version 1.57, 2014/03/31 03:36:54 |
version 1.58, 2014/03/31 04:11:40 |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/018_procfs.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/018_procfs.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
<li><a name="fortran"></a> |
|
<font color="#009000"><strong>017: FUNCTIONALITY ADDITION: Nov 14, 1999</strong></font> <i>All architectures</i><br> |
|
Fortran doesn't work right. The file /usr/include/g2c.h is missing in the |
|
release.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/008_fortran.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
The patch fixes the source tree and describes how to properly add |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/g2c.h"> |
|
the include file</a> to your system. |
|
<p> |
|
<li><a name="sslUSA"></a> |
|
<font color="#009000"><strong>016: SECURITY FIX: Dec 2, 1999</strong></font> <i>All architectures</i><br> |
|
A buffer overflow in the RSAREF code included in the |
|
USA version of the libssl package (called <strong>sslUSA</strong>, is |
|
possibly exploitable in isakmpd if SSL/RSA features |
|
are enabled or used.<br> |
|
<a href="http://www.openssh.com">OpenSSH</a> and httpd (with -DSSL) are not |
|
vulnerable.<br> |
|
<strong>NOTE: International users using the ssl26 package are not affected.</strong> |
|
<p> |
|
To check what package you are using, use |
|
<pre> |
|
<b>#</b> pkg_info sslUSA26 |
|
</pre> |
|
The patched library says:<br> |
|
"ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA" |
|
<p> |
|
Non-commercial USA users who installed the ssl package before December 3 |
|
should upgrade their <strong>sslUSA26</strong> package using:<br> |
|
<pre> |
|
<b>#</b> pkg_delete sslUSA26 |
|
<b>#</b> pkg_add -v sslUSA26.tar.gz |
|
</pre> |
|
Using the new <strong>sslUSA26.tar.gz</strong> files which have been placed |
|
on the FTP mirrors.<br> |
|
<a href=advisories/sslUSA>For more information, see the advisory</a>.<br> |
|
<strong>NOTE: this problem turned out to not be unexploitable in OpenSSH.</strong> |
|
<p> |
<li><a name="aty2k"></a> |
<li><a name="aty2k"></a> |
<font color="#009000"><strong>015: Y2K FIX: Jan 9, 2000</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>015: Y2K FIX: Jan 9, 2000</strong></font> <i>All architectures</i><br> |
The at(1) command was unable to parse some kinds of dates.<br> |
The at(1) command was unable to parse some kinds of dates.<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/015_aty2k.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/015_aty2k.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
<li><a name="eepromy2k"></a> |
|
<font color="#009000"><strong>014: Y2K FIX: Jan 3, 2000</strong></font><br> |
|
A minor problem; the sparc eeprom(8) command is not Y2K compliant.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/014_eepromy2k.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
This is the second revision of the patch. |
|
<p> |
<li><a name="addusery2k"></a> |
<li><a name="addusery2k"></a> |
<font color="#009000"><strong>013: Y2K FIX: Jan 3, 2000</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>013: Y2K FIX: Jan 3, 2000</strong></font> <i>All architectures</i><br> |
A minor problem in the logging support for the adduser(8) command.<br> |
A minor problem in the logging support for the adduser(8) command.<br> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/009_atapi.patch"><br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/009_atapi.patch"><br> |
Revision 1 of this jumbo source code patch exists.</a><br> |
Revision 1 of this jumbo source code patch exists.</a><br> |
<p> |
<p> |
<li><a name="sslUSA"></a> |
<li><a name="hp300_locore"></a> |
<font color="#009000"><strong>016: SECURITY FIX: Dec 2, 1999</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font> <i>m68k architectures</i><br> |
A buffer overflow in the RSAREF code included in the |
All m68k kernels can possibly be crashed by a user.<br> |
USA version of the libssl package (called <strong>sslUSA</strong>, is |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch"> |
possibly exploitable in isakmpd if SSL/RSA features |
A source code patch exists which remedies this problem.</a> |
are enabled or used.<br> |
|
<a href="http://www.openssh.com">OpenSSH</a> and httpd (with -DSSL) are not |
|
vulnerable.<br> |
|
<strong>NOTE: International users using the ssl26 package are not affected.</strong> |
|
<p> |
<p> |
To check what package you are using, use |
<li><a name="alpha_locore"></a> |
<pre> |
<font color="#009000"><strong>006: RELIABILITY FIX: Nov 13, 1999</strong></font> <i>alpha only</i><br> |
<b>#</b> pkg_info sslUSA26 |
The alpha kernel can possibly be crashed by a user.<br> |
</pre> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/alpha/006_locore.patch"> |
The patched library says:<br> |
|
"ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA" |
|
<p> |
|
Non-commercial USA users who installed the ssl package before December 3 |
|
should upgrade their <strong>sslUSA26</strong> package using:<br> |
|
<pre> |
|
<b>#</b> pkg_delete sslUSA26 |
|
<b>#</b> pkg_add -v sslUSA26.tar.gz |
|
</pre> |
|
Using the new <strong>sslUSA26.tar.gz</strong> files which have been placed |
|
on the FTP mirrors.<br> |
|
<a href=advisories/sslUSA>For more information, see the advisory</a>.<br> |
|
<strong>NOTE: this problem turned out to not be unexploitable in OpenSSH.</strong> |
|
<p> |
|
<li><a name="fortran"></a> |
|
<font color="#009000"><strong>017: FUNCTIONALITY ADDITION: Nov 14, 1999</strong></font> <i>All architectures</i><br> |
|
Fortran doesn't work right. The file /usr/include/g2c.h is missing in the |
|
release.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/008_fortran.patch"> |
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
The patch fixes the source tree and describes how to properly add |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/g2c.h"> |
|
the include file</a> to your system. |
|
<p> |
<p> |
<li><a name="sshjumbo"></a> |
<li><a name="sshjumbo"></a> |
<font color="#009000"><strong>005: FUNCTIONALITY ADDITION: Nov 11, 1999</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>005: FUNCTIONALITY ADDITION: Nov 11, 1999</strong></font> <i>All architectures</i><br> |
|
|
Revision 4 of this jumbo source code patch exists.</a><br> |
Revision 4 of this jumbo source code patch exists.</a><br> |
<strong>NOTE: /etc/sshd_config and /etc/ssh_config may need changes.</strong> |
<strong>NOTE: /etc/sshd_config and /etc/ssh_config may need changes.</strong> |
<p> |
<p> |
|
<li><a name="sparc_locore"></a> |
|
<font color="#009000"><strong>004: RELIABILITY FIX: Nov 12, 1999</strong></font> <i>sparc only</i><br> |
|
The sparc kernel can be crashed by a user.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/004_locore.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
<p> |
<li><a name="m4"></a> |
<li><a name="m4"></a> |
<font color="#009000"><strong>003: FUNCTIONALITY FIX: Nov 10, 1999</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>003: FUNCTIONALITY FIX: Nov 10, 1999</strong></font> <i>All architectures</i><br> |
m4 is quite broken in the 2.6 release.<br> |
m4 is quite broken in the 2.6 release.<br> |
|
|
<font color="#009000"><strong>001: RELIABILITY FIX: Nov 8, 1999</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>001: RELIABILITY FIX: Nov 8, 1999</strong></font> <i>All architectures</i><br> |
A race condition in newsyslog(8) can cause errors in log file rotation.<br> |
A race condition in newsyslog(8) can cause errors in log file rotation.<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/001_newsyslog.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/001_newsyslog.patch"> |
A source code patch exists which remedies this problem.</a> |
|
<p> |
|
</ul> |
|
<p> |
|
<a name="mac68k"></a> |
|
<h3><font color="#e00000">mac68k</font></h3> |
|
<ul> |
|
<li><a name="m68k_locore"></a> |
|
<a name="mac68k_locore"></a> |
|
<font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br> |
|
All m68k kernels can possibly be crashed by a user.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
<p> |
|
</ul> |
|
<p> |
|
<a name="sparc"></a> |
|
<h3><font color="#e00000">sparc</font></h3> |
|
<ul> |
|
<li><a name="eepromy2k"></a> |
|
<font color="#009000"><strong>014: Y2K FIX: Jan 3, 2000</strong></font><br> |
|
A minor problem; the sparc eeprom(8) command is not Y2K compliant.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/014_eepromy2k.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
This is the second revision of the patch. |
|
<p> |
|
<li><a name="sparc_locore"></a> |
|
<font color="#009000"><strong>004: RELIABILITY FIX: Nov 12, 1999</strong></font><br> |
|
The sparc kernel can be crashed by a user.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/004_locore.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
<p> |
|
</ul> |
|
<p> |
|
<a name="amiga"></a> |
|
<h3><font color="#e00000">amiga</font></h3> |
|
<ul> |
|
<li><a name="amiga_locore"></a> |
|
<font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br> |
|
All m68k kernels can possibly be crashed by a user.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
<p> |
|
</ul> |
|
<p> |
|
<a name="alpha"></a> |
|
<h3><font color="#e00000">alpha</font></h3> |
|
<ul> |
|
<li><a name="alpha_locore"></a> |
|
<font color="#009000"><strong>006: RELIABILITY FIX: Nov 13, 1999</strong></font><br> |
|
The alpha kernel can possibly be crashed by a user.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/alpha/006_locore.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
<p> |
|
</ul> |
|
<p> |
|
<a name="hp300"></a> |
|
<h3><font color="#e00000">hp300</font></h3> |
|
<ul> |
|
<li><a name="hp300_locore"></a> |
|
<font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br> |
|
All m68k kernels can possibly be crashed by a user.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
<p> |
|
</ul> |
|
<p> |
|
<a name="mvme68k"></a> |
|
<h3><font color="#e00000">mvme68k</font></h3> |
|
<ul> |
|
<li><a name="mvme68k_locore"></a> |
|
<font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br> |
|
All m68k kernels can possibly be crashed by a user.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch"> |
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
</ul> |
</ul> |