www/errata26.html - diff

Return to errata26.html CVS log

Up to [local] / www

Diff for /www/errata26.html between version 1.57 and 1.58

-version 1.57, 2014/03/31 03:36:54
+version 1.58, 2014/03/31 04:11:40
 Line 142
 Line 142
 Line 142
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/018_procfs.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
+ <li><a name="fortran"></a>
+ <font color="#009000"><strong>017: FUNCTIONALITY ADDITION: Nov 14, 1999</strong></font> &nbsp; <i>All architectures</i><br>
+ Fortran doesn't work right.  The file /usr/include/g2c.h is missing in the
+ release.<br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/008_fortran.patch">
+ A source code patch exists which remedies this problem.</a>
+ The patch fixes the source tree and describes how to properly add
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/g2c.h">
+ the include file</a> to your system.
+ <p>
+ <li><a name="sslUSA"></a>
+ <font color="#009000"><strong>016: SECURITY FIX: Dec 2, 1999</strong></font> &nbsp; <i>All architectures</i><br>
+ A buffer overflow in the RSAREF code included in the
+ USA version of the libssl package (called <strong>sslUSA</strong>, is
+ possibly exploitable in isakmpd if SSL/RSA features
+ are enabled or used.<br>
+ <a href="http://www.openssh.com">OpenSSH</a> and httpd (with -DSSL) are not
+ vulnerable.<br>
+ <strong>NOTE: International users using the ssl26 package are not affected.</strong>
+ <p>
+ To check what package you are using, use
+ <pre>
+ <b>#</b> pkg_info sslUSA26
+ </pre>
+ The patched library says:<br>
+ "ssl26.1 USA-only non-commercial crypto libs incl. SSL &amp; RSA"
+ <p>
+ Non-commercial USA users who installed the ssl package before December 3
+ should upgrade their <strong>sslUSA26</strong> package using:<br>
+ <pre>
+ <b>#</b> pkg_delete sslUSA26
+ <b>#</b> pkg_add -v sslUSA26.tar.gz
+ </pre>
+ Using the new <strong>sslUSA26.tar.gz</strong> files which have been placed
+ on the FTP mirrors.<br>
+ <a href=advisories/sslUSA>For more information, see the advisory</a>.<br>
+ <strong>NOTE: this problem turned out to not be unexploitable in OpenSSH.</strong>
+ <p>
  <li><a name="aty2k"></a>
  <font color="#009000"><strong>015: Y2K FIX: Jan 9, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  The at(1) command was unable to parse some kinds of dates.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/015_aty2k.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
+ <li><a name="eepromy2k"></a>
+ <font color="#009000"><strong>014: Y2K FIX: Jan 3, 2000</strong></font><br>
+ A minor problem; the sparc eeprom(8) command is not Y2K compliant.<br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/014_eepromy2k.patch">
+ A source code patch exists which remedies this problem.</a>
+ This is the second revision of the patch.
+ <p>
  <li><a name="addusery2k"></a>
  <font color="#009000"><strong>013: Y2K FIX: Jan 3, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  A minor problem in the logging support for the adduser(8) command.<br>
-Line 181
+Line 226
 Line 181
 Line 226
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/009_atapi.patch"><br>
  Revision 1 of this jumbo source code patch exists.</a><br>
  <p>
- <li><a name="sslUSA"></a>
+ <li><a name="hp300_locore"></a>
- <font color="#009000"><strong>016: SECURITY FIX: Dec 2, 1999</strong></font> &nbsp; <i>All architectures</i><br>
+ <font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font> &nbsp; <i>m68k architectures</i><br>
- A buffer overflow in the RSAREF code included in the
+ All m68k kernels can possibly be crashed by a user.<br>
- USA version of the libssl package (called <strong>sslUSA</strong>, is
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch">
- possibly exploitable in isakmpd if SSL/RSA features
+ A source code patch exists which remedies this problem.</a>
- are enabled or used.<br>
- <a href="http://www.openssh.com">OpenSSH</a> and httpd (with -DSSL) are not
- vulnerable.<br>
- <strong>NOTE: International users using the ssl26 package are not affected.</strong>
  <p>
- To check what package you are using, use
+ <li><a name="alpha_locore"></a>
- <pre>
+ <font color="#009000"><strong>006: RELIABILITY FIX: Nov 13, 1999</strong></font> &nbsp; <i>alpha only</i><br>
- <b>#</b> pkg_info sslUSA26
+ The alpha kernel can possibly be crashed by a user.<br>
- </pre>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/alpha/006_locore.patch">
- The patched library says:<br>
- "ssl26.1 USA-only non-commercial crypto libs incl. SSL &amp; RSA"
- <p>
- Non-commercial USA users who installed the ssl package before December 3
- should upgrade their <strong>sslUSA26</strong> package using:<br>
- <pre>
- <b>#</b> pkg_delete sslUSA26
- <b>#</b> pkg_add -v sslUSA26.tar.gz
- </pre>
- Using the new <strong>sslUSA26.tar.gz</strong> files which have been placed
- on the FTP mirrors.<br>
- <a href=advisories/sslUSA>For more information, see the advisory</a>.<br>
- <strong>NOTE: this problem turned out to not be unexploitable in OpenSSH.</strong>
- <p>
- <li><a name="fortran"></a>
- <font color="#009000"><strong>017: FUNCTIONALITY ADDITION: Nov 14, 1999</strong></font> &nbsp; <i>All architectures</i><br>
- Fortran doesn't work right.  The file /usr/include/g2c.h is missing in the
- release.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/008_fortran.patch">
  A source code patch exists which remedies this problem.</a>
- The patch fixes the source tree and describes how to properly add
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/g2c.h">
- the include file</a> to your system.
  <p>
  <li><a name="sshjumbo"></a>
  <font color="#009000"><strong>005: FUNCTIONALITY ADDITION: Nov 11, 1999</strong></font> &nbsp; <i>All architectures</i><br>
-Line 228
+Line 247
 Line 228
 Line 247
  Revision 4 of this jumbo source code patch exists.</a><br>
  <strong>NOTE: /etc/sshd_config and /etc/ssh_config may need changes.</strong>
  <p>
+ <li><a name="sparc_locore"></a>
+ <font color="#009000"><strong>004: RELIABILITY FIX: Nov 12, 1999</strong></font> &nbsp; <i>sparc only</i><br>
+ The sparc kernel can be crashed by a user.<br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/004_locore.patch">
+ A source code patch exists which remedies this problem.</a>
+ <p>
  <li><a name="m4"></a>
  <font color="#009000"><strong>003: FUNCTIONALITY FIX: Nov 10, 1999</strong></font> &nbsp; <i>All architectures</i><br>
  m4 is quite broken in the 2.6 release.<br>
-Line 245
+Line 270
 Line 245
 Line 270
  <font color="#009000"><strong>001: RELIABILITY FIX: Nov 8, 1999</strong></font> &nbsp; <i>All architectures</i><br>
  A race condition in newsyslog(8) can cause errors in log file rotation.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/001_newsyslog.patch">
- A source code patch exists which remedies this problem.</a>
- <p>
- </ul>
- <p>
- <a name="mac68k"></a>
- <h3><font color="#e00000">mac68k</font></h3>
- <ul>
- <li><a name="m68k_locore"></a>
- <a name="mac68k_locore"></a>
- <font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
- All m68k kernels can possibly be crashed by a user.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch">
- A source code patch exists which remedies this problem.</a>
- <p>
- </ul>
- <p>
- <a name="sparc"></a>
- <h3><font color="#e00000">sparc</font></h3>
- <ul>
- <li><a name="eepromy2k"></a>
- <font color="#009000"><strong>014: Y2K FIX: Jan 3, 2000</strong></font><br>
- A minor problem; the sparc eeprom(8) command is not Y2K compliant.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/014_eepromy2k.patch">
- A source code patch exists which remedies this problem.</a>
- This is the second revision of the patch.
- <p>
- <li><a name="sparc_locore"></a>
- <font color="#009000"><strong>004: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
- The sparc kernel can be crashed by a user.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/004_locore.patch">
- A source code patch exists which remedies this problem.</a>
- <p>
- </ul>
- <p>
- <a name="amiga"></a>
- <h3><font color="#e00000">amiga</font></h3>
- <ul>
- <li><a name="amiga_locore"></a>
- <font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
- All m68k kernels can possibly be crashed by a user.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch">
- A source code patch exists which remedies this problem.</a>
- <p>
- </ul>
- <p>
- <a name="alpha"></a>
- <h3><font color="#e00000">alpha</font></h3>
- <ul>
- <li><a name="alpha_locore"></a>
- <font color="#009000"><strong>006: RELIABILITY FIX: Nov 13, 1999</strong></font><br>
- The alpha kernel can possibly be crashed by a user.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/alpha/006_locore.patch">
- A source code patch exists which remedies this problem.</a>
- <p>
- </ul>
- <p>
- <a name="hp300"></a>
- <h3><font color="#e00000">hp300</font></h3>
- <ul>
- <li><a name="hp300_locore"></a>
- <font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
- All m68k kernels can possibly be crashed by a user.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch">
- A source code patch exists which remedies this problem.</a>
- <p>
- </ul>
- <p>
- <a name="mvme68k"></a>
- <h3><font color="#e00000">mvme68k</font></h3>
- <ul>
- <li><a name="mvme68k_locore"></a>
- <font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
- All m68k kernels can possibly be crashed by a user.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>