Annotation of www/errata25.html, Revision 1.5
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.4 deraadt 4: <title>OpenBSD 2.5 errata</title>
1.1 deraadt 5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1997-1998 by OpenBSD.">
11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
15: <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
16: <h2><font color=#0000e0>
17: This is the OpenBSD 2.5 release errata & patch list:
18:
19: </font></h2>
20:
21: <hr>
22: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
23: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
24: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
25: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
1.4 deraadt 26: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
27: <a href=errata.html>For 2.7 errata, please refer here</a>.<br>
1.1 deraadt 28: <hr>
29:
30: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5.tar.gz>
31: You can also fetch a tar.gz file containing all the following patches</a>.
32: This file is updated once a day.
33:
34: <hr>
35:
36: <dl>
37: <a name=all></a>
38: <li><h3><font color=#e00000>All architectures</font></h3>
39: <ul>
40: <a name=cron></a>
41: <li><font color=#009000><strong>SECURITY FIX: Aug 30, 1999</strong></font><br>
42: In cron(8), make sure argv[] is NULL terminated in the fake popen() and
43: run sendmail as the user, not as root.
44: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/012_cron.patch>
45: A source code patch exists which remedies this problem.</a>
46: <p>
47: <a name=miscfs></a>
48: <li><font color=#009000><strong>SECURITY FIX: Aug 12, 1999</strong></font><br>
49: The procfs and fdescfs filesystems had an overrun in their handling
50: of uio_offset in their readdir() routines. (These filesystems are not
51: enabled by default).
52: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/011_miscfs.patch>
53: A source code patch exists which remedies this problem.</a>
54: <p>
55: <a name=profil></a>
56: <li><font color=#009000><strong>SECURITY FIX: Aug 9, 1999</strong></font><br>
57: Stop profiling (see profil(2)) when we execve() a new process.
58: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/010_profil.patch>
59: A source code patch exists which remedies this problem.</a>
60: <p>
61: <a name=ipsec_in_use></a>
62: <li><font color=#009000><strong>SECURITY FIX: Aug 6, 1999</strong></font><br>
63: Packets that should have been handled by IPsec may be transmitted
64: as cleartext. PF_KEY SA expirations may leak kernel resources.
65: <a
66: href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/009_ipsec_in_use.patch>
67: A source code patch exists which remedies this problem.</a>
68: <p>
69: <a name=rc></a>
70: <li><font color=#009000><strong>SECURITY FIX: Aug 5, 1999</strong></font><br>
71: In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1)
72: to use -execdir.
73: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/008_rc.patch>
74: A source code patch exists which remedies this problem.</a>
75: <p>
76: <a name=chflags></a>
77: <li><font color=#009000><strong>SECURITY FIX: Jul 30, 1999</strong></font><br>
78: Do not permit regular users to chflags(2) or fchflags(2) on character or
79: block devices which they may currently be the owner of.
80: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/007_chflags.patch>
81: A source code patch exists which remedies this problem.</a>
82: <p>
83: <a name=nroff></a>
84: <li><font color=#009000><strong>SECURITY FIX: Jul 27, 1999</strong></font><br>
85: Cause groff(1) to be invoked with the -S flag, when called by nroff(1),
86: to avoid various groff features which may be security issues. On the
87: whole, this is not really a security issue, but it was discussed on
88: BUGTRAQ as if it is.
89: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/006_nroff.patch>
90: A source code patch exists which remedies this problem.</a>
91: <p>
92: <a name=fts></a>
93: <li><font color=#009000><strong>RELIABILITY FIX: May 19, 1999</strong></font><br>
94: Programs using fts(3) could dump core when given a directory structure
95: with a very large number of entries.
96: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/005_fts.patch>
97: A source code patch exists which remedies this problem.</a>
98: <p>
99: <a name=tcpsack></a>
100: <li><font color=#009000><strong>RELIABILITY FIX: May 19, 1999</strong></font><br>
101: Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in
102: failure to retransmit correctly.
103: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/004_tcpsack.patch>
104: A source code patch exists which remedies this problem.</a>
105: <p>
106: <a name=ipsec1></a>
107: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
108: Retransmitted TCP packets could get corrupted when flowing over an
109: IPSEC ESP tunnel.
110: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/003_espdata.patch>
111: A source code patch exists which remedies this problem.</a>
112: <p>
113: <a name=bmap></a>
114: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
115: A local user can crash the system by reading a file larger than 64meg
116: from an ext2fs partition.
117: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/002_bmap.patch>
118: A source code patch exists which remedies this problem.</a>
119: <p>
120: <a name=pfkey></a>
121: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
122: PF_KEY socket operations leak internal kernel resources, so that a
123: system running an IPsec keymanagement daemon like photurisd or isakmpd
124: will cause the networking subsystem to stop working after a finite amount
125: of time.
126: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/001_pfkey.patch>
127: A source code patch exists which remedies this problem.</a>
128: </ul>
129: <p>
130: <a name=i386></a>
131: <li><h3><font color=#e00000>i386</font></h3>
1.5 ! deraadt 132: <ul>
1.3 deraadt 133: <a name=y2k></a>
134: <li><font color=#009000><strong>Y2K FIX: Aug 30, 1999</strong></font><br>
135: This patch corrects various OpenBSD/i386 2.5 problems with Y2K. The 2.6
136: release (released at 1 Dec 1999) has this problem solved. This patch is
137: just a workaround.
138: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/i386/014_y2k.patch>
139: A source code patch exists which remedies this problem.</a>
140: <p>
1.2 deraadt 141: <a name=brooktree></a>
142: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
143: If a user opened the brooktree device on a system where it did not exist,
144: the kernel crashed.
145: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/i386/013_brooktree.patch>
146: A source code patch exists which remedies this problem.</a>
147: <p>
1.1 deraadt 148: </ul>
149: <a name=mac68k></a>
150: <li><h3><font color=#e00000>mac68k</font></h3>
151: <ul>
152: <a name=macutils></a>
153: <li><font color=#009000><strong>INSTALL PROBLEM</strong></font><br>
154: The mac68k install utils were mistakenly left off the CD and out of
155: the FTP install directories. These tools have now been added to the
156: FTP install directories. See
157: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils>
158: ftp://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils</a>
159: <p>
160: </ul>
161: <p>
162: <a name=sparc></a>
163: <li><h3><font color=#e00000>sparc</font></h3>
164: <ul>
165: <li>No problems identified yet.
166: </ul>
167: <p>
168: <a name=amiga></a>
169: <li><h3><font color=#e00000>amiga</font></h3>
170: <ul>
171: <li>No problems identified yet.
172: </ul>
173: <p>
174: <a name=pmax></a>
175: <li><h3><font color=#e00000>pmax</font></h3>
176: <ul>
177: <li>No problems identified yet.
178: </ul>
179: <p>
180: <a name=arc></a>
181: <li><h3><font color=#e00000>arc</font></h3>
182: <ul>
183: <li>No problems identified yet.
184: </ul>
185: <p>
186: <a name=alpha></a>
187: <li><h3><font color=#e00000>alpha</font></h3>
188: <ul>
189: <li>No problems identified yet.
190: </ul>
191: <p>
192: <a name=hp300></a>
193: <li><h3><font color=#e00000>hp300</font></h3>
194: <ul>
195: <li>No problems identified yet.
196: </ul>
197: <p>
198: <a name=mvme68k></a>
199: <li><h3><font color=#e00000>mvme68k</font></h3>
200: <ul>
201: <li>No problems identified yet.
202: </ul>
203: <p>
204: <a name=powerpc></a>
205: <li><h3><font color=#e00000>powerpc</font></h3>
206: <ul>
207: <a name=powerpc_trap></a>
208: <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
209: Two problems in the powerpc kernel trap handling cause severe system
210: unreliability.
211: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.5/powerpc/001_trap.patch>
212: A source code patch exists which remedies these problems.</a>
213: <p>
214: </ul>
215:
216: </dl>
217: <br>
218:
219: <hr>
220: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
221: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
222: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
223: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
1.4 deraadt 224: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
225: <a href=errata.html>For 2.7 errata, please refer here</a>.<br>
1.1 deraadt 226: <hr>
227:
228: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
229: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.5 ! deraadt 230: <br><small>$OpenBSD: errata25.html,v 1.4 2000/05/19 20:04:53 deraadt Exp $</small>
1.1 deraadt 231:
232: </body>
233: </html>