version 1.49, 2010/03/08 21:53:37 |
version 1.50, 2010/07/08 19:00:07 |
|
|
<br> |
<br> |
<hr> |
<hr> |
|
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3.tar.gz"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3.tar.gz"> |
You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
This file is updated once a day. |
This file is updated once a day. |
|
|
|
|
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
by default, but some people may actually be using it. |
by default, but some people may actually be using it. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/bootpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/bootpd.patch"> |
A source code patch exists which remedies this problem</a>, this is the |
A source code patch exists which remedies this problem</a>, this is the |
second version of the patch. |
second version of the patch. |
<p> |
<p> |
<li><a name="tcpfix"></a> |
<li><a name="tcpfix"></a> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
A remote machine lockup problem exists in the TCP decoding code. |
A remote machine lockup problem exists in the TCP decoding code. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="atapi"></a> |
<li><a name="atapi"></a> |
|
|
Some ATAPI cdroms which do not support the full mandatory command set, |
Some ATAPI cdroms which do not support the full mandatory command set, |
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. |
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. |
A patch is |
A patch is |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/acd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/acd.patch"> |
available here.</a> |
available here.</a> |
<p> |
<p> |
<li><a name="chpass"></a> |
<li><a name="chpass"></a> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
Chpass(1) has a file descriptor leak which allows an |
Chpass(1) has a file descriptor leak which allows an |
attacker to modify /etc/master.passwd. |
attacker to modify /etc/master.passwd. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/chpass.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/chpass.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="resid"></a> |
<li><a name="resid"></a> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a |
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a |
kernel panic. This is the third revision of this patch. |
kernel panic. This is the third revision of this patch. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resid.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resid.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="inetd"></a> |
<li><a name="inetd"></a> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
Inetd had a file descriptor leak. A patch is |
Inetd had a file descriptor leak. A patch is |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch"> |
available here.</a> |
available here.</a> |
<p> |
<p> |
<li><a name="unionfs"></a> |
<li><a name="unionfs"></a> |
<font color="#009000"><strong>BUG FIX</strong></font><br> |
<font color="#009000"><strong>BUG FIX</strong></font><br> |
As shipped, unionfs had some serious problems. |
As shipped, unionfs had some serious problems. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch"> |
A patch is available to solve this</a>. |
A patch is available to solve this</a>. |
<p> |
<p> |
<li><a name="fdalloc"></a> |
<li><a name="fdalloc"></a> |
|
|
be executed with these descriptors unallocated. A patch which forces |
be executed with these descriptors unallocated. A patch which forces |
setuid and setgid processes to have some descriptors in fd slots |
setuid and setgid processes to have some descriptors in fd slots |
0, 1, and 2 is |
0, 1, and 2 is |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/fdalloc.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/fdalloc.patch"> |
available here.</a> |
available here.</a> |
<p> |
<p> |
<li><a name="resolver"></a> |
<li><a name="resolver"></a> |
|
|
A benign looking buffer overflow in the resolver routines was re-introduced |
A benign looking buffer overflow in the resolver routines was re-introduced |
accidentally. The previously fixed behaviour is more correct. A patch |
accidentally. The previously fixed behaviour is more correct. A patch |
to fix this is |
to fix this is |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resolver.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resolver.patch"> |
available here.</a> |
available here.</a> |
<p> |
<p> |
<li><a name="xlib"></a> |
<li><a name="xlib"></a> |
|
|
distributed with OpenBSD are vulnerable to some or all of these |
distributed with OpenBSD are vulnerable to some or all of these |
problems. |
problems. |
These problems are fixed in XFree86 patch 2. |
These problems are fixed in XFree86 patch 2. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/XFree86-3.3.2.2.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/XFree86-3.3.2.2.patch"> |
The 2nd source patch</a> for these problems, specifically adapted to the |
The 2nd source patch</a> for these problems, specifically adapted to the |
OpenBSD 2.3 X11 tree, is available now. |
OpenBSD 2.3 X11 tree, is available now. |
<p> |
<p> |
|
|
be delivered to setuid or setgid processes. If such processes were using |
be delivered to setuid or setgid processes. If such processes were using |
those signals in dubious ways, this could have resulted in security |
those signals in dubious ways, this could have resulted in security |
problems of various kinds. |
problems of various kinds. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/kill.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/kill.patch"> |
The fourth revision of a source code patch which solves the problem is |
The fourth revision of a source code patch which solves the problem is |
available.</a> |
available.</a> |
<p> |
<p> |
|
|
permit mmap'ing of immutable or append-only files which are otherwise |
permit mmap'ing of immutable or append-only files which are otherwise |
writable, as the VM system will bypass the meaning of the file flags |
writable, as the VM system will bypass the meaning of the file flags |
when writes happen to the file. |
when writes happen to the file. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/immutable.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/immutable.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="ipsec"></a> |
<li><a name="ipsec"></a> |
|
|
If IPSEC communication is attempted by starting photurisd(8) (which is |
If IPSEC communication is attempted by starting photurisd(8) (which is |
disabled by default), a system crash may be evoked from remote if |
disabled by default), a system crash may be evoked from remote if |
an attacker uses some classes of invalid packets. |
an attacker uses some classes of invalid packets. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/ipsec.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/ipsec.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<a name="xterm-xaw"></a> |
<a name="xterm-xaw"></a> |
|
|
a security vulnerability for any setuid-root program that uses the Xaw |
a security vulnerability for any setuid-root program that uses the Xaw |
library (including xterm). Patch1 from XFree86 3.3.2 corrects |
library (including xterm). Patch1 from XFree86 3.3.2 corrects |
these problems. |
these problems. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/xterm-xaw.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/xterm-xaw.patch"> |
We provide a version of this patch file specifically for the OpenBSD 2.3 tree</a>. |
We provide a version of this patch file specifically for the OpenBSD 2.3 tree</a>. |
We also provide tar files which replace the xterm(1) binary and the libXaw |
We also provide tar files which replace the xterm(1) binary and the libXaw |
libraries on your system. These are expected to be extracted in |
libraries on your system. These are expected to be extracted in |
<strong>/usr/X11R6</strong> using the command |
<strong>/usr/X11R6</strong> using the command |
<strong>"tar xvfpz Xawfix.tgz"</strong>. |
<strong>"tar xvfpz Xawfix.tgz"</strong>. |
The files are... |
The files are... |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/Xawfix.tgz">i386</a>, |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/Xawfix.tgz">i386</a>, |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/alpha/Xawfix.tgz">alpha</a>, |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/alpha/Xawfix.tgz">alpha</a>, |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/mac68k/Xawfix.tgz">mac68k</a>, |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/mac68k/Xawfix.tgz">mac68k</a>, |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/mvme68k/Xawfix.tgz"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/mvme68k/Xawfix.tgz"> |
mvme68k</a>, |
mvme68k</a>, |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/hp300/Xawfix.tgz">hp300</a>, |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/hp300/Xawfix.tgz">hp300</a>, |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/Xawfix.tgz">sparc</a>, |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/Xawfix.tgz">sparc</a>, |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/pmax/Xawfix.tgz">pmax</a>, |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/pmax/Xawfix.tgz">pmax</a>, |
and |
and |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/arc/Xawfix.tgz">arc</a>. |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/arc/Xawfix.tgz">arc</a>. |
<p> |
<p> |
</ul> |
</ul> |
<a name="i386"></a> |
<a name="i386"></a> |
|
|
<li><font color="#009000"><strong>CORRUPTED FILE</strong></font><br> |
<li><font color="#009000"><strong>CORRUPTED FILE</strong></font><br> |
The CD version of the precompiled ghostscript package is corrupted and |
The CD version of the precompiled ghostscript package is corrupted and |
not installable. The correct file can be retrieved by FTP from: |
not installable. The correct file can be retrieved by FTP from: |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz"> |
ftp://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz</a>. |
http://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz</a>. |
Its checksums (obtained with <i>cksum(1)</i>, <i>md5(1)</i> and |
Its checksums (obtained with <i>cksum(1)</i>, <i>md5(1)</i> and |
<i>sha1(1)</i> respectively) are: |
<i>sha1(1)</i> respectively) are: |
<ul> |
<ul> |
|
|
of a keyboard LED (scroll lock, caps lock, etc). The problem is |
of a keyboard LED (scroll lock, caps lock, etc). The problem is |
generally intermittent and the keyboard can be "unlocked" by unplugging |
generally intermittent and the keyboard can be "unlocked" by unplugging |
and plugging it back in. |
and plugging it back in. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/pcvt.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/pcvt.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
</ul> |
</ul> |
|
|
<li><font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
<li><font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
The 2.3 release does not run reliably on the sun4m LX/LC machines |
The 2.3 release does not run reliably on the sun4m LX/LC machines |
(ie. Sparc Classic). |
(ie. Sparc Classic). |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/iommureg.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/iommureg.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
Two kernels which replace the ones in the release are also provided: |
Two kernels which replace the ones in the release are also provided: |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/bsd">bsd</a> and |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/bsd">bsd</a> and |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/bsd.scsi3">bsd.scsi3</a>. |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/bsd.scsi3">bsd.scsi3</a>. |
Other replacements for the 2.3 install tools are |
Other replacements for the 2.3 install tools are |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc">also available</a>. |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc">also available</a>. |
<p> |
<p> |
</ul> |
</ul> |
<a name="amiga"></a> |
<a name="amiga"></a> |