All architectures
-
!
!
- 040: SECURITY FIX: Mar 18, 2001
The readline library shipped with OpenBSD allows history files creation with a permissive umask(2). --- 51,61 ---- consult the OpenBSD FAQ.
! !All architectures
-
!
-
! 040: SECURITY FIX: Mar 18, 2001
The readline library shipped with OpenBSD allows history files creation with a permissive umask(2). *************** *** 67,100 **** A source code patch exists which remedies the problem.
- 039: SECURITY FIX: Feb 22, 2001
There is an exploitable heap corruption bug in sudo.
A source code patch exists which remedies the problem.
- 037: SECURITY FIX: Dec 4, 2000
OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.
A source code patch exists which remedies the problem. - 035: SECURITY FIX: Nov 10, 2000
Hostile servers can force OpenSSH clients to do agent or X11 forwarding. This problem is fixed as of OpenSSH 2.3.0.
A source code patch exists which remedies this problem. - 033: RELIABILITY FIX: Nov 6, 2000
Invalid fields in the exec header could cause a crash.
A source code patch exists which remedies this problem. - 032: SECURITY FIX: Oct 26, 2000
There are two possibly exploitable potential buffer overflows in the X11 libraries using the xtrans code. One of these vulnerabilities was reported to the --- 67,100 ---- A source code patch exists which remedies the problem.
!
-
! 039: SECURITY FIX: Feb 22, 2001
There is an exploitable heap corruption bug in sudo.
A source code patch exists which remedies the problem.
!
-
! 037: SECURITY FIX: Dec 4, 2000
OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.
A source code patch exists which remedies the problem.!
-
! 035: SECURITY FIX: Nov 10, 2000
Hostile servers can force OpenSSH clients to do agent or X11 forwarding. This problem is fixed as of OpenSSH 2.3.0.
A source code patch exists which remedies this problem.!
-
! 033: RELIABILITY FIX: Nov 6, 2000
Invalid fields in the exec header could cause a crash.
A source code patch exists which remedies this problem.!
-
! 032: SECURITY FIX: Oct 26, 2000
There are two possibly exploitable potential buffer overflows in the X11 libraries using the xtrans code. One of these vulnerabilities was reported to the *************** *** 104,111 **** A source code patch exists which remedies this problem. - 031: SECURITY FIX: Oct 18, 2000
Apache has several bugs in mod_rewrite and mod_vhost_alias that could cause arbitrary files accessible to the www user on the server to be exposed under certain configurations when these modules are used. --- 104,111 ---- A source code patch exists which remedies this problem.!
-
! 031: SECURITY FIX: Oct 18, 2000
Apache has several bugs in mod_rewrite and mod_vhost_alias that could cause arbitrary files accessible to the www user on the server to be exposed under certain configurations when these modules are used. *************** *** 114,143 **** A source code patch exists which remedies this problem. - 030: SECURITY FIX: Oct 10, 2000
The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH and TERMCAP (when it starts with a '/') environment variables.
A source code patch exists which remedies this problem. - 029: RELIABILITY FIX: Oct 9, 2000
There is a non-exploitable buffer overflow in sendmail's test mode.
A source code patch exists which remedies this problem. - 028: SECURITY FIX: Oct 6, 2000
There are printf-style format string bugs in several privileged programs.
A source code patch exists which remedies this problem. - 027: SECURITY FIX: Oct 6, 2000
libcurses honored terminal descriptions in the $HOME/.terminfo directory as well as in the TERMCAP environment variable for setuid and setgid applications. --- 114,143 ---- A source code patch exists which remedies this problem.!
-
! 030: SECURITY FIX: Oct 10, 2000
The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH and TERMCAP (when it starts with a '/') environment variables.
A source code patch exists which remedies this problem.!
-
! 029: RELIABILITY FIX: Oct 9, 2000
There is a non-exploitable buffer overflow in sendmail's test mode.
A source code patch exists which remedies this problem.!
-
! 028: SECURITY FIX: Oct 6, 2000
There are printf-style format string bugs in several privileged programs.
A source code patch exists which remedies this problem.!
-
! 027: SECURITY FIX: Oct 6, 2000
libcurses honored terminal descriptions in the $HOME/.terminfo directory as well as in the TERMCAP environment variable for setuid and setgid applications. *************** *** 145,160 **** A source code patch exists which remedies this problem. - 026: SECURITY FIX: Oct 6, 2000
A format string vulnerability exists in talkd(8). It is not clear yet what the impact is.
A source code patch exists which remedies this problem. - 025: SECURITY FIX: Oct 3, 2000
A format string vulnerability exists in the pw_error(3) function. This manifests itself as a security hole in the chpass utility. As a workaround which disables its functionality, do --- 145,160 ---- A source code patch exists which remedies this problem.!
-
! 026: SECURITY FIX: Oct 6, 2000
A format string vulnerability exists in talkd(8). It is not clear yet what the impact is.
A source code patch exists which remedies this problem.!
-
! 025: SECURITY FIX: Oct 3, 2000
A format string vulnerability exists in the pw_error(3) function. This manifests itself as a security hole in the chpass utility. As a workaround which disables its functionality, do *************** *** 164,177 **** A source code patch exists which remedies this problem. - 024: SECURITY FIX: Sep 18, 2000
Bad ESP/AH packets could cause a crash under certain conditions.
A source code patch exists which remedies this problem. - 023: SECURITY FIX: Aug 16, 2000
A format string vulnerability exists in xlock. As a workaround which disables its functionality, do--- 164,177 ---- A source code patch exists which remedies this problem.
!
-
! 024: SECURITY FIX: Sep 18, 2000
Bad ESP/AH packets could cause a crash under certain conditions.
A source code patch exists which remedies this problem.!
-
! 023: SECURITY FIX: Aug 16, 2000
A format string vulnerability exists in xlock. As a workaround which disables its functionality, do*************** *** 180,187 **** A source code patch exists which remedies this problem.
- 021: SECURITY FIX: July 14, 2000
Various problems in X11 libraries have various side effects. We provide a jumbo patch to fix them.-
--- 180,187 ----
A source code patch exists which remedies this problem.
-
! 021: SECURITY FIX: July 14, 2000
Various problems in X11 libraries have various side effects. We provide a jumbo patch to fix them.-
***************
*** 211,218 ****
ignore the build error. The whatis database will be rebuilt the next
time /etc/weekly runs.
- 019: SECURITY FIX: July 5, 2000
Just like pretty much all the other unix ftp daemons on the planet, ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default. The problem exists if anonymous ftp is enabled. --- 211,218 ---- ignore the build error. The whatis database will be rebuilt the next time /etc/weekly runs.!
-
! 019: SECURITY FIX: July 5, 2000
Just like pretty much all the other unix ftp daemons on the planet, ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default. The problem exists if anonymous ftp is enabled. *************** *** 220,234 **** A source code patch exists which remedies this problem. - 018: SECURITY FIX: July 5, 2000
Mopd contained a buffer overflow.
A source code patch exists which remedies this problem. - 017: INSTALLATION FIX: July 3, 2000
The screen package shipped with 2.7 does not install itself properly. The existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to --- 220,234 ---- A source code patch exists which remedies this problem.!
-
! 018: SECURITY FIX: July 5, 2000
Mopd contained a buffer overflow.
A source code patch exists which remedies this problem.!
-
! 017: INSTALLATION FIX: July 3, 2000
The screen package shipped with 2.7 does not install itself properly. The existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to *************** *** 238,245 **** A source code patch exists which remedies this problem. - 013: SECURITY FIX: June 28, 2000
libedit would check for a .editrc file in the current directory. That behaviour is not nice; this does not turn into a security problem in any real world situation that we know of, but a patch is available anyways. --- 238,245 ---- A source code patch exists which remedies this problem.!
-
! 013: SECURITY FIX: June 28, 2000
libedit would check for a .editrc file in the current directory. That behaviour is not nice; this does not turn into a security problem in any real world situation that we know of, but a patch is available anyways. *************** *** 247,305 **** A source code patch exists which remedies this problem. - 012: SECURITY FIX: June 24, 2000
A serious bug in dhclient(8) could allow strings from a malicious dhcp server to be executed in the shell as root.
A source code patch exists which remedies this problem. - 009: SECURITY FIX: June 9, 2000
A serious bug in isakmpd(8) policy handling wherein policy verification could be completely bypassed in isakmpd.
A source code patch exists which remedies this problem. - 008: RELIABILITY FIX: June 8, 2000
Some operations in msdosfs could result in a system panic.
A source code patch exists which remedies this problem. - 007: RELIABILITY FIX: June 8, 2000
NFS exporting of CD filesystems caused a system panic.
A source code patch exists which remedies this problem. - 006: SECURITY FIX: June 6, 2000
The non-default UseLogin feature in /etc/sshd_config is broken and should not be used. On other operating systems, it results in a hole.
Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it. - 005: RELIABILITY FIX: May 29, 2000
Parse IPv4 options more carefully. It is not yet clear if this can even be used to crash the machine remote or locally.
A source code patch exists which remedies this problem. - 004: RELIABILITY FIX: May 29, 2000
Certain routing table modifications by the superuser could cause a system panic.
A source code patch exists which remedies this problem. - 003: SECURITY FIX: May 26, 2000
It is possible to bypass the learning flag on an interface if frames go directly to the machine acting as a bridge. --- 247,305 ---- A source code patch exists which remedies this problem.!
-
! 012: SECURITY FIX: June 24, 2000
A serious bug in dhclient(8) could allow strings from a malicious dhcp server to be executed in the shell as root.
A source code patch exists which remedies this problem.!
-
! 009: SECURITY FIX: June 9, 2000
A serious bug in isakmpd(8) policy handling wherein policy verification could be completely bypassed in isakmpd.
A source code patch exists which remedies this problem.!
-
! 008: RELIABILITY FIX: June 8, 2000
Some operations in msdosfs could result in a system panic.
A source code patch exists which remedies this problem.!
-
! 007: RELIABILITY FIX: June 8, 2000
NFS exporting of CD filesystems caused a system panic.
A source code patch exists which remedies this problem.!
-
! 006: SECURITY FIX: June 6, 2000
The non-default UseLogin feature in /etc/sshd_config is broken and should not be used. On other operating systems, it results in a hole.
Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.!
-
! 005: RELIABILITY FIX: May 29, 2000
Parse IPv4 options more carefully. It is not yet clear if this can even be used to crash the machine remote or locally.
A source code patch exists which remedies this problem.!
-
! 004: RELIABILITY FIX: May 29, 2000
Certain routing table modifications by the superuser could cause a system panic.
A source code patch exists which remedies this problem.!
-
! 003: SECURITY FIX: May 26, 2000
It is possible to bypass the learning flag on an interface if frames go directly to the machine acting as a bridge. *************** *** 307,314 **** A source code patch exists which remedies this problem. - 002: DRIVER FIX: May 26, 2000
The ef(4) driver will complain when adding an address with ifconfig --- 307,314 ---- A source code patch exists which remedies this problem.!
-
! 002: DRIVER FIX: May 26, 2000
The ef(4) driver will complain when adding an address with ifconfig *************** *** 316,323 **** A source code patch exists which remedies this problem. - 001: SECURITY FIX: May 25, 2000
A misuse of ipf(8) keep-state rules can result in firewall rules being bypassed.
--- 316,323 ---- A source code patch exists which remedies this problem.!
-
! 001: SECURITY FIX: May 25, 2000
A misuse of ipf(8) keep-state rules can result in firewall rules being bypassed.
*************** *** 326,336 ****
- 019: SECURITY FIX: July 5, 2000
i386
-
!
!
- 016: DRIVER BUG: July 2, 2000
The xl(4) driver supporting various 3com cards, had a bug which prevented the multicast filter from working correctly on the 3c905B, thus preventing many IPv6 things --- 326,336 ----
i386
-
!
-
! 016: DRIVER BUG: July 2, 2000
The xl(4) driver supporting various 3com cards, had a bug which prevented the multicast filter from working correctly on the 3c905B, thus preventing many IPv6 things *************** *** 339,346 **** A source code patch exists which remedies this problem. - 015: DRIVER BUG: June 30, 2000
The ste(4) driver supporting Ethernet cards based on the Sundance ST201 chipset (i.e., the D-Link 550TX) has a bug which causes the machine to panic at --- 339,346 ---- A source code patch exists which remedies this problem.!
-
! 015: DRIVER BUG: June 30, 2000
The ste(4) driver supporting Ethernet cards based on the Sundance ST201 chipset (i.e., the D-Link 550TX) has a bug which causes the machine to panic at *************** *** 349,356 **** A source code patch exists which remedies this problem. - 014: DRIVER BUG: June 30, 2000
The PC console driver (PCVT) has two bugs. Display problems can result if reverse video mode is turned on or off twice in a row. This patch also fixes a problem with scrolling region handling that has been seen by many --- 349,356 ---- A source code patch exists which remedies this problem.!
-
! 014: DRIVER BUG: June 30, 2000
The PC console driver (PCVT) has two bugs. Display problems can result if reverse video mode is turned on or off twice in a row. This patch also fixes a problem with scrolling region handling that has been seen by many *************** *** 359,366 **** There is now a second revision of the source code patch which remedies this problem. - 011: DRIVER BUG: June 17, 2000
The an(4) Aironet Communications 4500/4800 IEEE 802.11DS driver has a bug which prevents ancontrol(8) from working correctly, instead causing a panic. --- 359,366 ---- There is now a second revision of the source code patch which remedies this problem.!
-
! 011: DRIVER BUG: June 17, 2000
The an(4) Aironet Communications 4500/4800 IEEE 802.11DS driver has a bug which prevents ancontrol(8) from working correctly, instead causing a panic. *************** *** 370,380 ****
- 016: DRIVER BUG: July 2, 2000
mac68k
-
!
!
- 022: INSTALLATION FIX: July 14, 2000
The MacOS installer shipped with OpenBSD 2.7 does not correctly make all devices, specifically it does not make the /dev/arandom device --- 370,380 ----
mac68k
-
!
-
! 022: INSTALLATION FIX: July 14, 2000
The MacOS installer shipped with OpenBSD 2.7 does not correctly make all devices, specifically it does not make the /dev/arandom device *************** *** 384,409 ****
To work around this, once your machine is up and running run the following commands as root: !# cd /dev # ./MAKEDEV arandom !
After doing this (and possibly installing one of the ssl27 packages), reboot your machine and it will generate ssh keys correctly.
- 022: INSTALLATION FIX: July 14, 2000
sparc
-
!
!
- 036: RELIABILITY FIX: Nov 17, 2000
Configuring a qec+qe causes a NMI panic.
A source code patch exists which remedies this problem. - 034: RELIABILITY FIX: Nov 10, 2000
When running a sparc with a serial console, certain types of interrupts would cause great grief.
--- 384,409 ----
To work around this, once your machine is up and running run the following commands as root: !# cd /dev # ./MAKEDEV arandom !
After doing this (and possibly installing one of the ssl27 packages), reboot your machine and it will generate ssh keys correctly.
sparc
-
!
-
! 036: RELIABILITY FIX: Nov 17, 2000
Configuring a qec+qe causes a NMI panic.
A source code patch exists which remedies this problem.!
-
! 034: RELIABILITY FIX: Nov 10, 2000
When running a sparc with a serial console, certain types of interrupts would cause great grief.
*************** *** 411,421 ****
- 036: RELIABILITY FIX: Nov 17, 2000
amiga
-
!
!
- 010: CD DISTRIBUTION ERROR: June 15, 2000
On the 2.7 CD media, the amiga distribution contains two pairs of archives files for installation, ie:--- 411,421 ----
amiga
- 010: CD DISTRIBUTION ERROR: June 15, 2000
pmax
-
!
!
- 020: KERNEL BUG: July 10, 2000
As originally shipped, the pmax port would fail to install due to /kern/msgbuf bugs.
The necessary fixes have been merged, --- 439,449 ----
pmax
- 020: KERNEL BUG: July 10, 2000
arc
- No problems identified yet.
alpha
- No problems identified yet.
hp300
- No problems identified yet.
mvme68k
- No problems identified yet.
powerpc
- No problems identified yet.
--- 458,493 ----
!
arc
- No problems identified yet.
alpha
- No problems identified yet.
hp300
- No problems identified yet.
mvme68k
- No problems identified yet.
powerpc
- No problems identified yet.
*************** *** 513,519 ****
www@openbsd.org
!
$OpenBSD: errata27.html,v 1.36 2003/10/24 22:12:40 david Exp $ -
! 021: SECURITY FIX: July 14, 2000
-
! 040: SECURITY FIX: Mar 18, 2001