OpenBSD 2.6 Errata

=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata26.html,v retrieving revision 1.84 retrieving revision 1.85 diff -u -r1.84 -r1.85 --- www/errata26.html 2019/04/02 12:46:56 1.84 +++ www/errata26.html 2019/05/27 22:55:19 1.85 @@ -1,25 +1,23 @@ - - - + + + + OpenBSD 2.6 Errata - - - -

+

-OpenBSD -2.6 Errata +OpenBSD +2.6 Errata

@@ -87,7 +85,7 @@

-024: SECURITY FIX: May 26, 2000 +024: SECURITY FIX: May 26, 2000 All architectures
Kernel contained an undocumented system call used to lock semaphore operations while they were being sampled by the ipcs(1) command. This locking could be @@ -98,7 +96,7 @@ A source code patch exists which remedies this problem.
-023: SECURITY FIX: May 25, 2000 +023: SECURITY FIX: May 25, 2000 All architectures
A misuse of ipf(8) keep-state rules can result in firewall rules being @@ -110,7 +108,7 @@ It updates ipf to version 3.3.16.
-022: SECURITY FIX: May 25, 2000 +022: SECURITY FIX: May 25, 2000 All architectures
xlockmore has a localhost attack against it which allows recovery of the encrypted hash of the root password. The damage to systems using DES passwords from this @@ -126,7 +124,7 @@ This is the 2nd patch designed to solve this problem.
-021: RZSZ SNOOPING: Jan 31, 2000 +021: RZSZ SNOOPING: Jan 31, 2000 All architectures
The rzsz port was removed from the ports collection, as it collects and sends user information to a designated email address, effectively spying on @@ -134,7 +132,7 @@ it.
-020: LIBRARY IMPROVEMENT: Jan 26, 2000 +020: LIBRARY IMPROVEMENT: Jan 26, 2000 All architectures
syslog(3) would not try to reopen the socket, thus, nightly newsyslog(8) would cause syslogd(8) to not see new messages. @@ -142,7 +140,7 @@ A source code patch exists which remedies this problem.
-019: DRIVER IMPROVEMENT: Jan 20, 2000 +019: DRIVER IMPROVEMENT: Jan 20, 2000 All architectures
Intel fxp cards with National Semiconductor PHYs (nsphy) have trouble negotiating and maintaining 100Mb link integrity.
@@ -150,7 +148,7 @@ A source code patch exists which remedies this problem.
-018: SECURITY FIX: Jan 20, 2000 +018: SECURITY FIX: Jan 20, 2000 All architectures
Systems running with procfs enabled and mounted are vulnerable to having the stderr output of setuid processes directed onto @@ -160,7 +158,7 @@ A source code patch exists which remedies this problem.
-017: FUNCTIONALITY ADDITION: Nov 14, 1999 +017: FUNCTIONALITY ADDITION: Nov 14, 1999 All architectures
Fortran doesn't work right. The file /usr/include/g2c.h is missing in the release.
@@ -171,15 +169,15 @@ the include file to your system.

-016: SECURITY FIX: Dec 2, 1999 +016: SECURITY FIX: Dec 2, 1999 All architectures
A buffer overflow in the RSAREF code included in the -USA version of the libssl package (called sslUSA, is +USA version of the libssl package (called sslUSA, is possibly exploitable in isakmpd if SSL/RSA features are enabled or used.
OpenSSH and httpd (with -DSSL) are not vulnerable.
-NOTE: International users using the ssl26 package are not affected. +NOTE: International users using the ssl26 package are not affected.

To check what package you are using, use

@@ -189,39 +187,39 @@
 "ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA"
 
 Non-commercial USA users who installed the ssl package before December 3
-should upgrade their sslUSA26 package using:

+should upgrade their sslUSA26 package using:

 
 # pkg_delete sslUSA26
 # pkg_add -v sslUSA26.tar.gz
 
-Using the new sslUSA26.tar.gz files which have been placed
+Using the new sslUSA26.tar.gz files which have been placed
 on the FTP mirrors.

 For more information, see the advisory.

-NOTE: this problem turned out to not be unexploitable in OpenSSH.
+NOTE: this problem turned out to not be unexploitable in OpenSSH.
 
 

-015: Y2K FIX: Jan 9, 2000
+015: Y2K FIX: Jan 9, 2000
   All architectures

 The at(1) command was unable to parse some kinds of dates.

 
 A source code patch exists which remedies this problem.
 
 

-014: Y2K FIX: Jan 3, 2000

+014: Y2K FIX: Jan 3, 2000

 A minor problem; the sparc eeprom(8) command is not Y2K compliant.

 
 A source code patch exists which remedies this problem.
 This is the second revision of the patch.
 
 

-013: Y2K FIX: Jan 3, 2000
+013: Y2K FIX: Jan 3, 2000
   All architectures

 A minor problem in the logging support for the adduser(8) command.

 
 A source code patch exists which remedies this problem.
 
 

-012: DRIVER IMPROVEMENT: Jan 3, 2000
+012: DRIVER IMPROVEMENT: Jan 3, 2000
   All architectures

 The 3C900B-TPO fails to select the correct media type (it never sees or
 sends packets).

@@ -229,21 +227,21 @@
 A source code patch exists which remedies this problem.
 
 

-011: SECURITY FIX: Dec 4, 1999
+011: SECURITY FIX: Dec 4, 1999
   All architectures

 Various bugs in poll(2) may cause a kernel crash.

 
 A source code patch exists which remedies this problem.
 
 

-010: SECURITY FIX: Dec 4, 1999
+010: SECURITY FIX: Dec 4, 1999
   All architectures

 Sendmail had a race in aliases file handling, which this patch fixes.

 
 A source code patch exists which remedies this problem.
 
 

-009: DRIVER IMPROVEMENTS: Dec 4, 1999
+009: DRIVER IMPROVEMENTS: Dec 4, 1999
   All architectures

 Various improvements have been made to the IDE/ATAPI subsystem since
 the 2.6 release shipped.

@@ -252,38 +250,38 @@
 Revision 1 of this jumbo source code patch exists.

 
 

-007: RELIABILITY FIX: Nov 12, 1999
+007: RELIABILITY FIX: Nov 12, 1999
   m68k architectures

 All m68k kernels can possibly be crashed by a user.

 
 A source code patch exists which remedies this problem.
 
 

-006: RELIABILITY FIX: Nov 13, 1999
+006: RELIABILITY FIX: Nov 13, 1999
   alpha only

 The alpha kernel can possibly be crashed by a user.

 
 A source code patch exists which remedies this problem.
 
 

-005: FUNCTIONALITY ADDITION: Nov 11, 1999
+005: FUNCTIONALITY ADDITION: Nov 11, 1999
   All architectures

 Various OpenSSH improvements have been made since the 2.6 release shipped.

 To resolve the various (non-security related) features which users may want,
-we are making a jumbo patch available.  This is now at VERSION FOUR.

+we are making a jumbo patch available.  This is now at VERSION FOUR.

 
 Revision 4 of this jumbo source code patch exists.

-NOTE: /etc/sshd_config and /etc/ssh_config may need changes.
+NOTE: /etc/sshd_config and /etc/ssh_config may need changes.
 
 

-004: RELIABILITY FIX: Nov 12, 1999
+004: RELIABILITY FIX: Nov 12, 1999
   sparc only

 The sparc kernel can be crashed by a user.

 
 A source code patch exists which remedies this problem.
 
 

-003: FUNCTIONALITY FIX: Nov 10, 1999
+003: FUNCTIONALITY FIX: Nov 10, 1999
   All architectures

 m4 is quite broken in the 2.6 release.

 
@@ -291,14 +289,14 @@
 This is the 3rd revision of the patch.
 
 

-002: SECURITY FIX: Nov 9, 1999
+002: SECURITY FIX: Nov 9, 1999
   All architectures

 Any user can change interface media configurations.

 
 A source code patch exists which remedies this problem.
 
 

-001: RELIABILITY FIX: Nov 8, 1999
+001: RELIABILITY FIX: Nov 8, 1999
   All architectures

 A race condition in newsyslog(8) can cause errors in log file rotation.

 
@@ -308,6 +306,3 @@

- - -