this patch. A source code patch exists which remedies this problem.
  !
- ! SECURITY FIX
  Inetd had a file descriptor leak. A patch is available here.
  !
- ! BUG FIX
  As shipped, unionfs had some serious problems. A patch is available to solve this.
  !
- ! SECURITY FIX
  Some non-allocated file descriptors have implied uses according to system libraries, and hence setuid and setgid processes should not be executed with these descriptors unallocated. A patch which forces *************** *** 110,125 **** available here.
  ! !
- SECURITY FIX
  A benign looking buffer overflow in the resolver routines was re-introduced accidentally. The previously fixed behaviour is more correct. A patch to fix this is available here.
  ! !
- SECURITY FIX
  Vulnerabilities have been found in the X11, Xt, Xaw and Xmu libraries. These affect xterm and all other setuid-root programs that use these libraries. The problems are associated with buffer overflows --- 110,125 ---- available here.
  !
- ! SECURITY FIX
  A benign looking buffer overflow in the resolver routines was re-introduced accidentally. The previously fixed behaviour is more correct. A patch to fix this is available here.
  !
- ! SECURITY FIX
  Vulnerabilities have been found in the X11, Xt, Xaw and Xmu libraries. These affect xterm and all other setuid-root programs that use these libraries. The problems are associated with buffer overflows *************** *** 133,140 **** The 2nd source patch for these problems, specifically adapted to the OpenBSD 2.3 X11 tree, is available now.
  ! !
- SECURITY FIX
  The kill(2) system call previously would permit a large set of signals to be delivered to setuid or setgid processes. If such processes were using those signals in dubious ways, this could have resulted in security --- 133,140 ---- The 2nd source patch for these problems, specifically adapted to the OpenBSD 2.3 X11 tree, is available now.
  !
- ! SECURITY FIX
  The kill(2) system call previously would permit a large set of signals to be delivered to setuid or setgid processes. If such processes were using those signals in dubious ways, this could have resulted in security *************** *** 143,150 **** The fourth revision of a source code patch which solves the problem is available.
  ! !
- SECURITY FIX
  A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices. The fix does not permit mmap'ing of immutable or append-only files which are otherwise --- 143,150 ---- The fourth revision of a source code patch which solves the problem is available.
  !
- ! SECURITY FIX
  A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices. The fix does not permit mmap'ing of immutable or append-only files which are otherwise *************** *** 153,167 **** A source code patch exists which remedies this problem.
  ! !
- SECURITY FIX
  If IPSEC communication is attempted by starting photurisd(8) (which is disabled by default), a system crash may be evoked from remote if an attacker uses some classes of invalid packets. A source code patch exists which remedies this problem.
  !
- SECURITY FIX
  As stated in CERT advisory VB-98.04, there are buffer overrun problems in xterm related to the input-Method, --- 153,167 ---- A source code patch exists which remedies this problem.
  !
- ! SECURITY FIX
  If IPSEC communication is attempted by starting photurisd(8) (which is disabled by default), a system crash may be evoked from remote if an attacker uses some classes of invalid packets. A source code patch exists which remedies this problem.
  !
- SECURITY FIX
  As stated in CERT advisory VB-98.04, there are buffer overrun problems in xterm related to the input-Method, *************** *** 192,202 **** arc.
! !
i386
- RELIABILITY FIX
  The pctr(4) driver has bugs that permit any user to crash the machine, if the CPU is not an Intel CPU. This problem has been properly fixed since, but fixes are hard to apply to the 2.2 or 2.3 releases. To avoid --- 192,202 ---- arc.
! !
i386
- ! RELIABILITY FIX
  The pctr(4) driver has bugs that permit any user to crash the machine, if the CPU is not an Intel CPU. This problem has been properly fixed since, but fixes are hard to apply to the 2.2 or 2.3 releases. To avoid *************** *** 215,221 ****
- SHA1 (ghostscript-5.10.tgz) = bd9374fa547ac0078d5207463d3b0a19d80d213c
!
RELIABILITY FIX
The pcvt(4) console driver has a bug that can cause some keyboard controllers to lock up when a key is pressed that toggles the status --- 215,221 ----
SHA1 (ghostscript-5.10.tgz) = bd9374fa547ac0078d5207463d3b0a19d80d213c

RELIABILITY FIX
The pcvt(4) console driver has a bug that can cause some keyboard controllers to lock up when a key is pressed that toggles the status *************** *** 226,239 **** A source code patch exists which remedies this problem.

! !

mac68k

No problems identified yet.

! !

sparc

RELIABILITY FIX
The 2.3 release does not run reliably on the sun4m LX/LC machines --- 226,239 ---- A source code patch exists which remedies this problem.

! !

mac68k

No problems identified yet.

! !

sparc

RELIABILITY FIX
The 2.3 release does not run reliably on the sun4m LX/LC machines *************** *** 247,254 **** also available.

! !

amiga

MINOR INCOMPATIBILITY
The AmigaOS patch --- 247,254 ---- also available.

! !

amiga

MINOR INCOMPATIBILITY
The AmigaOS patch *************** *** 263,270 **** PoolMem-aware.

! !

pmax

RELEASE WARNING
The XFree86 binary set shipped on the CD and FTP site are not the --- 263,270 ---- PoolMem-aware.

! !

pmax

RELEASE WARNING
The XFree86 binary set shipped on the CD and FTP site are not the *************** *** 276,286 **** The XFree86 binary set was linked with an older version of the C library. To work around the problem, do the following as root.
!
X11 RELEASE ERROR
The X11R5 server used in this port does not understand the default --- 276,285 ---- The XFree86 binary set was linked with an older version of the C library. To work around the problem, do the following as root.
!
```
!     cd /usr/lib/
!     ln -s libc.so.18.0 libc.so.17
! 
```
X11 RELEASE ERROR
The X11R5 server used in this port does not understand the default *************** *** 288,311 **** clients being able to connect to the server. To fix this problem add the line below to /usr/X11R6/lib/X11/xdm/xdm-config.
!
INSTALLATION PROCESS FLAW
The pmax install does not correctly install the boot block. To work around the problem, after the install program has finished, do the following (assuming scsi id 0):
!

! !

arc

RELEASE WARNING
The XFree86 binary set shipped on the CD and FTP site are not the --- 287,309 ---- clients being able to connect to the server. To fix this problem add the line below to /usr/X11R6/lib/X11/xdm/xdm-config.
!
```
!     DisplayManager._0.authName: MIT-MAGIC-COOKIE-1
! 
```
INSTALLATION PROCESS FLAW
The pmax install does not correctly install the boot block. To work around the problem, after the install program has finished, do the following (assuming scsi id 0):
!
```
!     disklabel rz0 > /tmp/label
!     disklabel -R -B rz0 /tmp/label
! 
```

! !

arc

RELEASE WARNING
The XFree86 binary set shipped on the CD and FTP site are not the *************** *** 317,339 **** The XFree86 binary set was linked with an older version of the C library. To work around the problem, do the following as root.
!

! !

alpha

RELEASE WARNING
When you start the install an upgrade option is advertised but there really is no such option.

! !

hp300

RELEASE WARNING
When you start the install an upgrade option is advertised but --- 315,336 ---- The XFree86 binary set was linked with an older version of the C library. To work around the problem, do the following as root.
!
```
!     cd /usr/lib/
!     ln -s libc.so.18.0 libc.so.17
! 
```

! !

alpha

RELEASE WARNING
When you start the install an upgrade option is advertised but there really is no such option.

! !

hp300

RELEASE WARNING
When you start the install an upgrade option is advertised but *************** *** 344,357 **** A fix will be made available when 2.3 is out.

! !

mvme68k

No problems identified yet.

! !

powerpc

SECURITY FIX
The powerpc release shipped on the OpenBSD 2.3 CD does not contain --- 341,354 ---- A fix will be made available when 2.3 is out.

! !

mvme68k

No problems identified yet.

! !

powerpc

SECURITY FIX
The powerpc release shipped on the OpenBSD 2.3 CD does not contain *************** *** 362,368 ****

--- 359,364 ---- *************** *** 387,393 ****

www@openbsd.org !
$OpenBSD: errata23.html,v 1.30 2003/10/24 22:12:40 david Exp $ --- 383,389 ----

www@openbsd.org !
$OpenBSD: errata23.html,v 1.31 2003/11/21 16:55:15 henning Exp $

All architectures

All architectures

i386

i386

mac68k

sparc

mac68k

sparc

amiga

amiga

pmax

pmax

arc

arc

alpha

hp300

alpha

hp300

mvme68k

powerpc

mvme68k

powerpc