OpenBSD 2.6 Errata

=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata26.html,v retrieving revision 1.84 retrieving revision 1.85 diff -c -r1.84 -r1.85 *** www/errata26.html 2019/04/02 12:46:56 1.84 --- www/errata26.html 2019/05/27 22:55:19 1.85 *************** *** 1,25 **** ! ! ! OpenBSD 2.6 Errata - - - !

! OpenBSD ! 2.6 Errata

--- 1,23 ---- ! ! ! ! OpenBSD 2.6 Errata !

! OpenBSD ! 2.6 Errata

*************** *** 87,93 ****

! 024: SECURITY FIX: May 26, 2000 All architectures
Kernel contained an undocumented system call used to lock semaphore operations while they were being sampled by the ipcs(1) command. This locking could be --- 85,91 ----

! 024: SECURITY FIX: May 26, 2000 All architectures
Kernel contained an undocumented system call used to lock semaphore operations while they were being sampled by the ipcs(1) command. This locking could be *************** *** 98,104 **** A source code patch exists which remedies this problem.
! 023: SECURITY FIX: May 25, 2000 All architectures
A misuse of ipf(8) keep-state rules can result in firewall rules being --- 96,102 ---- A source code patch exists which remedies this problem.
! 023: SECURITY FIX: May 25, 2000 All architectures
A misuse of ipf(8) keep-state rules can result in firewall rules being *************** *** 110,116 **** It updates ipf to version 3.3.16.
! 022: SECURITY FIX: May 25, 2000 All architectures
xlockmore has a localhost attack against it which allows recovery of the encrypted hash of the root password. The damage to systems using DES passwords from this --- 108,114 ---- It updates ipf to version 3.3.16.
! 022: SECURITY FIX: May 25, 2000 All architectures
xlockmore has a localhost attack against it which allows recovery of the encrypted hash of the root password. The damage to systems using DES passwords from this *************** *** 126,132 **** This is the 2nd patch designed to solve this problem.
! 021: RZSZ SNOOPING: Jan 31, 2000 All architectures
The rzsz port was removed from the ports collection, as it collects and sends user information to a designated email address, effectively spying on --- 124,130 ---- This is the 2nd patch designed to solve this problem.
! 021: RZSZ SNOOPING: Jan 31, 2000 All architectures
The rzsz port was removed from the ports collection, as it collects and sends user information to a designated email address, effectively spying on *************** *** 134,140 **** it.
! 020: LIBRARY IMPROVEMENT: Jan 26, 2000 All architectures
syslog(3) would not try to reopen the socket, thus, nightly newsyslog(8) would cause syslogd(8) to not see new messages. --- 132,138 ---- it.
! 020: LIBRARY IMPROVEMENT: Jan 26, 2000 All architectures
syslog(3) would not try to reopen the socket, thus, nightly newsyslog(8) would cause syslogd(8) to not see new messages. *************** *** 142,148 **** A source code patch exists which remedies this problem.
! 019: DRIVER IMPROVEMENT: Jan 20, 2000 All architectures
Intel fxp cards with National Semiconductor PHYs (nsphy) have trouble negotiating and maintaining 100Mb link integrity.
--- 140,146 ---- A source code patch exists which remedies this problem.
! 019: DRIVER IMPROVEMENT: Jan 20, 2000 All architectures
Intel fxp cards with National Semiconductor PHYs (nsphy) have trouble negotiating and maintaining 100Mb link integrity.
*************** *** 150,156 **** A source code patch exists which remedies this problem.
! 018: SECURITY FIX: Jan 20, 2000 All architectures
Systems running with procfs enabled and mounted are vulnerable to having the stderr output of setuid processes directed onto --- 148,154 ---- A source code patch exists which remedies this problem.
! 018: SECURITY FIX: Jan 20, 2000 All architectures
Systems running with procfs enabled and mounted are vulnerable to having the stderr output of setuid processes directed onto *************** *** 160,166 **** A source code patch exists which remedies this problem.
! 017: FUNCTIONALITY ADDITION: Nov 14, 1999 All architectures
Fortran doesn't work right. The file /usr/include/g2c.h is missing in the release.
--- 158,164 ---- A source code patch exists which remedies this problem.
! 017: FUNCTIONALITY ADDITION: Nov 14, 1999 All architectures
Fortran doesn't work right. The file /usr/include/g2c.h is missing in the release.
*************** *** 171,185 **** the include file to your system.

! 016: SECURITY FIX: Dec 2, 1999 All architectures
A buffer overflow in the RSAREF code included in the ! USA version of the libssl package (called sslUSA, is possibly exploitable in isakmpd if SSL/RSA features are enabled or used.
OpenSSH and httpd (with -DSSL) are not vulnerable.
! NOTE: International users using the ssl26 package are not affected.

To check what package you are using, use

--- 169,183 ----
  the include file to your system.
  
  

! 016: SECURITY FIX: Dec 2, 1999
    All architectures

  A buffer overflow in the RSAREF code included in the
! USA version of the libssl package (called sslUSA, is
  possibly exploitable in isakmpd if SSL/RSA features
  are enabled or used.

  OpenSSH and httpd (with -DSSL) are not
  vulnerable.

! NOTE: International users using the ssl26 package are not affected.
  
  To check what package you are using, use
  
***************
*** 189,227 ****
  "ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA"
  
  Non-commercial USA users who installed the ssl package before December 3
! should upgrade their sslUSA26 package using:

  
  # pkg_delete sslUSA26
  # pkg_add -v sslUSA26.tar.gz
  
! Using the new sslUSA26.tar.gz files which have been placed
  on the FTP mirrors.

  For more information, see the advisory.

! NOTE: this problem turned out to not be unexploitable in OpenSSH.
  
  

! 015: Y2K FIX: Jan 9, 2000
    All architectures

  The at(1) command was unable to parse some kinds of dates.

  
  A source code patch exists which remedies this problem.
  
  

! 014: Y2K FIX: Jan 3, 2000

  A minor problem; the sparc eeprom(8) command is not Y2K compliant.

  
  A source code patch exists which remedies this problem.
  This is the second revision of the patch.
  
  

! 013: Y2K FIX: Jan 3, 2000
    All architectures

  A minor problem in the logging support for the adduser(8) command.

  
  A source code patch exists which remedies this problem.
  
  

! 012: DRIVER IMPROVEMENT: Jan 3, 2000
    All architectures

  The 3C900B-TPO fails to select the correct media type (it never sees or
  sends packets).

--- 187,225 ----
  "ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA"
  
  Non-commercial USA users who installed the ssl package before December 3
! should upgrade their sslUSA26 package using:

  
  # pkg_delete sslUSA26
  # pkg_add -v sslUSA26.tar.gz
  
! Using the new sslUSA26.tar.gz files which have been placed
  on the FTP mirrors.

  For more information, see the advisory.

! NOTE: this problem turned out to not be unexploitable in OpenSSH.
  
  

! 015: Y2K FIX: Jan 9, 2000
    All architectures

  The at(1) command was unable to parse some kinds of dates.

  
  A source code patch exists which remedies this problem.
  
  

! 014: Y2K FIX: Jan 3, 2000

  A minor problem; the sparc eeprom(8) command is not Y2K compliant.

  
  A source code patch exists which remedies this problem.
  This is the second revision of the patch.
  
  

! 013: Y2K FIX: Jan 3, 2000
    All architectures

  A minor problem in the logging support for the adduser(8) command.

  
  A source code patch exists which remedies this problem.
  
  

! 012: DRIVER IMPROVEMENT: Jan 3, 2000
    All architectures

  The 3C900B-TPO fails to select the correct media type (it never sees or
  sends packets).

***************
*** 229,249 ****
  A source code patch exists which remedies this problem.
  
  

! 011: SECURITY FIX: Dec 4, 1999
    All architectures

  Various bugs in poll(2) may cause a kernel crash.

  
  A source code patch exists which remedies this problem.
  
  

! 010: SECURITY FIX: Dec 4, 1999
    All architectures

  Sendmail had a race in aliases file handling, which this patch fixes.

  
  A source code patch exists which remedies this problem.
  
  

! 009: DRIVER IMPROVEMENTS: Dec 4, 1999
    All architectures

  Various improvements have been made to the IDE/ATAPI subsystem since
  the 2.6 release shipped.

--- 227,247 ----
  A source code patch exists which remedies this problem.
  
  

! 011: SECURITY FIX: Dec 4, 1999
    All architectures

  Various bugs in poll(2) may cause a kernel crash.

  
  A source code patch exists which remedies this problem.
  
  

! 010: SECURITY FIX: Dec 4, 1999
    All architectures

  Sendmail had a race in aliases file handling, which this patch fixes.

  
  A source code patch exists which remedies this problem.
  
  

! 009: DRIVER IMPROVEMENTS: Dec 4, 1999
    All architectures

  Various improvements have been made to the IDE/ATAPI subsystem since
  the 2.6 release shipped.

***************
*** 252,289 ****
  Revision 1 of this jumbo source code patch exists.

  
  

! 007: RELIABILITY FIX: Nov 12, 1999
    m68k architectures

  All m68k kernels can possibly be crashed by a user.

  
  A source code patch exists which remedies this problem.
  
  

! 006: RELIABILITY FIX: Nov 13, 1999
    alpha only

  The alpha kernel can possibly be crashed by a user.

  
  A source code patch exists which remedies this problem.
  
  

! 005: FUNCTIONALITY ADDITION: Nov 11, 1999
    All architectures

  Various OpenSSH improvements have been made since the 2.6 release shipped.

  To resolve the various (non-security related) features which users may want,
! we are making a jumbo patch available.  This is now at VERSION FOUR.

  
  Revision 4 of this jumbo source code patch exists.

! NOTE: /etc/sshd_config and /etc/ssh_config may need changes.
  
  

! 004: RELIABILITY FIX: Nov 12, 1999
    sparc only

  The sparc kernel can be crashed by a user.

  
  A source code patch exists which remedies this problem.
  
  

! 003: FUNCTIONALITY FIX: Nov 10, 1999
    All architectures

  m4 is quite broken in the 2.6 release.

  
--- 250,287 ----
  Revision 1 of this jumbo source code patch exists.

  
  

! 007: RELIABILITY FIX: Nov 12, 1999
    m68k architectures

  All m68k kernels can possibly be crashed by a user.

  
  A source code patch exists which remedies this problem.
  
  

! 006: RELIABILITY FIX: Nov 13, 1999
    alpha only

  The alpha kernel can possibly be crashed by a user.

  
  A source code patch exists which remedies this problem.
  
  

! 005: FUNCTIONALITY ADDITION: Nov 11, 1999
    All architectures

  Various OpenSSH improvements have been made since the 2.6 release shipped.

  To resolve the various (non-security related) features which users may want,
! we are making a jumbo patch available.  This is now at VERSION FOUR.

  
  Revision 4 of this jumbo source code patch exists.

! NOTE: /etc/sshd_config and /etc/ssh_config may need changes.
  
  

! 004: RELIABILITY FIX: Nov 12, 1999
    sparc only

  The sparc kernel can be crashed by a user.

  
  A source code patch exists which remedies this problem.
  
  

! 003: FUNCTIONALITY FIX: Nov 10, 1999
    All architectures

  m4 is quite broken in the 2.6 release.

  
***************
*** 291,304 ****
  This is the 3rd revision of the patch.
  
  

! 002: SECURITY FIX: Nov 9, 1999
    All architectures

  Any user can change interface media configurations.

  
  A source code patch exists which remedies this problem.
  
  

! 001: RELIABILITY FIX: Nov 8, 1999
    All architectures

  A race condition in newsyslog(8) can cause errors in log file rotation.

  
--- 289,302 ----
  This is the 3rd revision of the patch.
  
  

! 002: SECURITY FIX: Nov 9, 1999
    All architectures

  Any user can change interface media configurations.

  
  A source code patch exists which remedies this problem.
  
  

! 001: RELIABILITY FIX: Nov 8, 1999
    All architectures

  A race condition in newsyslog(8) can cause errors in log file rotation.

  
***************
*** 308,313 ****

- - - --- 306,308 ----