www/errata27.html - diff

Return to errata27.html CVS log

Up to [local] / www

Diff for /www/errata27.html between version 1.36 and 1.37

version 1.36, 2003/10/24 22:12:40

version 1.37, 2003/11/21 16:55:16

Line 8

</head>

Line 50

Line 51

consult the <a href="./faq/faq10.html#10.14">OpenBSD FAQ</a>.

<hr>

<dl>

<h3>All architectures</h3>

<li><h3>All architectures</h3>

<ul>

<li>040: SECURITY FIX: Mar 18, 2001

040: SECURITY FIX: Mar 18, 2001

The readline library shipped with OpenBSD allows history files creation

with a permissive

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umask&sektion=2">umask(2)</a>.

Line 67

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/040_readline.patch

">A source code patch exists which remedies the problem.</a>

<li>039: SECURITY FIX: Feb 22, 2001

039: SECURITY FIX: Feb 22, 2001

There is an exploitable heap corruption bug in

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo</a>.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/038_named.patch">A source code patch exists which remedies the problem.</a>

<li>037: SECURITY FIX: Dec 4, 2000

037: SECURITY FIX: Dec 4, 2000

OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.

A source code patch exists which remedies the problem.</a>

<li>035: SECURITY FIX: Nov 10, 2000

035: SECURITY FIX: Nov 10, 2000

Hostile servers can force OpenSSH clients to do agent or X11 forwarding.

This problem is fixed as of OpenSSH 2.3.0.

A source code patch exists which remedies this problem.</a>

<li>033: RELIABILITY FIX: Nov 6, 2000

033: RELIABILITY FIX: Nov 6, 2000

Invalid fields in the exec header could cause a crash.

A source code patch exists which remedies this problem.</a>

<li>032: SECURITY FIX: Oct 26, 2000

032: SECURITY FIX: Oct 26, 2000

There are two possibly exploitable potential buffer overflows in the X11

libraries using the xtrans code. One of these vulnerabilities was

reported to the

Line 104

A source code patch exists which remedies this problem.</a>

<li>031: SECURITY FIX: Oct 18, 2000

031: SECURITY FIX: Oct 18, 2000

Apache has several bugs in <tt>mod_rewrite</tt> and <tt>mod_vhost_alias</tt>

that could cause arbitrary files accessible to the www user on the server

to be exposed under certain configurations when these modules are used.

Line 114

A source code patch exists which remedies this problem.</a>

<li>030: SECURITY FIX: Oct 10, 2000

030: SECURITY FIX: Oct 10, 2000

The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH

and TERMCAP (when it starts with a '/') environment variables.

A source code patch exists which remedies this problem.</a>

<li>029: RELIABILITY FIX: Oct 9, 2000

029: RELIABILITY FIX: Oct 9, 2000

There is a non-exploitable buffer overflow in sendmail's test mode.

A source code patch exists which remedies this problem.</a>

<li>028: SECURITY FIX: Oct 6, 2000

028: SECURITY FIX: Oct 6, 2000

There are printf-style format string bugs in several privileged programs.

A source code patch exists which remedies this problem.</a>

<li>027: SECURITY FIX: Oct 6, 2000

027: SECURITY FIX: Oct 6, 2000

libcurses honored terminal descriptions in the $HOME/.terminfo directory

as well as in the TERMCAP environment variable for setuid and setgid

applications.

Line 145

A source code patch exists which remedies this problem.</a>

<li>026: SECURITY FIX: Oct 6, 2000

026: SECURITY FIX: Oct 6, 2000

A format string vulnerability exists in talkd(8). It is not clear

yet what the impact is.

A source code patch exists which remedies this problem.</a>

<li>025: SECURITY FIX: Oct 3, 2000

025: SECURITY FIX: Oct 3, 2000

A format string vulnerability exists in the pw_error(3) function. This

manifests itself as a security hole in the chpass utility. As a workaround

which disables its functionality, do

Line 164

A source code patch exists which remedies this problem.</a>

<li>024: SECURITY FIX: Sep 18, 2000

024: SECURITY FIX: Sep 18, 2000

Bad ESP/AH packets could cause a crash under certain conditions.

A source code patch exists which remedies this problem.</a>

<li>023: SECURITY FIX: Aug 16, 2000

023: SECURITY FIX: Aug 16, 2000

A format string vulnerability exists in xlock. As a workaround which disables

its functionality, do

<pre>

Line 180

A source code patch exists which remedies this problem.</a>

<li>021: SECURITY FIX: July 14, 2000

021: SECURITY FIX: July 14, 2000

Various problems in X11 libraries have various side effects. We provide a

jumbo patch to fix them.

<ul>

Line 211

ignore the build error. The whatis database will be rebuilt the next

time /etc/weekly runs.

<li>019: SECURITY FIX: July 5, 2000

019: SECURITY FIX: July 5, 2000

Just like pretty much all the other unix ftp daemons on the planet,

ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default.

The problem exists if anonymous ftp is enabled.

Line 220

A source code patch exists which remedies this problem.</a>

<li>018: SECURITY FIX: July 5, 2000

018: SECURITY FIX: July 5, 2000

Mopd contained a buffer overflow.

A source code patch exists which remedies this problem.</a>

<li>017: INSTALLATION FIX: July 3, 2000

017: INSTALLATION FIX: July 3, 2000

The screen package shipped with 2.7 does not install itself properly. The

existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to

Line 238

A source code patch exists which remedies this problem.</a>

<li>013: SECURITY FIX: June 28, 2000

013: SECURITY FIX: June 28, 2000

libedit would check for a .editrc file in the current directory.

That behaviour is not nice; this does not turn into a security problem in

any real world situation that we know of, but a patch is available anyways.

Line 247

A source code patch exists which remedies this problem.</a>

<li>012: SECURITY FIX: June 24, 2000

012: SECURITY FIX: June 24, 2000

A serious bug in dhclient(8) could allow strings from a malicious dhcp

server to be executed in the shell as root.

A source code patch exists which remedies this problem.</a>

<li>009: SECURITY FIX: June 9, 2000

009: SECURITY FIX: June 9, 2000

A serious bug in isakmpd(8) policy handling wherein policy

verification could be completely bypassed in isakmpd.

A source code patch exists which remedies this problem.</a>

<li>008: RELIABILITY FIX: June 8, 2000

008: RELIABILITY FIX: June 8, 2000

Some operations in msdosfs could result in a system panic.

A source code patch exists which remedies this problem.</a>

<li>007: RELIABILITY FIX: June 8, 2000

007: RELIABILITY FIX: June 8, 2000

NFS exporting of CD filesystems caused a system panic.

A source code patch exists which remedies this problem.</a>

<li>006: SECURITY FIX: June 6, 2000

006: SECURITY FIX: June 6, 2000

The non-default UseLogin feature in /etc/sshd_config is broken and should not

be used. On other operating systems, it results in a hole.

Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.

<li>005: RELIABILITY FIX: May 29, 2000

005: RELIABILITY FIX: May 29, 2000

Parse IPv4 options more carefully. It is not yet clear if this can even be used

to crash the machine remote or locally.

A source code patch exists which remedies this problem.</a>

<li>004: RELIABILITY FIX: May 29, 2000

004: RELIABILITY FIX: May 29, 2000

Certain routing table modifications by the superuser could cause a system panic.

A source code patch exists which remedies this problem.</a>

<li>003: SECURITY FIX: May 26, 2000

003: SECURITY FIX: May 26, 2000

It is possible to bypass the learning flag on an interface if frames

go directly to the machine acting as a

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge</a>.

Line 307

A source code patch exists which remedies this problem.</a>

<li>002: DRIVER FIX: May 26, 2000

002: DRIVER FIX: May 26, 2000

The

driver will complain when adding an address with ifconfig

Line 316

A source code patch exists which remedies this problem.</a>

<li>001: SECURITY FIX: May 25, 2000

001: SECURITY FIX: May 25, 2000

A misuse of ipf(8)

keep-state rules can result in firewall rules being bypassed.

Line 326

</ul>

<ul>

<li>016: DRIVER BUG: July 2, 2000

016: DRIVER BUG: July 2, 2000

The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>

driver supporting various 3com cards, had a bug which prevented the multicast

filter from working correctly on the 3c905B, thus preventing many IPv6 things

Line 339

A source code patch exists which remedies this problem.</a>

<li>015: DRIVER BUG: June 30, 2000

015: DRIVER BUG: June 30, 2000

The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ste&sektion=4">ste(4)</a>

driver supporting Ethernet cards based on the Sundance ST201 chipset

(i.e., the D-Link 550TX) has a bug which causes the machine to panic at

Line 349

A source code patch exists which remedies this problem.</a>

<li>014: DRIVER BUG: June 30, 2000

014: DRIVER BUG: June 30, 2000

The PC console driver (PCVT) has two bugs. Display problems can result if

reverse video mode is turned on or off twice in a row. This patch also

fixes a problem with scrolling region handling that has been seen by many

Line 359

There is now a second revision of the source code patch which remedies this problem.</a>

<li>011: DRIVER BUG: June 17, 2000

011: DRIVER BUG: June 17, 2000

The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=an&sektion=4">an(4)</a>

Aironet Communications 4500/4800 IEEE 802.11DS driver has a bug which prevents

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ancontrol&sektion=8">ancontrol(8)</a> from working correctly, instead causing a panic.

Line 370

</ul>

<ul>

<li>022: INSTALLATION FIX: July 14, 2000

022: INSTALLATION FIX: July 14, 2000

The MacOS installer shipped with OpenBSD 2.7 does not correctly make all

devices, specifically it does not make the <tt>/dev/arandom</tt> device

Line 384

To work around this, once your machine is up and running run the following

commands as root:

<pre>

# cd /dev

# ./MAKEDEV arandom

</pre></tt>

</pre>

After doing this (and possibly installing one of the ssl27 packages),

reboot your machine and it will generate ssh keys correctly.

</ul>

<li><h3>sparc</h3>

<h3>sparc</h3>

<ul>

<li>036: RELIABILITY FIX: Nov 17, 2000

036: RELIABILITY FIX: Nov 17, 2000

Configuring a qec+qe causes a NMI panic.

A source code patch exists which remedies this problem.</a>

<li>034: RELIABILITY FIX: Nov 10, 2000

034: RELIABILITY FIX: Nov 10, 2000

When running a sparc with a serial console, certain types of interrupts would

cause great grief.

Line 411

</ul>

<li><h3>amiga</h3>

<h3>amiga</h3>

<ul>

<li>010: CD DISTRIBUTION ERROR: June 15, 2000

010: CD DISTRIBUTION ERROR: June 15, 2000

On the 2.7 CD media, the amiga distribution contains two pairs of archives

files for installation, ie:

<pre>

Line 439

</ul>

<ul>

<li>020: KERNEL BUG: July 10, 2000

020: KERNEL BUG: July 10, 2000

As originally shipped, the pmax port would fail to install due to

/kern/msgbuf bugs.

The necessary fixes have been merged,

Line 458

</ul>

<ul>

<li>No problems identified yet.

</ul>

<li><h3>alpha</h3>

<h3>alpha</h3>

<ul>

<li>No problems identified yet.

</ul>

<ul>

<li>No problems identified yet.

</ul>

<ul>

<li>No problems identified yet.

</ul>

<li><h3>powerpc</h3>

<h3>powerpc</h3>

<ul>

<li>No problems identified yet.

</ul>

</dl>

<hr>