===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata26.html,v
retrieving revision 1.85
retrieving revision 1.86
diff -c -r1.85 -r1.86
*** www/errata26.html	2019/05/27 22:55:19	1.85
--- www/errata26.html	2019/05/28 16:32:41	1.86
***************
*** 84,173 ****
  <hr>
  
  <ul>
! <li id="semconfig">
! <strong>024: SECURITY FIX: May 26, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! Kernel contained an undocumented system call used to lock semaphore operations
! while they were being sampled by the ipcs(1) command.  This locking could be
! used as a local denial of service attack which would block the exiting of
! processes which had semaphore resources allocated. Processes not using
! semaphores are not affected, so the actual effect is very minimal.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/024_sysv_sem.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! <li id="ipf">
! <strong>023: SECURITY FIX: May 25, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! A misuse of ipf(8)
! <i>keep-state</i> rules can result in firewall rules being
! bypassed.
! This patch also includes fixes for an unaligned timestamp issue,
! and reliability fixes for ipmon and the in-kernel ftp proxy.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/023_ipf.patch">
  A source code patch exists which remedies this problem.</a>
- It updates ipf to version 3.3.16.
  <p>
! <li id="xlockmore">
! <strong>022: SECURITY FIX: May 25, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! xlockmore has a localhost attack against it which allows recovery of the encrypted
! hash of the root password.  The damage to systems using DES passwords from this
! attack is pretty heavy, but to systems with a well-chosen root password under
! blowfish encoding
! (see <a href="https://man.openbsd.org/OpenBSD-2.6/crypt.3">
! crypt(3)</a>)
! the impact is much reduced.<br>
! (Aside:  We do not consider this a localhost root hole in the default install,
! since we have not seen a fast blowfish cracker yet ;-)<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/022_xlockmore.patch">
  A source code patch exists which remedies this problem.</a>
! This is the 2nd patch designed to solve this problem.
  <p>
! <li id="rzsz">
! <strong>021: RZSZ SNOOPING: Jan 31, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! The rzsz port was removed from the ports collection, as it collects and
! sends user information to a designated email address, effectively spying on
! you.  <em>It is recommended that you remove this package if you installed
! it</em>.
  <p>
! <li id="syslog">
! <strong>020: LIBRARY IMPROVEMENT: Jan 26, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! syslog(3) would not try to reopen the socket, thus, nightly newsyslog(8)
! would cause syslogd(8) to not see new messages.
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/020_syslog.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! <li id="nsphy">
! <strong>019: DRIVER IMPROVEMENT: Jan 20, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! Intel fxp cards with National Semiconductor PHYs (nsphy) have trouble
! negotiating and maintaining 100Mb link integrity.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/019_nsphy.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! <li id="procfs">
! <strong>018: SECURITY FIX: Jan 20, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! Systems running with procfs enabled and mounted are vulnerable
! to having the stderr output of setuid processes directed onto
! a pre-seeked descriptor onto the stack in their own procfs memory.<br>
! Note that procfs is not mounted by default in OpenBSD.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/018_procfs.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! <li id="fortran">
! <strong>017: FUNCTIONALITY ADDITION: Nov 14, 1999</strong>
  &nbsp; <i>All architectures</i><br>
! Fortran doesn't work right.  The file /usr/include/g2c.h is missing in the
! release.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/008_fortran.patch">
  A source code patch exists which remedies this problem.</a>
- The patch fixes the source tree and describes how to properly add
- <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/g2c.h">
- the include file</a> to your system.
  <p>
  <li id="sslUSA">
  <strong>016: SECURITY FIX: Dec 2, 1999</strong>
  &nbsp; <i>All architectures</i><br>
--- 84,209 ----
  <hr>
  
  <ul>
! 
! <li id="newsyslog">
! <strong>001: RELIABILITY FIX: Nov 8, 1999</strong>
  &nbsp; <i>All architectures</i><br>
! A race condition in newsyslog(8) can cause errors in log file rotation.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/001_newsyslog.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! 
! <li id="ifmedia">
! <strong>002: SECURITY FIX: Nov 9, 1999</strong>
  &nbsp; <i>All architectures</i><br>
! Any user can change interface media configurations.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/002_ifmedia.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! 
! <li id="m4">
! <strong>003: FUNCTIONALITY FIX: Nov 10, 1999</strong>
  &nbsp; <i>All architectures</i><br>
! m4 is quite broken in the 2.6 release.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/003_m4.patch">
  A source code patch exists which remedies this problem.</a>
! This is the 3rd revision of the patch.
  <p>
! 
! <li id="sparc_locore">
! <strong>004: RELIABILITY FIX: Nov 12, 1999</strong>
! &nbsp; <i>sparc only</i><br>
! The sparc kernel can be crashed by a user.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/004_locore.patch">
! A source code patch exists which remedies this problem.</a>
! <p>
! 
! <li id="sshjumbo">
! <strong>005: FUNCTIONALITY ADDITION: Nov 11, 1999</strong>
  &nbsp; <i>All architectures</i><br>
! Various OpenSSH improvements have been made since the 2.6 release shipped.<br>
! To resolve the various (non-security related) features which users may want,
! we are making a jumbo patch available.  <b>This is now at VERSION FOUR.</b><br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/005_sshjumbo.patch">
! Revision 4 of this jumbo source code patch exists.</a><br>
! <b>NOTE: /etc/sshd_config and /etc/ssh_config may need changes.</b>
  <p>
! 
! <li id="alpha_locore">
! <strong>006: RELIABILITY FIX: Nov 13, 1999</strong>
! &nbsp; <i>alpha only</i><br>
! The alpha kernel can possibly be crashed by a user.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/alpha/006_locore.patch">
! A source code patch exists which remedies this problem.</a>
! <p>
! 
! <li id="hp300_locore">
! <strong>007: RELIABILITY FIX: Nov 12, 1999</strong>
! &nbsp; <i>m68k architectures</i><br>
! All m68k kernels can possibly be crashed by a user.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch">
! A source code patch exists which remedies this problem.</a>
! <p>
! 
! <li id="atapijumbo">
! <strong>009: DRIVER IMPROVEMENTS: Dec 4, 1999</strong>
  &nbsp; <i>All architectures</i><br>
! Various improvements have been made to the IDE/ATAPI subsystem since
! the 2.6 release shipped.<br>
! Some of these improvements make some recalcitrant devices work much better.
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/009_atapi.patch"><br>
! Revision 1 of this jumbo source code patch exists.</a><br>
! <p>
! 
! <li id="sendmail">
! <strong>010: SECURITY FIX: Dec 4, 1999</strong>
! &nbsp; <i>All architectures</i><br>
! Sendmail had a race in aliases file handling, which this patch fixes.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/010_sendmail.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! 
! <li id="poll">
! <strong>011: SECURITY FIX: Dec 4, 1999</strong>
  &nbsp; <i>All architectures</i><br>
! Various bugs in poll(2) may cause a kernel crash.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/011_poll.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! 
! <li id="packets3c900b">
! <strong>012: DRIVER IMPROVEMENT: Jan 3, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! The 3C900B-TPO fails to select the correct media type (it never sees or
! sends packets).<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/012_3c900b.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! 
! <li id="addusery2k">
! <strong>013: Y2K FIX: Jan 3, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! A minor problem in the logging support for the adduser(8) command.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/013_addusery2k.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
+ 
+ <li id="eepromy2k">
+ <strong>014: Y2K FIX: Jan 3, 2000</strong><br>
+ A minor problem; the sparc eeprom(8) command is not Y2K compliant.<br>
+ <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/014_eepromy2k.patch">
+ A source code patch exists which remedies this problem.</a>
+ This is the second revision of the patch.
+ <p>
+ 
+ <li id="aty2k">
+ <strong>015: Y2K FIX: Jan 9, 2000</strong>
+ &nbsp; <i>All architectures</i><br>
+ The at(1) command was unable to parse some kinds of dates.<br>
+ <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/015_aty2k.patch">
+ A source code patch exists which remedies this problem.</a>
+ <p>
+ 
  <li id="sslUSA">
  <strong>016: SECURITY FIX: Dec 2, 1999</strong>
  &nbsp; <i>All architectures</i><br>
***************
*** 197,305 ****
  <a href="advisories/sslUSA">For more information, see the advisory</a>.<br>
  <b>NOTE: this problem turned out to not be unexploitable in OpenSSH.</b>
  <p>
! <li id="aty2k">
! <strong>015: Y2K FIX: Jan 9, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! The at(1) command was unable to parse some kinds of dates.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/015_aty2k.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! <li id="eepromy2k">
! <strong>014: Y2K FIX: Jan 3, 2000</strong><br>
! A minor problem; the sparc eeprom(8) command is not Y2K compliant.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/014_eepromy2k.patch">
! A source code patch exists which remedies this problem.</a>
! This is the second revision of the patch.
! <p>
! <li id="addusery2k">
! <strong>013: Y2K FIX: Jan 3, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! A minor problem in the logging support for the adduser(8) command.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/013_addusery2k.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! <li id="packets3c900b">
! <strong>012: DRIVER IMPROVEMENT: Jan 3, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! The 3C900B-TPO fails to select the correct media type (it never sees or
! sends packets).<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/012_3c900b.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! <li id="poll">
! <strong>011: SECURITY FIX: Dec 4, 1999</strong>
  &nbsp; <i>All architectures</i><br>
! Various bugs in poll(2) may cause a kernel crash.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/011_poll.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! <li id="sendmail">
! <strong>010: SECURITY FIX: Dec 4, 1999</strong>
  &nbsp; <i>All architectures</i><br>
! Sendmail had a race in aliases file handling, which this patch fixes.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/010_sendmail.patch">
! A source code patch exists which remedies this problem.</a>
  <p>
! <li id="atapijumbo">
! <strong>009: DRIVER IMPROVEMENTS: Dec 4, 1999</strong>
  &nbsp; <i>All architectures</i><br>
! Various improvements have been made to the IDE/ATAPI subsystem since
! the 2.6 release shipped.<br>
! Some of these improvements make some recalcitrant devices work much better.
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/009_atapi.patch"><br>
! Revision 1 of this jumbo source code patch exists.</a><br>
! <p>
! <li id="hp300_locore">
! <strong>007: RELIABILITY FIX: Nov 12, 1999</strong>
! &nbsp; <i>m68k architectures</i><br>
! All m68k kernels can possibly be crashed by a user.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! <li id="alpha_locore">
! <strong>006: RELIABILITY FIX: Nov 13, 1999</strong>
! &nbsp; <i>alpha only</i><br>
! The alpha kernel can possibly be crashed by a user.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/alpha/006_locore.patch">
! A source code patch exists which remedies this problem.</a>
! <p>
! <li id="sshjumbo">
! <strong>005: FUNCTIONALITY ADDITION: Nov 11, 1999</strong>
  &nbsp; <i>All architectures</i><br>
! Various OpenSSH improvements have been made since the 2.6 release shipped.<br>
! To resolve the various (non-security related) features which users may want,
! we are making a jumbo patch available.  <b>This is now at VERSION FOUR.</b><br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/005_sshjumbo.patch">
! Revision 4 of this jumbo source code patch exists.</a><br>
! <b>NOTE: /etc/sshd_config and /etc/ssh_config may need changes.</b>
! <p>
! <li id="sparc_locore">
! <strong>004: RELIABILITY FIX: Nov 12, 1999</strong>
! &nbsp; <i>sparc only</i><br>
! The sparc kernel can be crashed by a user.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/004_locore.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! <li id="m4">
! <strong>003: FUNCTIONALITY FIX: Nov 10, 1999</strong>
  &nbsp; <i>All architectures</i><br>
! m4 is quite broken in the 2.6 release.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/003_m4.patch">
! A source code patch exists which remedies this problem.</a>
! This is the 3rd revision of the patch.
! <p>
! <li id="ifmedia">
! <strong>002: SECURITY FIX: Nov 9, 1999</strong>
! &nbsp; <i>All architectures</i><br>
! Any user can change interface media configurations.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/002_ifmedia.patch">
! A source code patch exists which remedies this problem.</a>
! <p>
! <li id="newsyslog">
! <strong>001: RELIABILITY FIX: Nov 8, 1999</strong>
! &nbsp; <i>All architectures</i><br>
! A race condition in newsyslog(8) can cause errors in log file rotation.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/001_newsyslog.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
--- 233,328 ----
  <a href="advisories/sslUSA">For more information, see the advisory</a>.<br>
  <b>NOTE: this problem turned out to not be unexploitable in OpenSSH.</b>
  <p>
! 
! <li id="fortran">
! <strong>017: FUNCTIONALITY ADDITION: Nov 14, 1999</strong>
  &nbsp; <i>All architectures</i><br>
! Fortran doesn't work right.  The file /usr/include/g2c.h is missing in the
! release.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/008_fortran.patch">
  A source code patch exists which remedies this problem.</a>
+ The patch fixes the source tree and describes how to properly add
+ <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/g2c.h">
+ the include file</a> to your system.
  <p>
! 
! <li id="procfs">
! <strong>018: SECURITY FIX: Jan 20, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! Systems running with procfs enabled and mounted are vulnerable
! to having the stderr output of setuid processes directed onto
! a pre-seeked descriptor onto the stack in their own procfs memory.<br>
! Note that procfs is not mounted by default in OpenBSD.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/018_procfs.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! 
! <li id="syslog">
! <strong>020: LIBRARY IMPROVEMENT: Jan 26, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! syslog(3) would not try to reopen the socket, thus, nightly newsyslog(8)
! would cause syslogd(8) to not see new messages.
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/020_syslog.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! 
! <li id="nsphy">
! <strong>019: DRIVER IMPROVEMENT: Jan 20, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! Intel fxp cards with National Semiconductor PHYs (nsphy) have trouble
! negotiating and maintaining 100Mb link integrity.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/019_nsphy.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! 
! <li id="rzsz">
! <strong>021: RZSZ SNOOPING: Jan 31, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! The rzsz port was removed from the ports collection, as it collects and
! sends user information to a designated email address, effectively spying on
! you.  <em>It is recommended that you remove this package if you installed
! it</em>.
  <p>
! 
! <li id="xlockmore">
! <strong>022: SECURITY FIX: May 25, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! xlockmore has a localhost attack against it which allows recovery of the encrypted
! hash of the root password.  The damage to systems using DES passwords from this
! attack is pretty heavy, but to systems with a well-chosen root password under
! blowfish encoding
! (see <a href="https://man.openbsd.org/OpenBSD-2.6/crypt.3">
! crypt(3)</a>)
! the impact is much reduced.<br>
! (Aside:  We do not consider this a localhost root hole in the default install,
! since we have not seen a fast blowfish cracker yet ;-)<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/022_xlockmore.patch">
  A source code patch exists which remedies this problem.</a>
+ This is the 2nd patch designed to solve this problem.
  <p>
! 
! <li id="ipf">
! <strong>023: SECURITY FIX: May 25, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! A misuse of ipf(8)
! <i>keep-state</i> rules can result in firewall rules being
! bypassed.
! This patch also includes fixes for an unaligned timestamp issue,
! and reliability fixes for ipmon and the in-kernel ftp proxy.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/023_ipf.patch">
  A source code patch exists which remedies this problem.</a>
+ It updates ipf to version 3.3.16.
  <p>
! 
! <li id="semconfig">
! <strong>024: SECURITY FIX: May 26, 2000</strong>
  &nbsp; <i>All architectures</i><br>
! Kernel contained an undocumented system call used to lock semaphore operations
! while they were being sampled by the ipcs(1) command.  This locking could be
! used as a local denial of service attack which would block the exiting of
! processes which had semaphore resources allocated. Processes not using
! semaphores are not affected, so the actual effect is very minimal.<br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/024_sysv_sem.patch">
  A source code patch exists which remedies this problem.</a>
  <p>