version 1.85, 2019/05/27 22:55:19 |
version 1.86, 2019/05/28 16:32:41 |
|
|
<hr> |
<hr> |
|
|
<ul> |
<ul> |
|
|
<li id="bootpd"> |
<li id="bootpd"> |
<strong>SECURITY FIX</strong> |
<strong>001: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
by default, but some people may actually be using it. |
by default, but some people may actually be using it. |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
This is the second version of the patch. |
This is the second version of the patch. |
<p> |
<p> |
|
|
<li id="tcpfix"> |
<li id="tcpfix"> |
<strong>SECURITY FIX</strong> |
<strong>002: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A remote machine lockup problem exists in the TCP decoding code. |
A remote machine lockup problem exists in the TCP decoding code. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="atapi"> |
<li id="atapi"> |
<strong>HARDWARE SUPPORT</strong> |
<strong>003: HARDWARE SUPPORT</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Some ATAPI cdroms which do not support the full mandatory command set, |
Some ATAPI cdroms which do not support the full mandatory command set, |
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. |
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/acd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/acd.patch"> |
available here.</a> |
available here.</a> |
<p> |
<p> |
|
|
<li id="chpass"> |
<li id="chpass"> |
<strong>SECURITY FIX</strong> |
<strong>004: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Chpass(1) has a file descriptor leak which allows an |
Chpass(1) has a file descriptor leak which allows an |
attacker to modify /etc/master.passwd. |
attacker to modify /etc/master.passwd. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/chpass.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/chpass.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="resid"> |
<li id="resid"> |
<strong>RELIABILITY FIX</strong> |
<strong>005: RELIABILITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a |
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a |
kernel panic. This is the third revision of this patch. |
kernel panic. This is the third revision of this patch. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resid.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resid.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="inetd"> |
<li id="inetd"> |
<strong>SECURITY FIX</strong> |
<strong>006: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Inetd had a file descriptor leak. A patch is |
Inetd had a file descriptor leak. A patch is |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch"> |
available here.</a> |
available here.</a> |
<p> |
<p> |
|
|
<li id="unionfs"> |
<li id="unionfs"> |
<strong>BUG FIX</strong> |
<strong>007: BUG FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
As shipped, unionfs had some serious problems. |
As shipped, unionfs had some serious problems. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch"> |
A patch is available to solve this</a>. |
A patch is available to solve this</a>. |
<p> |
<p> |
|
|
<li id="fdalloc"> |
<li id="fdalloc"> |
<strong>SECURITY FIX</strong> |
<strong>008: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Some non-allocated file descriptors have implied uses according to |
Some non-allocated file descriptors have implied uses according to |
system libraries, and hence setuid and setgid processes should not |
system libraries, and hence setuid and setgid processes should not |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/fdalloc.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/fdalloc.patch"> |
available here.</a> |
available here.</a> |
<p> |
<p> |
|
|
<li id="resolver"> |
<li id="resolver"> |
<strong>SECURITY FIX</strong> |
<strong>009: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A benign looking buffer overflow in the resolver routines was re-introduced |
A benign looking buffer overflow in the resolver routines was re-introduced |
accidentally. The previously fixed behaviour is more correct. A patch |
accidentally. The previously fixed behaviour is more correct. A patch |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resolver.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resolver.patch"> |
available here.</a> |
available here.</a> |
<p> |
<p> |
|
|
<li id="xlib"> |
<li id="xlib"> |
<strong>SECURITY FIX</strong> |
<strong>010: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Vulnerabilities have been found in the X11, Xt, Xaw and Xmu |
Vulnerabilities have been found in the X11, Xt, Xaw and Xmu |
libraries. These affect xterm and all other setuid-root programs that |
libraries. These affect xterm and all other setuid-root programs that |
|
|
The 2nd source patch</a> for these problems, specifically adapted to the |
The 2nd source patch</a> for these problems, specifically adapted to the |
OpenBSD 2.3 X11 tree, is available now. |
OpenBSD 2.3 X11 tree, is available now. |
<p> |
<p> |
|
|
<li id="kill"> |
<li id="kill"> |
<strong>SECURITY FIX</strong> |
<strong>011: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The kill(2) system call previously would permit a large set of signals to |
The kill(2) system call previously would permit a large set of signals to |
be delivered to setuid or setgid processes. If such processes were using |
be delivered to setuid or setgid processes. If such processes were using |
|
|
The fourth revision of a source code patch which solves the problem is |
The fourth revision of a source code patch which solves the problem is |
available.</a> |
available.</a> |
<p> |
<p> |
|
|
<li id="immutable"> |
<li id="immutable"> |
<strong>SECURITY FIX</strong> |
<strong>012: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A possible new security problem exists if you rely on securelevels and |
A possible new security problem exists if you rely on securelevels and |
immutable or append-only files or character devices. The fix does not |
immutable or append-only files or character devices. The fix does not |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/immutable.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/immutable.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="ipsec"> |
<li id="ipsec"> |
<strong>SECURITY FIX</strong> |
<strong>013: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
If IPSEC communication is attempted by starting photurisd(8) (which is |
If IPSEC communication is attempted by starting photurisd(8) (which is |
disabled by default), a system crash may be evoked from remote if |
disabled by default), a system crash may be evoked from remote if |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/ipsec.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/ipsec.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="xterm-xaw"> |
<li id="xterm-xaw"> |
<strong>SECURITY FIX</strong> |
<strong>014: SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
As stated in CERT advisory VB-98.04, there are buffer |
As stated in CERT advisory VB-98.04, there are buffer |
overrun problems in <b>xterm</b> related to the input-Method, |
overrun problems in <b>xterm</b> related to the input-Method, |
|
|
and |
and |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/arc/Xawfix.tgz">arc</a>. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/arc/Xawfix.tgz">arc</a>. |
<p> |
<p> |
|
|
<li id="pctr"> |
<li id="pctr"> |
<strong>RELIABILITY FIX</strong><br> |
<strong>015: RELIABILITY FIX</strong><br> |
The pctr(4) driver has bugs that permit any user to crash the machine, |
The pctr(4) driver has bugs that permit any user to crash the machine, |
if the CPU is not an Intel CPU. This problem has been properly fixed |
if the CPU is not an Intel CPU. This problem has been properly fixed |
since, but fixes are hard to apply to the 2.2 or 2.3 releases. To avoid |
since, but fixes are hard to apply to the 2.2 or 2.3 releases. To avoid |
the problem, recompile your kernel without the pctr(4) device driver. |
the problem, recompile your kernel without the pctr(4) device driver. |
<p> |
<p> |
<li><strong>CORRUPTED FILE</strong><br> |
<li><strong>016: CORRUPTED FILE</strong><br> |
The CD version of the precompiled ghostscript package is corrupted and |
The CD version of the precompiled ghostscript package is corrupted and |
not installable. The correct file can be retrieved by FTP from: |
not installable. The correct file can be retrieved by FTP from: |
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz"> |
|
|
<li>SHA1 (ghostscript-5.10.tgz) = bd9374fa547ac0078d5207463d3b0a19d80d213c |
<li>SHA1 (ghostscript-5.10.tgz) = bd9374fa547ac0078d5207463d3b0a19d80d213c |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li id="pcvt"> |
<li id="pcvt"> |
<strong>RELIABILITY FIX</strong><br> |
<strong>017: RELIABILITY FIX</strong><br> |
The pcvt(4) console driver has a bug that can cause some keyboard |
The pcvt(4) console driver has a bug that can cause some keyboard |
controllers to lock up when a key is pressed that toggles the status |
controllers to lock up when a key is pressed that toggles the status |
of a keyboard LED (scroll lock, caps lock, etc). The problem is |
of a keyboard LED (scroll lock, caps lock, etc). The problem is |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/pcvt.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/pcvt.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><strong>RELIABILITY FIX</strong><br> |
<li><strong>018: RELIABILITY FIX</strong><br> |
The 2.3 release does not run reliably on the sun4m LX/LC machines |
The 2.3 release does not run reliably on the sun4m LX/LC machines |
(ie. Sparc Classic). |
(ie. Sparc Classic). |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/iommureg.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/iommureg.patch"> |
|
|
Other replacements for the 2.3 install tools are |
Other replacements for the 2.3 install tools are |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc">also available</a>. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc">also available</a>. |
<p> |
<p> |
<li><strong>MINOR INCOMPATIBILITY</strong><br> |
<li><strong>019: MINOR INCOMPATIBILITY</strong><br> |
The AmigaOS patch |
The AmigaOS patch |
<a href="http://us.aminet.net/pub/aminet/util/sys/PoolMem.lha">PoolMem</a> |
<a href="http://us.aminet.net/pub/aminet/util/sys/PoolMem.lha">PoolMem</a> |
improves AmigaOS memory handling tremendously, but confuses loadbsd, which |
improves AmigaOS memory handling tremendously, but confuses loadbsd, which |
|
|
right before running loadbsd. The next release of loadbsd will probably be |
right before running loadbsd. The next release of loadbsd will probably be |
PoolMem-aware. |
PoolMem-aware. |
<p> |
<p> |
<li><strong>RELEASE WARNING</strong><br> |
<li><strong>020: RELEASE WARNING</strong><br> |
The XFree86 binary set shipped on the CD and FTP site are not the |
The XFree86 binary set shipped on the CD and FTP site are not the |
exact final set that we shipped for the other releases. A few minor |
exact final set that we shipped for the other releases. A few minor |
changes, mostly in <b>xdm(1)</b> configuration, were made |
changes, mostly in <b>xdm(1)</b> configuration, were made |
after those binaries were made. Patches for this might come out later. |
after those binaries were made. Patches for this might come out later. |
<p> |
<p> |
<li><strong>X11 RELEASE ERROR</strong><br> |
<li><strong>021: X11 RELEASE ERROR</strong><br> |
The XFree86 binary set was linked with an older version of the C |
The XFree86 binary set was linked with an older version of the C |
library. To work around the problem, do the following as root. |
library. To work around the problem, do the following as root. |
<p> |
<p> |
|
|
ln -s libc.so.18.0 libc.so.17 |
ln -s libc.so.18.0 libc.so.17 |
</pre> |
</pre> |
<p> |
<p> |
<li><strong>X11 RELEASE ERROR</strong><br> |
<li><strong>022: X11 RELEASE ERROR</strong><br> |
The X11R5 server used in this port does not understand the default |
The X11R5 server used in this port does not understand the default |
authorization types used by the X11R6 clients, which results in no |
authorization types used by the X11R6 clients, which results in no |
clients being able to connect to the server. To fix this |
clients being able to connect to the server. To fix this |
|
|
DisplayManager._0.authName: MIT-MAGIC-COOKIE-1 |
DisplayManager._0.authName: MIT-MAGIC-COOKIE-1 |
</pre> |
</pre> |
<p> |
<p> |
<li><strong>INSTALLATION PROCESS FLAW</strong><br> |
<li><strong>023: INSTALLATION PROCESS FLAW</strong><br> |
The pmax install does not correctly install the boot block. |
The pmax install does not correctly install the boot block. |
To work around the problem, after the install program has finished, do |
To work around the problem, after the install program has finished, do |
the following (assuming scsi id 0): |
the following (assuming scsi id 0): |
|
|
disklabel -R -B rz0 /tmp/label |
disklabel -R -B rz0 /tmp/label |
</pre> |
</pre> |
<p> |
<p> |
<li><strong>RELEASE WARNING</strong><br> |
<li><strong>024: RELEASE WARNING</strong><br> |
The XFree86 binary set shipped on the CD and FTP site are not the |
The XFree86 binary set shipped on the CD and FTP site are not the |
exact final set that we shipped for the other releases. A few minor |
exact final set that we shipped for the other releases. A few minor |
changes, mostly in <b>xdm(1)</b> configuration, were made |
changes, mostly in <b>xdm(1)</b> configuration, were made |
after those binaries were made. Patches for this might come out later. |
after those binaries were made. Patches for this might come out later. |
<p> |
<p> |
<li><strong>X11 RELEASE ERROR</strong><br> |
<li><strong>025: X11 RELEASE ERROR</strong><br> |
The XFree86 binary set was linked with an older version of the C |
The XFree86 binary set was linked with an older version of the C |
library. To work around the problem, do the following as root. |
library. To work around the problem, do the following as root. |
<p> |
<p> |
|
|
ln -s libc.so.18.0 libc.so.17 |
ln -s libc.so.18.0 libc.so.17 |
</pre> |
</pre> |
<p> |
<p> |
<li><strong>RELEASE WARNING</strong><br> |
<li><strong>026: RELEASE WARNING</strong><br> |
When you start the install an upgrade option is advertised but |
When you start the install an upgrade option is advertised but |
there really is no such option. |
there really is no such option. |
<p> |
<p> |
<li><strong>RELEASE WARNING</strong><br> |
<li><strong>027: RELEASE WARNING</strong><br> |
When you start the install an upgrade option is advertised but |
When you start the install an upgrade option is advertised but |
there really is no such option. |
there really is no such option. |
<p> |
<p> |
<li><strong>RELEASE WARNING</strong><br> |
<li><strong>028: RELEASE WARNING</strong><br> |
Unlabeled disks with weird geometries can panic the kernel. |
Unlabeled disks with weird geometries can panic the kernel. |
A fix will be made available when 2.3 is out. |
A fix will be made available when 2.3 is out. |
<p> |
<p> |
<li><strong>SECURITY FIX</strong><br> |
<li><strong>029: SECURITY FIX</strong><br> |
The powerpc release shipped on the OpenBSD 2.3 CD does not contain |
The powerpc release shipped on the OpenBSD 2.3 CD does not contain |
two late fixes applied late in the release cycle. The |
two late fixes applied late in the release cycle. The |
<a href="errata22.html#rmjob">rmjob</a> and |
<a href="errata22.html#rmjob">rmjob</a> and |