=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata27.html,v retrieving revision 1.72 retrieving revision 1.73 diff -c -r1.72 -r1.73 *** www/errata27.html 2014/10/02 14:34:45 1.72 --- www/errata27.html 2015/02/14 04:36:51 1.73 *************** *** 81,87 ****

040: SECURITY FIX: Mar 18, 2001 All architectures
The readline library shipped with OpenBSD allows history files creation --- 81,87 ----
- 040: SECURITY FIX: Mar 18, 2001 All architectures
  The readline library shipped with OpenBSD allows history files creation *************** *** 95,101 **** A source code patch exists which remedies this problem.
  !
- 039: SECURITY FIX: Feb 22, 2001 All architectures
  There is an exploitable heap corruption bug in --- 95,101 ---- A source code patch exists which remedies this problem.
  !
- 039: SECURITY FIX: Feb 22, 2001 All architectures
  There is an exploitable heap corruption bug in *************** *** 104,123 **** A source code patch exists which remedies this problem.
  !
- 037: SECURITY FIX: Dec 4, 2000 All architectures
  OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.
  A source code patch exists which remedies this problem.
  !
- 036: RELIABILITY FIX: Nov 17, 2000
  Configuring a qec+qe causes a NMI panic.
  A source code patch exists which remedies this problem.
  !
- 035: SECURITY FIX: Nov 10, 2000 All architectures
  Hostile servers can force OpenSSH clients to do agent or X11 forwarding. --- 104,123 ---- A source code patch exists which remedies this problem.
  !
- 037: SECURITY FIX: Dec 4, 2000 All architectures
  OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.
  A source code patch exists which remedies this problem.
  !
- 036: RELIABILITY FIX: Nov 17, 2000
  Configuring a qec+qe causes a NMI panic.
  A source code patch exists which remedies this problem.
  !
- 035: SECURITY FIX: Nov 10, 2000 All architectures
  Hostile servers can force OpenSSH clients to do agent or X11 forwarding. *************** *** 125,145 **** A source code patch exists which remedies this problem.
  !
- 034: RELIABILITY FIX: Nov 10, 2000
  When running a sparc with a serial console, certain types of interrupts would cause great grief.
  A source code patch exists which remedies this problem.
  !
- 033: RELIABILITY FIX: Nov 6, 2000 All architectures
  Invalid fields in the exec header could cause a crash.
  A source code patch exists which remedies this problem.
  !
- 032: SECURITY FIX: Oct 26, 2000 All architectures
  There are two possibly exploitable potential buffer overflows in the X11 --- 125,145 ---- A source code patch exists which remedies this problem.
  !
- 034: RELIABILITY FIX: Nov 10, 2000
  When running a sparc with a serial console, certain types of interrupts would cause great grief.
  A source code patch exists which remedies this problem.
  !
- 033: RELIABILITY FIX: Nov 6, 2000 All architectures
  Invalid fields in the exec header could cause a crash.
  A source code patch exists which remedies this problem.
  !
- 032: SECURITY FIX: Oct 26, 2000 All architectures
  There are two possibly exploitable potential buffer overflows in the X11 *************** *** 151,157 **** A source code patch exists which remedies this problem.
  !
- 031: SECURITY FIX: Oct 18, 2000 All architectures
  Apache has several bugs in mod_rewrite and mod_vhost_alias --- 151,157 ---- A source code patch exists which remedies this problem.
  !
- 031: SECURITY FIX: Oct 18, 2000 All architectures
  Apache has several bugs in mod_rewrite and mod_vhost_alias *************** *** 162,168 **** A source code patch exists which remedies this problem.
  !
- 030: SECURITY FIX: Oct 10, 2000 All architectures
  The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH --- 162,168 ---- A source code patch exists which remedies this problem.
  !
- 030: SECURITY FIX: Oct 10, 2000 All architectures
  The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH *************** *** 171,177 **** A source code patch exists which remedies this problem.
  !
- 029: RELIABILITY FIX: Oct 9, 2000 All architectures
  There is a non-exploitable buffer overflow in sendmail's test mode. --- 171,177 ---- A source code patch exists which remedies this problem.
  !
- 029: RELIABILITY FIX: Oct 9, 2000 All architectures
  There is a non-exploitable buffer overflow in sendmail's test mode. *************** *** 179,185 **** A source code patch exists which remedies this problem.
  !
- 028: SECURITY FIX: Oct 6, 2000 All architectures
  There are printf-style format string bugs in several privileged programs. --- 179,185 ---- A source code patch exists which remedies this problem.
  !
- 028: SECURITY FIX: Oct 6, 2000 All architectures
  There are printf-style format string bugs in several privileged programs. *************** *** 187,193 **** A source code patch exists which remedies this problem.
  !
- 027: SECURITY FIX: Oct 6, 2000 All architectures
  libcurses honored terminal descriptions in the $HOME/.terminfo directory --- 187,193 ---- A source code patch exists which remedies this problem.
  !
- 027: SECURITY FIX: Oct 6, 2000 All architectures
  libcurses honored terminal descriptions in the $HOME/.terminfo directory *************** *** 197,203 **** A source code patch exists which remedies this problem.
  !
- 026: SECURITY FIX: Oct 6, 2000 All architectures
  A format string vulnerability exists in talkd(8). It is not clear --- 197,203 ---- A source code patch exists which remedies this problem.
  !
- 026: SECURITY FIX: Oct 6, 2000 All architectures
  A format string vulnerability exists in talkd(8). It is not clear *************** *** 206,212 **** A source code patch exists which remedies this problem.
  !
- 025: SECURITY FIX: Oct 3, 2000 All architectures
  A format string vulnerability exists in the pw_error(3) function. This --- 206,212 ---- A source code patch exists which remedies this problem.
  !
- 025: SECURITY FIX: Oct 3, 2000 All architectures
  A format string vulnerability exists in the pw_error(3) function. This *************** *** 218,231 **** A source code patch exists which remedies this problem.
  !
- 024: SECURITY FIX: Sep 18, 2000 All architectures
  Bad ESP/AH packets could cause a crash under certain conditions.
  A source code patch exists which remedies this problem.
  !
- 023: SECURITY FIX: Aug 16, 2000 All architectures
  A format string vulnerability exists in xlock. As a workaround which disables --- 218,231 ---- A source code patch exists which remedies this problem.
  !
- 024: SECURITY FIX: Sep 18, 2000 All architectures
  Bad ESP/AH packets could cause a crash under certain conditions.
  A source code patch exists which remedies this problem.
  !
- 023: SECURITY FIX: Aug 16, 2000 All architectures
  A format string vulnerability exists in xlock. As a workaround which disables *************** *** 236,242 **** A source code patch exists which remedies this problem.
  !
- 022: INSTALLATION FIX: July 14, 2000
  The MacOS installer shipped with OpenBSD 2.7 does not correctly make all --- 236,242 ---- A source code patch exists which remedies this problem.
  !
- 022: INSTALLATION FIX: July 14, 2000
  The MacOS installer shipped with OpenBSD 2.7 does not correctly make all *************** *** 255,261 **** After doing this (and possibly installing one of the ssl27 packages), reboot your machine and it will generate ssh keys correctly.
  !
- 021: SECURITY FIX: July 14, 2000 All architectures
  Various problems in X11 libraries have various side effects. We provide a --- 255,261 ---- After doing this (and possibly installing one of the ssl27 packages), reboot your machine and it will generate ssh keys correctly.
  !
- 021: SECURITY FIX: July 14, 2000 All architectures
  Various problems in X11 libraries have various side effects. We provide a *************** *** 287,293 **** ignore the build error. The whatis database will be rebuilt the next time /etc/weekly runs.
  !
- 020: KERNEL BUG: July 10, 2000
  As originally shipped, the pmax port would fail to install due to /kern/msgbuf bugs.
  --- 287,293 ---- ignore the build error. The whatis database will be rebuilt the next time /etc/weekly runs.
  !
- 020: KERNEL BUG: July 10, 2000
  As originally shipped, the pmax port would fail to install due to /kern/msgbuf bugs.
  *************** *** 301,307 **** A source code patch exists which remedies this problem.
  !
- 019: SECURITY FIX: July 5, 2000 All architectures
  Just like pretty much all the other unix ftp daemons on the planet, --- 301,307 ---- A source code patch exists which remedies this problem.
  !
- 019: SECURITY FIX: July 5, 2000 All architectures
  Just like pretty much all the other unix ftp daemons on the planet, *************** *** 311,317 **** A source code patch exists which remedies this problem.
  !
- 018: SECURITY FIX: July 5, 2000 All architectures
  Mopd contained a buffer overflow. --- 311,317 ---- A source code patch exists which remedies this problem.
  !
- 018: SECURITY FIX: July 5, 2000 All architectures
  Mopd contained a buffer overflow. *************** *** 319,325 **** A source code patch exists which remedies this problem.
  !
- 017: INSTALLATION FIX: July 3, 2000 All architectures
  The screen package shipped with 2.7 does not install itself properly. The --- 319,325 ---- A source code patch exists which remedies this problem.
  !
- 017: INSTALLATION FIX: July 3, 2000 All architectures
  The screen package shipped with 2.7 does not install itself properly. The *************** *** 330,336 **** A source code patch exists which remedies this problem.
  !
- 016: DRIVER BUG: July 2, 2000
  The xl(4) driver supporting various 3com cards, had a bug which prevented the multicast --- 330,336 ---- A source code patch exists which remedies this problem.
  !
- 016: DRIVER BUG: July 2, 2000
  The xl(4) driver supporting various 3com cards, had a bug which prevented the multicast *************** *** 340,346 **** A source code patch exists which remedies this problem.
  !
- 015: DRIVER BUG: June 30, 2000
  The ste(4) driver supporting Ethernet cards based on the Sundance ST201 chipset --- 340,346 ---- A source code patch exists which remedies this problem.
  !
- 015: DRIVER BUG: June 30, 2000
  The ste(4) driver supporting Ethernet cards based on the Sundance ST201 chipset *************** *** 350,356 **** A source code patch exists which remedies this problem.
  !
- 014: DRIVER BUG: June 30, 2000
  The PC console driver (PCVT) has two bugs. Display problems can result if reverse video mode is turned on or off twice in a row. This patch also --- 350,356 ---- A source code patch exists which remedies this problem.
  !
- 014: DRIVER BUG: June 30, 2000
  The PC console driver (PCVT) has two bugs. Display problems can result if reverse video mode is turned on or off twice in a row. This patch also *************** *** 361,367 **** A source code patch exists which remedies this problem. This is the second revision of the patch.
  !
- 013: SECURITY FIX: June 28, 2000 All architectures
  libedit would check for a .editrc file in the current directory. --- 361,367 ---- A source code patch exists which remedies this problem. This is the second revision of the patch.
  !
- 013: SECURITY FIX: June 28, 2000 All architectures
  libedit would check for a .editrc file in the current directory. *************** *** 371,377 **** A source code patch exists which remedies this problem.
  !
- 012: SECURITY FIX: June 24, 2000 All architectures
  A serious bug in dhclient(8) could allow strings from a malicious dhcp --- 371,377 ---- A source code patch exists which remedies this problem.
  !
- 012: SECURITY FIX: June 24, 2000 All architectures
  A serious bug in dhclient(8) could allow strings from a malicious dhcp *************** *** 380,386 **** A source code patch exists which remedies this problem.
  !
- 011: DRIVER BUG: June 17, 2000
  The an(4) Aironet Communications 4500/4800 IEEE 802.11DS driver has a bug which prevents --- 380,386 ---- A source code patch exists which remedies this problem.
  !
- 011: DRIVER BUG: June 17, 2000
  The an(4) Aironet Communications 4500/4800 IEEE 802.11DS driver has a bug which prevents *************** *** 389,395 **** A source code patch exists which remedies this problem.
  !
- 010: CD DISTRIBUTION ERROR: June 15, 2000
  On the 2.7 CD media, the amiga distribution contains two pairs of archives files for installation, ie: --- 389,395 ---- A source code patch exists which remedies this problem.
  !
- 010: CD DISTRIBUTION ERROR: June 15, 2000
  On the 2.7 CD media, the amiga distribution contains two pairs of archives files for installation, ie: *************** *** 412,418 **** the *.tar.gz versions.
  The FTP area sets do not suffer from this problem.
  !
- 009: SECURITY FIX: June 9, 2000 All architectures
  A serious bug in isakmpd(8) policy handling wherein policy --- 412,418 ---- the *.tar.gz versions.
  The FTP area sets do not suffer from this problem.
  !
- 009: SECURITY FIX: June 9, 2000 All architectures
  A serious bug in isakmpd(8) policy handling wherein policy *************** *** 421,427 **** A source code patch exists which remedies this problem.
  !
- 008: RELIABILITY FIX: June 8, 2000 All architectures
  Some operations in msdosfs could result in a system panic. --- 421,427 ---- A source code patch exists which remedies this problem.
  !
- 008: RELIABILITY FIX: June 8, 2000 All architectures
  Some operations in msdosfs could result in a system panic. *************** *** 429,435 **** A source code patch exists which remedies this problem.
  !
- 007: RELIABILITY FIX: June 8, 2000 All architectures
  NFS exporting of CD filesystems caused a system panic. --- 429,435 ---- A source code patch exists which remedies this problem.
  !
- 007: RELIABILITY FIX: June 8, 2000 All architectures
  NFS exporting of CD filesystems caused a system panic. *************** *** 437,450 **** A source code patch exists which remedies this problem.
  !
- 006: SECURITY FIX: June 6, 2000 All architectures
  The non-default UseLogin feature in /etc/sshd_config is broken and should not be used. On other operating systems, it results in a hole.
  Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
  !
- 005: RELIABILITY FIX: May 29, 2000 All architectures
  Parse IPv4 options more carefully. It is not yet clear if this can even be used --- 437,450 ---- A source code patch exists which remedies this problem.
  !
- 006: SECURITY FIX: June 6, 2000 All architectures
  The non-default UseLogin feature in /etc/sshd_config is broken and should not be used. On other operating systems, it results in a hole.
  Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
  !
- 005: RELIABILITY FIX: May 29, 2000 All architectures
  Parse IPv4 options more carefully. It is not yet clear if this can even be used *************** *** 453,459 **** A source code patch exists which remedies this problem.
  !
- 004: RELIABILITY FIX: May 29, 2000 All architectures
  Certain routing table modifications by the superuser could cause a system panic. --- 453,459 ---- A source code patch exists which remedies this problem.
  !
- 004: RELIABILITY FIX: May 29, 2000 All architectures
  Certain routing table modifications by the superuser could cause a system panic. *************** *** 461,467 **** A source code patch exists which remedies this problem.
  !
- 003: SECURITY FIX: May 26, 2000 All architectures
  It is possible to bypass the learning flag on an interface if frames --- 461,467 ---- A source code patch exists which remedies this problem.
  !
- 003: SECURITY FIX: May 26, 2000 All architectures
  It is possible to bypass the learning flag on an interface if frames *************** *** 471,477 **** A source code patch exists which remedies this problem.
  !
- 002: DRIVER FIX: May 26, 2000 All architectures
  The --- 471,477 ---- A source code patch exists which remedies this problem.
  !
- 002: DRIVER FIX: May 26, 2000 All architectures
  The *************** *** 481,487 **** A source code patch exists which remedies this problem.
  !
- 001: SECURITY FIX: May 25, 2000 All architectures
  A misuse of ipf(8) --- 481,487 ---- A source code patch exists which remedies this problem.
  !
- 001: SECURITY FIX: May 25, 2000 All architectures
  A misuse of ipf(8)