===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata23.html,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -r1.77 -r1.78
--- www/errata23.html 2016/08/15 02:22:06 1.77
+++ www/errata23.html 2016/10/16 19:11:29 1.78
@@ -70,7 +70,7 @@
-
+
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
@@ -91,7 +91,7 @@
All architectures
A remotely exploitable problem exists in bootpd(8). bootpd is disabled
by default, but some people may actually be using it.
-
+
A source code patch exists which remedies this problem.
This is the second version of the patch.
@@ -99,7 +99,7 @@
SECURITY FIX
All architectures
A remote machine lockup problem exists in the TCP decoding code.
-
+
A source code patch exists which remedies this problem.
@@ -108,7 +108,7 @@
Some ATAPI cdroms which do not support the full mandatory command set,
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver.
A patch is
-
+
available here.
@@ -116,7 +116,7 @@
All architectures
Chpass(1) has a file descriptor leak which allows an
attacker to modify /etc/master.passwd.
-
+
A source code patch exists which remedies this problem.
@@ -124,21 +124,21 @@
All architectures
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a
kernel panic. This is the third revision of this patch.
-
+
A source code patch exists which remedies this problem.
SECURITY FIX
All architectures
Inetd had a file descriptor leak. A patch is
-
+
available here.
BUG FIX
All architectures
As shipped, unionfs had some serious problems.
-
+
A patch is available to solve this.
@@ -149,7 +149,7 @@
be executed with these descriptors unallocated. A patch which forces
setuid and setgid processes to have some descriptors in fd slots
0, 1, and 2 is
-
+
available here.
@@ -158,7 +158,7 @@
A benign looking buffer overflow in the resolver routines was re-introduced
accidentally. The previously fixed behaviour is more correct. A patch
to fix this is
-
+
available here.
@@ -173,7 +173,7 @@
distributed with OpenBSD are vulnerable to some or all of these
problems.
These problems are fixed in XFree86 patch 2.
-
+
The 2nd source patch for these problems, specifically adapted to the
OpenBSD 2.3 X11 tree, is available now.
@@ -184,7 +184,7 @@
be delivered to setuid or setgid processes. If such processes were using
those signals in dubious ways, this could have resulted in security
problems of various kinds.
-
+
The fourth revision of a source code patch which solves the problem is
available.
@@ -196,7 +196,7 @@
permit mmap'ing of immutable or append-only files which are otherwise
writable, as the VM system will bypass the meaning of the file flags
when writes happen to the file.
-
+
A source code patch exists which remedies this problem.
@@ -205,7 +205,7 @@
If IPSEC communication is attempted by starting photurisd(8) (which is
disabled by default), a system crash may be evoked from remote if
an attacker uses some classes of invalid packets.
-
+
A source code patch exists which remedies this problem.
@@ -221,23 +221,23 @@
a security vulnerability for any setuid-root program that uses the Xaw
library (including xterm). Patch1 from XFree86 3.3.2 corrects
these problems.
-
+
We provide a version of this patch file specifically for the OpenBSD 2.3 tree.
We also provide tar files which replace the xterm(1) binary and the libXaw
libraries on your system. These are expected to be extracted in
/usr/X11R6 using the command
"tar xvfpz Xawfix.tgz".
The files are...
-i386,
-alpha,
-mac68k,
-
+i386,
+alpha,
+mac68k,
+
mvme68k,
-hp300,
-sparc,
-pmax,
+hp300,
+sparc,
+pmax,
and
-arc.
+arc.
RELIABILITY FIX
@@ -249,8 +249,8 @@
CORRUPTED FILE
The CD version of the precompiled ghostscript package is corrupted and
not installable. The correct file can be retrieved by FTP from:
-
-http://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz.
+
+https://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz.
Its checksums (obtained with cksum(1), md5(1) and
sha1(1) respectively) are: