Annotation of www/errata25.html, Revision 1.3
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
4: <title>OpenBSD release errata</title>
5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1997-1998 by OpenBSD.">
11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
15: <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
16: <h2><font color=#0000e0>
17: This is the OpenBSD 2.5 release errata & patch list:
18:
19: </font></h2>
20:
21: <hr>
22: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
23: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
24: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
25: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
26: <a href=errata.html>For 2.6 errata, please refer here</a>.<br>
27: <hr>
28:
29: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5.tar.gz>
30: You can also fetch a tar.gz file containing all the following patches</a>.
31: This file is updated once a day.
32:
33: <hr>
34:
35: <dl>
36: <a name=all></a>
37: <li><h3><font color=#e00000>All architectures</font></h3>
38: <ul>
39: <a name=cron></a>
40: <li><font color=#009000><strong>SECURITY FIX: Aug 30, 1999</strong></font><br>
41: In cron(8), make sure argv[] is NULL terminated in the fake popen() and
42: run sendmail as the user, not as root.
43: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/012_cron.patch>
44: A source code patch exists which remedies this problem.</a>
45: <p>
46: <a name=miscfs></a>
47: <li><font color=#009000><strong>SECURITY FIX: Aug 12, 1999</strong></font><br>
48: The procfs and fdescfs filesystems had an overrun in their handling
49: of uio_offset in their readdir() routines. (These filesystems are not
50: enabled by default).
51: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/011_miscfs.patch>
52: A source code patch exists which remedies this problem.</a>
53: <p>
54: <a name=profil></a>
55: <li><font color=#009000><strong>SECURITY FIX: Aug 9, 1999</strong></font><br>
56: Stop profiling (see profil(2)) when we execve() a new process.
57: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/010_profil.patch>
58: A source code patch exists which remedies this problem.</a>
59: <p>
60: <a name=ipsec_in_use></a>
61: <li><font color=#009000><strong>SECURITY FIX: Aug 6, 1999</strong></font><br>
62: Packets that should have been handled by IPsec may be transmitted
63: as cleartext. PF_KEY SA expirations may leak kernel resources.
64: <a
65: href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/009_ipsec_in_use.patch>
66: A source code patch exists which remedies this problem.</a>
67: <p>
68: <a name=rc></a>
69: <li><font color=#009000><strong>SECURITY FIX: Aug 5, 1999</strong></font><br>
70: In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1)
71: to use -execdir.
72: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/008_rc.patch>
73: A source code patch exists which remedies this problem.</a>
74: <p>
75: <a name=chflags></a>
76: <li><font color=#009000><strong>SECURITY FIX: Jul 30, 1999</strong></font><br>
77: Do not permit regular users to chflags(2) or fchflags(2) on character or
78: block devices which they may currently be the owner of.
79: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/007_chflags.patch>
80: A source code patch exists which remedies this problem.</a>
81: <p>
82: <a name=nroff></a>
83: <li><font color=#009000><strong>SECURITY FIX: Jul 27, 1999</strong></font><br>
84: Cause groff(1) to be invoked with the -S flag, when called by nroff(1),
85: to avoid various groff features which may be security issues. On the
86: whole, this is not really a security issue, but it was discussed on
87: BUGTRAQ as if it is.
88: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/006_nroff.patch>
89: A source code patch exists which remedies this problem.</a>
90: <p>
91: <a name=fts></a>
92: <li><font color=#009000><strong>RELIABILITY FIX: May 19, 1999</strong></font><br>
93: Programs using fts(3) could dump core when given a directory structure
94: with a very large number of entries.
95: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/005_fts.patch>
96: A source code patch exists which remedies this problem.</a>
97: <p>
98: <a name=tcpsack></a>
99: <li><font color=#009000><strong>RELIABILITY FIX: May 19, 1999</strong></font><br>
100: Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in
101: failure to retransmit correctly.
102: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/004_tcpsack.patch>
103: A source code patch exists which remedies this problem.</a>
104: <p>
105: <a name=ipsec1></a>
106: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
107: Retransmitted TCP packets could get corrupted when flowing over an
108: IPSEC ESP tunnel.
109: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/003_espdata.patch>
110: A source code patch exists which remedies this problem.</a>
111: <p>
112: <a name=bmap></a>
113: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
114: A local user can crash the system by reading a file larger than 64meg
115: from an ext2fs partition.
116: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/002_bmap.patch>
117: A source code patch exists which remedies this problem.</a>
118: <p>
119: <a name=pfkey></a>
120: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
121: PF_KEY socket operations leak internal kernel resources, so that a
122: system running an IPsec keymanagement daemon like photurisd or isakmpd
123: will cause the networking subsystem to stop working after a finite amount
124: of time.
125: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/001_pfkey.patch>
126: A source code patch exists which remedies this problem.</a>
127: </ul>
128: <p>
129: <a name=i386></a>
130: <li><h3><font color=#e00000>i386</font></h3>
1.3 ! deraadt 131: <a name=y2k></a>
! 132: <li><font color=#009000><strong>Y2K FIX: Aug 30, 1999</strong></font><br>
! 133: This patch corrects various OpenBSD/i386 2.5 problems with Y2K. The 2.6
! 134: release (released at 1 Dec 1999) has this problem solved. This patch is
! 135: just a workaround.
! 136: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/i386/014_y2k.patch>
! 137: A source code patch exists which remedies this problem.</a>
! 138: <p>
1.2 deraadt 139: <a name=brooktree></a>
140: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
141: If a user opened the brooktree device on a system where it did not exist,
142: the kernel crashed.
143: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/i386/013_brooktree.patch>
144: A source code patch exists which remedies this problem.</a>
145: <p>
1.1 deraadt 146: <ul>
147: <li>No problems identified yet.
148: </ul>
149: <p>
150: <a name=mac68k></a>
151: <li><h3><font color=#e00000>mac68k</font></h3>
152: <ul>
153: <a name=macutils></a>
154: <li><font color=#009000><strong>INSTALL PROBLEM</strong></font><br>
155: The mac68k install utils were mistakenly left off the CD and out of
156: the FTP install directories. These tools have now been added to the
157: FTP install directories. See
158: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils>
159: ftp://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils</a>
160: <p>
161: </ul>
162: <p>
163: <a name=sparc></a>
164: <li><h3><font color=#e00000>sparc</font></h3>
165: <ul>
166: <li>No problems identified yet.
167: </ul>
168: <p>
169: <a name=amiga></a>
170: <li><h3><font color=#e00000>amiga</font></h3>
171: <ul>
172: <li>No problems identified yet.
173: </ul>
174: <p>
175: <a name=pmax></a>
176: <li><h3><font color=#e00000>pmax</font></h3>
177: <ul>
178: <li>No problems identified yet.
179: </ul>
180: <p>
181: <a name=arc></a>
182: <li><h3><font color=#e00000>arc</font></h3>
183: <ul>
184: <li>No problems identified yet.
185: </ul>
186: <p>
187: <a name=alpha></a>
188: <li><h3><font color=#e00000>alpha</font></h3>
189: <ul>
190: <li>No problems identified yet.
191: </ul>
192: <p>
193: <a name=hp300></a>
194: <li><h3><font color=#e00000>hp300</font></h3>
195: <ul>
196: <li>No problems identified yet.
197: </ul>
198: <p>
199: <a name=mvme68k></a>
200: <li><h3><font color=#e00000>mvme68k</font></h3>
201: <ul>
202: <li>No problems identified yet.
203: </ul>
204: <p>
205: <a name=powerpc></a>
206: <li><h3><font color=#e00000>powerpc</font></h3>
207: <ul>
208: <a name=powerpc_trap></a>
209: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
210: Two problems in the powerpc kernel trap handling cause severe system
211: unreliability.
212: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/powerpc/001_trap.patch>
213: A source code patch exists which remedies these problems.</a>
214: <p>
215: </ul>
216:
217: </dl>
218: <br>
219:
220: <hr>
221: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
222: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
223: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
224: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
225: <a href=errata.html>For 2.6 errata, please refer here</a>.<br>
226: <hr>
227:
228: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
229: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.3 ! deraadt 230: <br><small>$OpenBSD: errata25.html,v 1.2 1999/11/14 02:03:54 deraadt Exp $</small>
1.1 deraadt 231:
232: </body>
233: </html>