| version 1.77, 2016/08/15 02:22:06 |
version 1.78, 2016/10/16 19:11:29 |
|
|
| <br> |
<br> |
| <hr> |
<hr> |
| |
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3.tar.gz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3.tar.gz"> |
| You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
| This file is updated once a day. |
This file is updated once a day. |
| <p> |
<p> |
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
| by default, but some people may actually be using it. |
by default, but some people may actually be using it. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/bootpd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/bootpd.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| This is the second version of the patch. |
This is the second version of the patch. |
| <p> |
<p> |
|
|
| <font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A remote machine lockup problem exists in the TCP decoding code. |
A remote machine lockup problem exists in the TCP decoding code. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="atapi"> |
<li id="atapi"> |
|
|
| Some ATAPI cdroms which do not support the full mandatory command set, |
Some ATAPI cdroms which do not support the full mandatory command set, |
| (e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. |
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. |
| A patch is |
A patch is |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/acd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/acd.patch"> |
| available here.</a> |
available here.</a> |
| <p> |
<p> |
| <li id="chpass"> |
<li id="chpass"> |
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Chpass(1) has a file descriptor leak which allows an |
Chpass(1) has a file descriptor leak which allows an |
| attacker to modify /etc/master.passwd. |
attacker to modify /etc/master.passwd. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/chpass.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/chpass.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="resid"> |
<li id="resid"> |
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Calling readv(2) with iov_len < 0 or > INT_MAX would result in a |
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a |
| kernel panic. This is the third revision of this patch. |
kernel panic. This is the third revision of this patch. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resid.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resid.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="inetd"> |
<li id="inetd"> |
| <font color="#009000"><strong>SECURITY FIX</strong></font> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Inetd had a file descriptor leak. A patch is |
Inetd had a file descriptor leak. A patch is |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch"> |
| available here.</a> |
available here.</a> |
| <p> |
<p> |
| <li id="unionfs"> |
<li id="unionfs"> |
| <font color="#009000"><strong>BUG FIX</strong></font> |
<font color="#009000"><strong>BUG FIX</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| As shipped, unionfs had some serious problems. |
As shipped, unionfs had some serious problems. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch"> |
| A patch is available to solve this</a>. |
A patch is available to solve this</a>. |
| <p> |
<p> |
| <li id="fdalloc"> |
<li id="fdalloc"> |
|
|
| be executed with these descriptors unallocated. A patch which forces |
be executed with these descriptors unallocated. A patch which forces |
| setuid and setgid processes to have some descriptors in fd slots |
setuid and setgid processes to have some descriptors in fd slots |
| 0, 1, and 2 is |
0, 1, and 2 is |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/fdalloc.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/fdalloc.patch"> |
| available here.</a> |
available here.</a> |
| <p> |
<p> |
| <li id="resolver"> |
<li id="resolver"> |
|
|
| A benign looking buffer overflow in the resolver routines was re-introduced |
A benign looking buffer overflow in the resolver routines was re-introduced |
| accidentally. The previously fixed behaviour is more correct. A patch |
accidentally. The previously fixed behaviour is more correct. A patch |
| to fix this is |
to fix this is |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resolver.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resolver.patch"> |
| available here.</a> |
available here.</a> |
| <p> |
<p> |
| <li id="xlib"> |
<li id="xlib"> |
|
|
| distributed with OpenBSD are vulnerable to some or all of these |
distributed with OpenBSD are vulnerable to some or all of these |
| problems. |
problems. |
| These problems are fixed in XFree86 patch 2. |
These problems are fixed in XFree86 patch 2. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/XFree86-3.3.2.2.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/XFree86-3.3.2.2.patch"> |
| The 2nd source patch</a> for these problems, specifically adapted to the |
The 2nd source patch</a> for these problems, specifically adapted to the |
| OpenBSD 2.3 X11 tree, is available now. |
OpenBSD 2.3 X11 tree, is available now. |
| <p> |
<p> |
|
|
| be delivered to setuid or setgid processes. If such processes were using |
be delivered to setuid or setgid processes. If such processes were using |
| those signals in dubious ways, this could have resulted in security |
those signals in dubious ways, this could have resulted in security |
| problems of various kinds. |
problems of various kinds. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/kill.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/kill.patch"> |
| The fourth revision of a source code patch which solves the problem is |
The fourth revision of a source code patch which solves the problem is |
| available.</a> |
available.</a> |
| <p> |
<p> |
|
|
| permit mmap'ing of immutable or append-only files which are otherwise |
permit mmap'ing of immutable or append-only files which are otherwise |
| writable, as the VM system will bypass the meaning of the file flags |
writable, as the VM system will bypass the meaning of the file flags |
| when writes happen to the file. |
when writes happen to the file. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/immutable.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/immutable.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="ipsec"> |
<li id="ipsec"> |
|
|
| If IPSEC communication is attempted by starting photurisd(8) (which is |
If IPSEC communication is attempted by starting photurisd(8) (which is |
| disabled by default), a system crash may be evoked from remote if |
disabled by default), a system crash may be evoked from remote if |
| an attacker uses some classes of invalid packets. |
an attacker uses some classes of invalid packets. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/ipsec.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/ipsec.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="xterm-xaw"> |
<li id="xterm-xaw"> |
|
|
| a security vulnerability for any setuid-root program that uses the Xaw |
a security vulnerability for any setuid-root program that uses the Xaw |
| library (including xterm). Patch1 from XFree86 3.3.2 corrects |
library (including xterm). Patch1 from XFree86 3.3.2 corrects |
| these problems. |
these problems. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/xterm-xaw.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/xterm-xaw.patch"> |
| We provide a version of this patch file specifically for the OpenBSD 2.3 tree</a>. |
We provide a version of this patch file specifically for the OpenBSD 2.3 tree</a>. |
| We also provide tar files which replace the xterm(1) binary and the libXaw |
We also provide tar files which replace the xterm(1) binary and the libXaw |
| libraries on your system. These are expected to be extracted in |
libraries on your system. These are expected to be extracted in |
| <strong>/usr/X11R6</strong> using the command |
<strong>/usr/X11R6</strong> using the command |
| <strong>"tar xvfpz Xawfix.tgz"</strong>. |
<strong>"tar xvfpz Xawfix.tgz"</strong>. |
| The files are... |
The files are... |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/Xawfix.tgz">i386</a>, |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/Xawfix.tgz">i386</a>, |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/alpha/Xawfix.tgz">alpha</a>, |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/alpha/Xawfix.tgz">alpha</a>, |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/mac68k/Xawfix.tgz">mac68k</a>, |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/mac68k/Xawfix.tgz">mac68k</a>, |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/mvme68k/Xawfix.tgz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/mvme68k/Xawfix.tgz"> |
| mvme68k</a>, |
mvme68k</a>, |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/hp300/Xawfix.tgz">hp300</a>, |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/hp300/Xawfix.tgz">hp300</a>, |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/Xawfix.tgz">sparc</a>, |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/Xawfix.tgz">sparc</a>, |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/pmax/Xawfix.tgz">pmax</a>, |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/pmax/Xawfix.tgz">pmax</a>, |
| and |
and |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/arc/Xawfix.tgz">arc</a>. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/arc/Xawfix.tgz">arc</a>. |
| <p> |
<p> |
| <li id="pctr"> |
<li id="pctr"> |
| <font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
|
|
| <li><font color="#009000"><strong>CORRUPTED FILE</strong></font><br> |
<li><font color="#009000"><strong>CORRUPTED FILE</strong></font><br> |
| The CD version of the precompiled ghostscript package is corrupted and |
The CD version of the precompiled ghostscript package is corrupted and |
| not installable. The correct file can be retrieved by FTP from: |
not installable. The correct file can be retrieved by FTP from: |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz"> |
| http://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz</a>. |
https://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz</a>. |
| Its checksums (obtained with <i>cksum(1)</i>, <i>md5(1)</i> and |
Its checksums (obtained with <i>cksum(1)</i>, <i>md5(1)</i> and |
| <i>sha1(1)</i> respectively) are: |
<i>sha1(1)</i> respectively) are: |
| <ul> |
<ul> |
|
|
| of a keyboard LED (scroll lock, caps lock, etc). The problem is |
of a keyboard LED (scroll lock, caps lock, etc). The problem is |
| generally intermittent and the keyboard can be "unlocked" by unplugging |
generally intermittent and the keyboard can be "unlocked" by unplugging |
| and plugging it back in. |
and plugging it back in. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/pcvt.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/pcvt.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li><font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
<li><font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
| The 2.3 release does not run reliably on the sun4m LX/LC machines |
The 2.3 release does not run reliably on the sun4m LX/LC machines |
| (ie. Sparc Classic). |
(ie. Sparc Classic). |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/iommureg.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/iommureg.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| Two kernels which replace the ones in the release are also provided: |
Two kernels which replace the ones in the release are also provided: |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/bsd">bsd</a> and |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/bsd">bsd</a> and |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/bsd.scsi3">bsd.scsi3</a>. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/bsd.scsi3">bsd.scsi3</a>. |
| Other replacements for the 2.3 install tools are |
Other replacements for the 2.3 install tools are |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc">also available</a>. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc">also available</a>. |
| <p> |
<p> |
| <li><font color="#009000"><strong>MINOR INCOMPATIBILITY</strong></font><br> |
<li><font color="#009000"><strong>MINOR INCOMPATIBILITY</strong></font><br> |
| The AmigaOS patch |
The AmigaOS patch |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata23.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www