Annotation of www/errata25.html, Revision 1.4
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.4 ! deraadt 4: <title>OpenBSD 2.5 errata</title>
1.1 deraadt 5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1997-1998 by OpenBSD.">
11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
15: <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
16: <h2><font color=#0000e0>
17: This is the OpenBSD 2.5 release errata & patch list:
18:
19: </font></h2>
20:
21: <hr>
22: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
23: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
24: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
25: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
1.4 ! deraadt 26: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
! 27: <a href=errata.html>For 2.7 errata, please refer here</a>.<br>
1.1 deraadt 28: <hr>
29:
30: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5.tar.gz>
31: You can also fetch a tar.gz file containing all the following patches</a>.
32: This file is updated once a day.
33:
34: <hr>
35:
36: <dl>
37: <a name=all></a>
38: <li><h3><font color=#e00000>All architectures</font></h3>
39: <ul>
40: <a name=cron></a>
41: <li><font color=#009000><strong>SECURITY FIX: Aug 30, 1999</strong></font><br>
42: In cron(8), make sure argv[] is NULL terminated in the fake popen() and
43: run sendmail as the user, not as root.
44: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/012_cron.patch>
45: A source code patch exists which remedies this problem.</a>
46: <p>
47: <a name=miscfs></a>
48: <li><font color=#009000><strong>SECURITY FIX: Aug 12, 1999</strong></font><br>
49: The procfs and fdescfs filesystems had an overrun in their handling
50: of uio_offset in their readdir() routines. (These filesystems are not
51: enabled by default).
52: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/011_miscfs.patch>
53: A source code patch exists which remedies this problem.</a>
54: <p>
55: <a name=profil></a>
56: <li><font color=#009000><strong>SECURITY FIX: Aug 9, 1999</strong></font><br>
57: Stop profiling (see profil(2)) when we execve() a new process.
58: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/010_profil.patch>
59: A source code patch exists which remedies this problem.</a>
60: <p>
61: <a name=ipsec_in_use></a>
62: <li><font color=#009000><strong>SECURITY FIX: Aug 6, 1999</strong></font><br>
63: Packets that should have been handled by IPsec may be transmitted
64: as cleartext. PF_KEY SA expirations may leak kernel resources.
65: <a
66: href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/009_ipsec_in_use.patch>
67: A source code patch exists which remedies this problem.</a>
68: <p>
69: <a name=rc></a>
70: <li><font color=#009000><strong>SECURITY FIX: Aug 5, 1999</strong></font><br>
71: In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1)
72: to use -execdir.
73: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/008_rc.patch>
74: A source code patch exists which remedies this problem.</a>
75: <p>
76: <a name=chflags></a>
77: <li><font color=#009000><strong>SECURITY FIX: Jul 30, 1999</strong></font><br>
78: Do not permit regular users to chflags(2) or fchflags(2) on character or
79: block devices which they may currently be the owner of.
80: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/007_chflags.patch>
81: A source code patch exists which remedies this problem.</a>
82: <p>
83: <a name=nroff></a>
84: <li><font color=#009000><strong>SECURITY FIX: Jul 27, 1999</strong></font><br>
85: Cause groff(1) to be invoked with the -S flag, when called by nroff(1),
86: to avoid various groff features which may be security issues. On the
87: whole, this is not really a security issue, but it was discussed on
88: BUGTRAQ as if it is.
89: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/006_nroff.patch>
90: A source code patch exists which remedies this problem.</a>
91: <p>
92: <a name=fts></a>
93: <li><font color=#009000><strong>RELIABILITY FIX: May 19, 1999</strong></font><br>
94: Programs using fts(3) could dump core when given a directory structure
95: with a very large number of entries.
96: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/005_fts.patch>
97: A source code patch exists which remedies this problem.</a>
98: <p>
99: <a name=tcpsack></a>
100: <li><font color=#009000><strong>RELIABILITY FIX: May 19, 1999</strong></font><br>
101: Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in
102: failure to retransmit correctly.
103: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/004_tcpsack.patch>
104: A source code patch exists which remedies this problem.</a>
105: <p>
106: <a name=ipsec1></a>
107: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
108: Retransmitted TCP packets could get corrupted when flowing over an
109: IPSEC ESP tunnel.
110: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/003_espdata.patch>
111: A source code patch exists which remedies this problem.</a>
112: <p>
113: <a name=bmap></a>
114: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
115: A local user can crash the system by reading a file larger than 64meg
116: from an ext2fs partition.
117: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/002_bmap.patch>
118: A source code patch exists which remedies this problem.</a>
119: <p>
120: <a name=pfkey></a>
121: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
122: PF_KEY socket operations leak internal kernel resources, so that a
123: system running an IPsec keymanagement daemon like photurisd or isakmpd
124: will cause the networking subsystem to stop working after a finite amount
125: of time.
126: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/001_pfkey.patch>
127: A source code patch exists which remedies this problem.</a>
128: </ul>
129: <p>
130: <a name=i386></a>
131: <li><h3><font color=#e00000>i386</font></h3>
1.3 deraadt 132: <a name=y2k></a>
133: <li><font color=#009000><strong>Y2K FIX: Aug 30, 1999</strong></font><br>
134: This patch corrects various OpenBSD/i386 2.5 problems with Y2K. The 2.6
135: release (released at 1 Dec 1999) has this problem solved. This patch is
136: just a workaround.
137: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/i386/014_y2k.patch>
138: A source code patch exists which remedies this problem.</a>
139: <p>
1.2 deraadt 140: <a name=brooktree></a>
141: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
142: If a user opened the brooktree device on a system where it did not exist,
143: the kernel crashed.
144: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/i386/013_brooktree.patch>
145: A source code patch exists which remedies this problem.</a>
146: <p>
1.1 deraadt 147: <ul>
148: <li>No problems identified yet.
149: </ul>
150: <p>
151: <a name=mac68k></a>
152: <li><h3><font color=#e00000>mac68k</font></h3>
153: <ul>
154: <a name=macutils></a>
155: <li><font color=#009000><strong>INSTALL PROBLEM</strong></font><br>
156: The mac68k install utils were mistakenly left off the CD and out of
157: the FTP install directories. These tools have now been added to the
158: FTP install directories. See
159: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils>
160: ftp://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils</a>
161: <p>
162: </ul>
163: <p>
164: <a name=sparc></a>
165: <li><h3><font color=#e00000>sparc</font></h3>
166: <ul>
167: <li>No problems identified yet.
168: </ul>
169: <p>
170: <a name=amiga></a>
171: <li><h3><font color=#e00000>amiga</font></h3>
172: <ul>
173: <li>No problems identified yet.
174: </ul>
175: <p>
176: <a name=pmax></a>
177: <li><h3><font color=#e00000>pmax</font></h3>
178: <ul>
179: <li>No problems identified yet.
180: </ul>
181: <p>
182: <a name=arc></a>
183: <li><h3><font color=#e00000>arc</font></h3>
184: <ul>
185: <li>No problems identified yet.
186: </ul>
187: <p>
188: <a name=alpha></a>
189: <li><h3><font color=#e00000>alpha</font></h3>
190: <ul>
191: <li>No problems identified yet.
192: </ul>
193: <p>
194: <a name=hp300></a>
195: <li><h3><font color=#e00000>hp300</font></h3>
196: <ul>
197: <li>No problems identified yet.
198: </ul>
199: <p>
200: <a name=mvme68k></a>
201: <li><h3><font color=#e00000>mvme68k</font></h3>
202: <ul>
203: <li>No problems identified yet.
204: </ul>
205: <p>
206: <a name=powerpc></a>
207: <li><h3><font color=#e00000>powerpc</font></h3>
208: <ul>
209: <a name=powerpc_trap></a>
210: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
211: Two problems in the powerpc kernel trap handling cause severe system
212: unreliability.
213: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/powerpc/001_trap.patch>
214: A source code patch exists which remedies these problems.</a>
215: <p>
216: </ul>
217:
218: </dl>
219: <br>
220:
221: <hr>
222: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
223: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
224: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
225: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
1.4 ! deraadt 226: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
! 227: <a href=errata.html>For 2.7 errata, please refer here</a>.<br>
1.1 deraadt 228: <hr>
229:
230: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
231: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.4 ! deraadt 232: <br><small>$OpenBSD: errata25.html,v 1.3 1999/12/30 17:09:49 deraadt Exp $</small>
1.1 deraadt 233:
234: </body>
235: </html>