Annotation of www/errata25.html, Revision 1.11
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.4 deraadt 4: <title>OpenBSD 2.5 errata</title>
1.1 deraadt 5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1997-1998 by OpenBSD.">
11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
15: <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
16: <h2><font color=#0000e0>
17: This is the OpenBSD 2.5 release errata & patch list:
18:
19: </font></h2>
20:
21: <hr>
1.6 jason 22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.1 deraadt 23: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
24: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
25: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
26: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
1.4 deraadt 27: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
1.8 deraadt 28: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
1.10 deraadt 29: <a href=errata28.html>For 2.8 errata, please refer here</a>.<br>
30: <a href=errata.html>For 2.9 errata, please refer here</a>.<br>
1.1 deraadt 31: <hr>
32:
33: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5.tar.gz>
34: You can also fetch a tar.gz file containing all the following patches</a>.
35: This file is updated once a day.
36:
1.7 ericj 37: <p>
38: For more detailed information on install patches to OpenBSD, please
39: consult the <a href="./faq/faq10.html#10.14">OpenBSD FAQ</a>.
40:
1.1 deraadt 41: <hr>
1.9 jufi 42: <ul>
1.1 deraadt 43: <dl>
44: <a name=all></a>
45: <li><h3><font color=#e00000>All architectures</font></h3>
46: <ul>
47: <a name=cron></a>
48: <li><font color=#009000><strong>SECURITY FIX: Aug 30, 1999</strong></font><br>
49: In cron(8), make sure argv[] is NULL terminated in the fake popen() and
50: run sendmail as the user, not as root.
51: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/012_cron.patch>
52: A source code patch exists which remedies this problem.</a>
53: <p>
54: <a name=miscfs></a>
55: <li><font color=#009000><strong>SECURITY FIX: Aug 12, 1999</strong></font><br>
56: The procfs and fdescfs filesystems had an overrun in their handling
57: of uio_offset in their readdir() routines. (These filesystems are not
58: enabled by default).
59: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/011_miscfs.patch>
60: A source code patch exists which remedies this problem.</a>
61: <p>
62: <a name=profil></a>
63: <li><font color=#009000><strong>SECURITY FIX: Aug 9, 1999</strong></font><br>
64: Stop profiling (see profil(2)) when we execve() a new process.
65: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/010_profil.patch>
66: A source code patch exists which remedies this problem.</a>
67: <p>
68: <a name=ipsec_in_use></a>
69: <li><font color=#009000><strong>SECURITY FIX: Aug 6, 1999</strong></font><br>
70: Packets that should have been handled by IPsec may be transmitted
71: as cleartext. PF_KEY SA expirations may leak kernel resources.
72: <a
73: href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/009_ipsec_in_use.patch>
74: A source code patch exists which remedies this problem.</a>
75: <p>
76: <a name=rc></a>
77: <li><font color=#009000><strong>SECURITY FIX: Aug 5, 1999</strong></font><br>
78: In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1)
79: to use -execdir.
80: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/008_rc.patch>
81: A source code patch exists which remedies this problem.</a>
82: <p>
83: <a name=chflags></a>
84: <li><font color=#009000><strong>SECURITY FIX: Jul 30, 1999</strong></font><br>
85: Do not permit regular users to chflags(2) or fchflags(2) on character or
86: block devices which they may currently be the owner of.
87: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/007_chflags.patch>
88: A source code patch exists which remedies this problem.</a>
89: <p>
90: <a name=nroff></a>
91: <li><font color=#009000><strong>SECURITY FIX: Jul 27, 1999</strong></font><br>
92: Cause groff(1) to be invoked with the -S flag, when called by nroff(1),
93: to avoid various groff features which may be security issues. On the
94: whole, this is not really a security issue, but it was discussed on
95: BUGTRAQ as if it is.
96: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/006_nroff.patch>
97: A source code patch exists which remedies this problem.</a>
98: <p>
99: <a name=fts></a>
100: <li><font color=#009000><strong>RELIABILITY FIX: May 19, 1999</strong></font><br>
101: Programs using fts(3) could dump core when given a directory structure
102: with a very large number of entries.
103: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/005_fts.patch>
104: A source code patch exists which remedies this problem.</a>
105: <p>
106: <a name=tcpsack></a>
107: <li><font color=#009000><strong>RELIABILITY FIX: May 19, 1999</strong></font><br>
108: Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in
109: failure to retransmit correctly.
110: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/004_tcpsack.patch>
111: A source code patch exists which remedies this problem.</a>
112: <p>
113: <a name=ipsec1></a>
114: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
115: Retransmitted TCP packets could get corrupted when flowing over an
116: IPSEC ESP tunnel.
117: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/003_espdata.patch>
118: A source code patch exists which remedies this problem.</a>
119: <p>
120: <a name=bmap></a>
121: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
122: A local user can crash the system by reading a file larger than 64meg
123: from an ext2fs partition.
124: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/002_bmap.patch>
125: A source code patch exists which remedies this problem.</a>
126: <p>
127: <a name=pfkey></a>
128: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
129: PF_KEY socket operations leak internal kernel resources, so that a
1.11 ! jsyn 130: system running an IPsec key management daemon like photurisd or isakmpd
1.1 deraadt 131: will cause the networking subsystem to stop working after a finite amount
132: of time.
133: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/001_pfkey.patch>
134: A source code patch exists which remedies this problem.</a>
135: </ul>
136: <p>
137: <a name=i386></a>
138: <li><h3><font color=#e00000>i386</font></h3>
1.5 deraadt 139: <ul>
1.3 deraadt 140: <a name=y2k></a>
141: <li><font color=#009000><strong>Y2K FIX: Aug 30, 1999</strong></font><br>
142: This patch corrects various OpenBSD/i386 2.5 problems with Y2K. The 2.6
143: release (released at 1 Dec 1999) has this problem solved. This patch is
144: just a workaround.
145: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/i386/014_y2k.patch>
146: A source code patch exists which remedies this problem.</a>
147: <p>
1.2 deraadt 148: <a name=brooktree></a>
149: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
150: If a user opened the brooktree device on a system where it did not exist,
151: the kernel crashed.
152: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/i386/013_brooktree.patch>
153: A source code patch exists which remedies this problem.</a>
154: <p>
1.1 deraadt 155: </ul>
156: <a name=mac68k></a>
157: <li><h3><font color=#e00000>mac68k</font></h3>
158: <ul>
159: <a name=macutils></a>
160: <li><font color=#009000><strong>INSTALL PROBLEM</strong></font><br>
161: The mac68k install utils were mistakenly left off the CD and out of
162: the FTP install directories. These tools have now been added to the
163: FTP install directories. See
164: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils>
165: ftp://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils</a>
166: <p>
167: </ul>
168: <p>
169: <a name=sparc></a>
170: <li><h3><font color=#e00000>sparc</font></h3>
171: <ul>
172: <li>No problems identified yet.
173: </ul>
174: <p>
175: <a name=amiga></a>
176: <li><h3><font color=#e00000>amiga</font></h3>
177: <ul>
178: <li>No problems identified yet.
179: </ul>
180: <p>
181: <a name=pmax></a>
182: <li><h3><font color=#e00000>pmax</font></h3>
183: <ul>
184: <li>No problems identified yet.
185: </ul>
186: <p>
187: <a name=arc></a>
188: <li><h3><font color=#e00000>arc</font></h3>
189: <ul>
190: <li>No problems identified yet.
191: </ul>
192: <p>
193: <a name=alpha></a>
194: <li><h3><font color=#e00000>alpha</font></h3>
195: <ul>
196: <li>No problems identified yet.
197: </ul>
198: <p>
199: <a name=hp300></a>
200: <li><h3><font color=#e00000>hp300</font></h3>
201: <ul>
202: <li>No problems identified yet.
203: </ul>
204: <p>
205: <a name=mvme68k></a>
206: <li><h3><font color=#e00000>mvme68k</font></h3>
207: <ul>
208: <li>No problems identified yet.
209: </ul>
210: <p>
211: <a name=powerpc></a>
212: <li><h3><font color=#e00000>powerpc</font></h3>
213: <ul>
214: <a name=powerpc_trap></a>
215: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
216: Two problems in the powerpc kernel trap handling cause severe system
217: unreliability.
218: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/powerpc/001_trap.patch>
219: A source code patch exists which remedies these problems.</a>
220: <p>
221: </ul>
222:
223: </dl>
1.9 jufi 224: </ul>
1.1 deraadt 225: <br>
226:
227: <hr>
1.6 jason 228: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.1 deraadt 229: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
230: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
231: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
232: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
1.4 deraadt 233: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
1.8 deraadt 234: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
1.10 deraadt 235: <a href=errata28.html>For 2.8 errata, please refer here</a>.<br>
236: <a href=errata.html>For 2.9 errata, please refer here</a>.<br>
1.1 deraadt 237: <hr>
238:
239: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
240: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.11 ! jsyn 241: <br><small>$OpenBSD: errata25.html,v 1.10 2001/04/24 06:59:16 deraadt Exp $</small>
1.1 deraadt 242:
243: </body>
244: </html>