OpenBSD 2.7 Errata

=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata27.html,v retrieving revision 1.94 retrieving revision 1.95 diff -u -r1.94 -r1.95 --- www/errata27.html 2019/04/02 12:46:56 1.94 +++ www/errata27.html 2019/05/27 22:55:19 1.95 @@ -1,25 +1,23 @@ - - - + + + + OpenBSD 2.7 Errata - - - -

+

-OpenBSD -2.7 Errata +OpenBSD +2.7 Errata

@@ -87,7 +85,7 @@

-040: SECURITY FIX: Mar 18, 2001 +040: SECURITY FIX: Mar 18, 2001 All architectures
The readline library shipped with OpenBSD allows history files creation with a permissive @@ -101,7 +99,7 @@ A source code patch exists which remedies this problem.
-039: SECURITY FIX: Feb 22, 2001 +039: SECURITY FIX: Feb 22, 2001 All architectures
There is an exploitable heap corruption bug in sudo. @@ -110,20 +108,20 @@ A source code patch exists which remedies this problem.
-037: SECURITY FIX: Dec 4, 2000 +037: SECURITY FIX: Dec 4, 2000 All architectures
OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.
A source code patch exists which remedies this problem.
-036: RELIABILITY FIX: Nov 17, 2000
+036: RELIABILITY FIX: Nov 17, 2000
Configuring a qec+qe causes a NMI panic.
A source code patch exists which remedies this problem.
-035: SECURITY FIX: Nov 10, 2000 +035: SECURITY FIX: Nov 10, 2000 All architectures
Hostile servers can force OpenSSH clients to do agent or X11 forwarding. This problem is fixed as of OpenSSH 2.3.0.
@@ -131,21 +129,21 @@ A source code patch exists which remedies this problem.
-034: RELIABILITY FIX: Nov 10, 2000
+034: RELIABILITY FIX: Nov 10, 2000
When running a sparc with a serial console, certain types of interrupts would cause great grief.
A source code patch exists which remedies this problem.
-033: RELIABILITY FIX: Nov 6, 2000 +033: RELIABILITY FIX: Nov 6, 2000 All architectures
Invalid fields in the exec header could cause a crash.
A source code patch exists which remedies this problem.
-032: SECURITY FIX: Oct 26, 2000 +032: SECURITY FIX: Oct 26, 2000 All architectures
There are two possibly exploitable potential buffer overflows in the X11 libraries using the xtrans code. One of these vulnerabilities was @@ -157,9 +155,9 @@ A source code patch exists which remedies this problem.
-031: SECURITY FIX: Oct 18, 2000 +031: SECURITY FIX: Oct 18, 2000 All architectures
-Apache has several bugs in mod_rewrite and mod_vhost_alias +Apache has several bugs in mod_rewrite and mod_vhost_alias that could cause arbitrary files accessible to the www user on the server to be exposed under certain configurations when these modules are used. (These modules are not active by default). @@ -168,7 +166,7 @@ A source code patch exists which remedies this problem.
-030: SECURITY FIX: Oct 10, 2000 +030: SECURITY FIX: Oct 10, 2000 All architectures
The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH and TERMCAP (when it starts with a '/') environment variables. @@ -177,7 +175,7 @@ A source code patch exists which remedies this problem.
-029: RELIABILITY FIX: Oct 9, 2000 +029: RELIABILITY FIX: Oct 9, 2000 All architectures
There is a non-exploitable buffer overflow in sendmail's test mode.
@@ -185,7 +183,7 @@ A source code patch exists which remedies this problem.
-028: SECURITY FIX: Oct 6, 2000 +028: SECURITY FIX: Oct 6, 2000 All architectures
There are printf-style format string bugs in several privileged programs.
@@ -193,7 +191,7 @@ A source code patch exists which remedies this problem.
-027: SECURITY FIX: Oct 6, 2000 +027: SECURITY FIX: Oct 6, 2000 All architectures
libcurses honored terminal descriptions in the $HOME/.terminfo directory as well as in the TERMCAP environment variable for setuid and setgid @@ -203,7 +201,7 @@ A source code patch exists which remedies this problem.
-026: SECURITY FIX: Oct 6, 2000 +026: SECURITY FIX: Oct 6, 2000 All architectures
A format string vulnerability exists in talkd(8). It is not clear yet what the impact is. @@ -212,7 +210,7 @@ A source code patch exists which remedies this problem.
-025: SECURITY FIX: Oct 3, 2000 +025: SECURITY FIX: Oct 3, 2000 All architectures
A format string vulnerability exists in the pw_error(3) function. This manifests itself as a security hole in the chpass utility. As a workaround @@ -224,14 +222,14 @@ A source code patch exists which remedies this problem.
-024: SECURITY FIX: Sep 18, 2000 +024: SECURITY FIX: Sep 18, 2000 All architectures
Bad ESP/AH packets could cause a crash under certain conditions.
A source code patch exists which remedies this problem.
-023: SECURITY FIX: Aug 16, 2000 +023: SECURITY FIX: Aug 16, 2000 All architectures
A format string vulnerability exists in xlock. As a workaround which disables its functionality, do @@ -242,10 +240,10 @@ A source code patch exists which remedies this problem.
-022: INSTALLATION FIX: July 14, 2000 +022: INSTALLATION FIX: July 14, 2000
The MacOS installer shipped with OpenBSD 2.7 does not correctly make all -devices, specifically it does not make the /dev/arandom device +devices, specifically it does not make the /dev/arandom device needed for the userland crypto such as ssh to work. The problem shows itself when ssh-keygen fails to make RSA or DSA keys, resulting in messages like RSA-generate_keys failed or DSA-generate_keys failed. @@ -261,7 +259,7 @@ reboot your machine and it will generate ssh keys correctly.
-021: SECURITY FIX: July 14, 2000 +021: SECURITY FIX: July 14, 2000 All architectures
Various problems in X11 libraries have various side effects. We provide a jumbo patch to fix them.
@@ -285,15 +283,15 @@
A source code patch exists which remedies this problem. -Note 1: tcl/tk is required to build X11 from source.
-Note 2: When re-building use the command -`make DESTDIR=/ build' or you will get an error in the last +Note 1: tcl/tk is required to build X11 from source.
+Note 2: When re-building use the command +'make DESTDIR=/ build' or you will get an error in the last step of the build (makewhatis). If you forget to set DESTDIR you can ignore the build error. The whatis database will be rebuilt the next time /etc/weekly runs.
-020: KERNEL BUG: July 10, 2000
+020: KERNEL BUG: July 10, 2000
As originally shipped, the pmax port would fail to install due to /kern/msgbuf bugs.
The necessary fixes have been merged, @@ -307,7 +305,7 @@ A source code patch exists which remedies this problem.
-019: SECURITY FIX: July 5, 2000 +019: SECURITY FIX: July 5, 2000 All architectures
Just like pretty much all the other unix ftp daemons on the planet, ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default. @@ -317,7 +315,7 @@ A source code patch exists which remedies this problem.
-018: SECURITY FIX: July 5, 2000 +018: SECURITY FIX: July 5, 2000 All architectures
Mopd contained a buffer overflow.
@@ -325,7 +323,7 @@ A source code patch exists which remedies this problem.
-017: INSTALLATION FIX: July 3, 2000 +017: INSTALLATION FIX: July 3, 2000 All architectures
The screen package shipped with 2.7 does not install itself properly. The existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to @@ -336,7 +334,7 @@ A source code patch exists which remedies this problem.
-016: DRIVER BUG: July 2, 2000
+016: DRIVER BUG: July 2, 2000
The xl(4) driver supporting various 3com cards, had a bug which prevented the multicast filter from working correctly on the 3c905B, thus preventing many IPv6 things @@ -346,7 +344,7 @@ A source code patch exists which remedies this problem.
-015: DRIVER BUG: June 30, 2000
+015: DRIVER BUG: June 30, 2000
The ste(4) driver supporting Ethernet cards based on the Sundance ST201 chipset (i.e., the D-Link 550TX) has a bug which causes the machine to panic at @@ -356,7 +354,7 @@ A source code patch exists which remedies this problem.
-014: DRIVER BUG: June 30, 2000
+014: DRIVER BUG: June 30, 2000
The PC console driver (PCVT) has two bugs. Display problems can result if reverse video mode is turned on or off twice in a row. This patch also fixes a problem with scrolling region handling that has been seen by many @@ -367,7 +365,7 @@ This is the second revision of the patch.
-013: SECURITY FIX: June 28, 2000 +013: SECURITY FIX: June 28, 2000 All architectures
libedit would check for a .editrc file in the current directory. That behaviour is not nice; this does not turn into a security problem in @@ -377,7 +375,7 @@ A source code patch exists which remedies this problem.
-012: SECURITY FIX: June 24, 2000 +012: SECURITY FIX: June 24, 2000 All architectures
A serious bug in dhclient(8) could allow strings from a malicious dhcp server to be executed in the shell as root. @@ -386,7 +384,7 @@ A source code patch exists which remedies this problem.
-011: DRIVER BUG: June 17, 2000
+011: DRIVER BUG: June 17, 2000
The an(4) Aironet Communications 4500/4800 IEEE 802.11DS driver has a bug which prevents ancontrol(8) from working correctly, instead causing a panic. @@ -395,7 +393,7 @@ A source code patch exists which remedies this problem.

-010: CD DISTRIBUTION ERROR: June 15, 2000
+010: CD DISTRIBUTION ERROR: June 15, 2000
On the 2.7 CD media, the amiga distribution contains two pairs of archives files for installation, ie:

@@ -418,7 +416,7 @@
 The FTP area sets do not suffer from this problem.
 
 

-009: SECURITY FIX: June 9, 2000
+009: SECURITY FIX: June 9, 2000
   All architectures

 A serious bug in isakmpd(8) policy handling wherein policy
 verification could be completely bypassed in isakmpd.
@@ -427,7 +425,7 @@
 A source code patch exists which remedies this problem.
 
 

-008: RELIABILITY FIX: June 8, 2000
+008: RELIABILITY FIX: June 8, 2000
   All architectures

 Some operations in msdosfs could result in a system panic.
 

@@ -435,7 +433,7 @@
 A source code patch exists which remedies this problem.
 
 

-007: RELIABILITY FIX: June 8, 2000
+007: RELIABILITY FIX: June 8, 2000
   All architectures

 NFS exporting of CD filesystems caused a system panic.
 

@@ -443,14 +441,14 @@
 A source code patch exists which remedies this problem.
 
 

-006: SECURITY FIX: June 6, 2000
+006: SECURITY FIX: June 6, 2000
   All architectures

 The non-default UseLogin feature in /etc/sshd_config is broken and should not
 be used.  On other operating systems, it results in a hole.

 Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
 
 

-005: RELIABILITY FIX: May 29, 2000
+005: RELIABILITY FIX: May 29, 2000
   All architectures

 Parse IPv4 options more carefully.  It is not yet clear if this can even be used
 to crash the machine remote or locally.
@@ -459,7 +457,7 @@
 A source code patch exists which remedies this problem.
 
 

-004: RELIABILITY FIX: May 29, 2000
+004: RELIABILITY FIX: May 29, 2000
   All architectures

 Certain routing table modifications by the superuser could cause a system panic.
 

@@ -467,7 +465,7 @@
 A source code patch exists which remedies this problem.
 
 

-003: SECURITY FIX: May 26, 2000
+003: SECURITY FIX: May 26, 2000
   All architectures

 It is possible to bypass the learning flag on an interface if frames
 go directly to the machine acting as a
@@ -477,7 +475,7 @@
 A source code patch exists which remedies this problem.
 
 

-002: DRIVER FIX: May 26, 2000
+002: DRIVER FIX: May 26, 2000
   All architectures

 The
 ef(4)
@@ -487,7 +485,7 @@
 A source code patch exists which remedies this problem.
 
 

-001: SECURITY FIX: May 25, 2000
+001: SECURITY FIX: May 25, 2000
   All architectures

 A misuse of ipf(8)
 keep-state rules can result in firewall rules being bypassed.

@@ -499,6 +497,3 @@

- - -