www/errata27.html - diff

Return to errata27.html CVS log

Up to [local] / www

Diff for /www/errata27.html between version 1.32 and 1.33

version 1.32, 2002/10/17 21:38:38

version 1.33, 2003/03/06 21:44:07

Line 1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<title>OpenBSD 2.7 errata</title>

Line 13

<h2>

<h2>

This is the OpenBSD 2.7 release errata & patch list:

</h2>

Line 36

<hr>

You can also fetch a tar.gz file containing all the following patches</a>.

This file is updated once a day.

Line 50

<dl>

<li><h3>All architectures</h3>

<li><h3>All architectures</h3>

<ul>

<li>040: SECURITY FIX: Mar 18, 2001

<li>040: SECURITY FIX: Mar 18, 2001

The readline library shipped with OpenBSD allows history files creation

with a permissive

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umask&sektion=2">umask(2)</a>.

This can lead to the leakage of sensitive information in applications

that use passwords and the like during user interaction (one such

application is mysql). Additionally, if the HOME environment variable

Line 66

">A source code patch exists which remedies the problem.</a>

<li>039: SECURITY FIX: Feb 22, 2001

<li>039: SECURITY FIX: Feb 22, 2001

There is an exploitable heap corruption bug in

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo</a>.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/038_named.patch">A source code patch exists which remedies the problem.</a>

<li>037: SECURITY FIX: Dec 4, 2000

<li>037: SECURITY FIX: Dec 4, 2000

OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.

A source code patch exists which remedies the problem.</a>

<li>035: SECURITY FIX: Nov 10, 2000

<li>035: SECURITY FIX: Nov 10, 2000

Hostile servers can force OpenSSH clients to do agent or X11 forwarding.

This problem is fixed as of OpenSSH 2.3.0.

A source code patch exists which remedies this problem.</a>

<li>033: RELIABILITY FIX: Nov 6, 2000

<li>033: RELIABILITY FIX: Nov 6, 2000

Invalid fields in the exec header could cause a crash.

A source code patch exists which remedies this problem.</a>

<li>032: SECURITY FIX: Oct 26, 2000

<li>032: SECURITY FIX: Oct 26, 2000

There are two possibly exploitable potential buffer overflows in the X11

libraries using the xtrans code. One of these vulnerabilities was

reported to the

<a href="http://www.securityfocus.com/archive/1/139436">BUGTRAQ</a>

mailing list.

A source code patch exists which remedies this problem.</a>

<li>031: SECURITY FIX: Oct 18, 2000

<li>031: SECURITY FIX: Oct 18, 2000

Apache has several bugs in <tt>mod_rewrite</tt> and <tt>mod_vhost_alias</tt>

that could cause arbitrary files accessible to the www user on the server

to be exposed under certain configurations when these modules are used.

(These modules are not active by default).

A source code patch exists which remedies this problem.</a>

<li>030: SECURITY FIX: Oct 10, 2000

<li>030: SECURITY FIX: Oct 10, 2000

The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH

and TERMCAP (when it starts with a '/') environment variables.

A source code patch exists which remedies this problem.</a>

<li>029: RELIABILITY FIX: Oct 9, 2000

<li>029: RELIABILITY FIX: Oct 9, 2000

There is a non-exploitable buffer overflow in sendmail's test mode.

A source code patch exists which remedies this problem.</a>

<li>028: SECURITY FIX: Oct 6, 2000

<li>028: SECURITY FIX: Oct 6, 2000

There are printf-style format string bugs in several privileged programs.

A source code patch exists which remedies this problem.</a>

<li>027: SECURITY FIX: Oct 6, 2000

<li>027: SECURITY FIX: Oct 6, 2000

libcurses honored terminal descriptions in the $HOME/.terminfo directory

as well as in the TERMCAP environment variable for setuid and setgid

applications.

A source code patch exists which remedies this problem.</a>

<li>026: SECURITY FIX: Oct 6, 2000

<li>026: SECURITY FIX: Oct 6, 2000

A format string vulnerability exists in talkd(8). It is not clear

yet what the impact is.

A source code patch exists which remedies this problem.</a>

<li>025: SECURITY FIX: Oct 3, 2000

<li>025: SECURITY FIX: Oct 3, 2000

A format string vulnerability exists in the pw_error(3) function. This

manifests itself as a security hole in the chpass utility. As a workaround

which disables its functionality, do

<pre>

# chmod u-s /usr/bin/chpass

</pre>

A source code patch exists which remedies this problem.</a>

<li>024: SECURITY FIX: Sep 18, 2000

<li>024: SECURITY FIX: Sep 18, 2000

Bad ESP/AH packets could cause a crash under certain conditions.

A source code patch exists which remedies this problem.</a>

<li>023: SECURITY FIX: Aug 16, 2000

<li>023: SECURITY FIX: Aug 16, 2000

A format string vulnerability exists in xlock. As a workaround which disables

its functionality, do

<pre>

# chmod u-s /usr/X11R6/bin/xlock

</pre>

A source code patch exists which remedies this problem.</a>

<li>021: SECURITY FIX: July 14, 2000

<li>021: SECURITY FIX: July 14, 2000

Various problems in X11 libraries have various side effects. We provide a

jumbo patch to fix them.

<ul>

Nasty X Server Dos</a>

This is fixed by the patch to xc/programs/Xsever/os/secauth.c.

Various nasty libX11 holes</a>

This is covered by the patches to xc/lib/X11.

libICE DoS</a>

This is covered by the patches to xc/lib/ICE.

Server overflow</a>

This is covered by the patches to xc/programs/Xserver/xkb.

Line 200

the XFree86 Xwrapper already has tests for bad arguments.

</ul>

A source code patch exists which remedies these problems.</a>

Note 1: tcl/tk is required to build X11 from source.

Note 2: When re-building use the command

Line 210

time /etc/weekly runs.

<li>019: SECURITY FIX: July 5, 2000

<li>019: SECURITY FIX: July 5, 2000

Just like pretty much all the other unix ftp daemons on the planet,

ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default.

The problem exists if anonymous ftp is enabled.

A source code patch exists which remedies this problem.</a>

<li>018: SECURITY FIX: July 5, 2000

<li>018: SECURITY FIX: July 5, 2000

Mopd contained a buffer overflow.

A source code patch exists which remedies this problem.</a>

<li>017: INSTALLATION FIX: July 3, 2000

<li>017: INSTALLATION FIX: July 3, 2000

The screen package shipped with 2.7 does not install itself properly. The

existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to

screen-3.9.5.tgz.old and a replacement package has been provided under the

name screen-3.9.5p1.tgz.

A source code patch exists which remedies this problem.</a>

<li>013: SECURITY FIX: June 28, 2000

<li>013: SECURITY FIX: June 28, 2000

libedit would check for a .editrc file in the current directory.

That behaviour is not nice; this does not turn into a security problem in

any real world situation that we know of, but a patch is available anyways.

A source code patch exists which remedies this problem.</a>

<li>012: SECURITY FIX: June 24, 2000

<li>012: SECURITY FIX: June 24, 2000

A serious bug in dhclient(8) could allow strings from a malicious dhcp

server to be executed in the shell as root.

A source code patch exists which remedies this problem.</a>

<li>009: SECURITY FIX: June 9, 2000

<li>009: SECURITY FIX: June 9, 2000

A serious bug in isakmpd(8) policy handling wherein policy

verification could be completely bypassed in isakmpd.

A source code patch exists which remedies this problem.</a>

<li>008: RELIABILITY FIX: June 8, 2000

<li>008: RELIABILITY FIX: June 8, 2000

Some operations in msdosfs could result in a system panic.

A source code patch exists which remedies this problem.</a>

<li>007: RELIABILITY FIX: June 8, 2000

<li>007: RELIABILITY FIX: June 8, 2000

NFS exporting of CD filesystems caused a system panic.

A source code patch exists which remedies this problem.</a>

<li>006: SECURITY FIX: June 6, 2000

<li>006: SECURITY FIX: June 6, 2000

The non-default UseLogin feature in /etc/sshd_config is broken and should not

be used. On other operating systems, it results in a hole.

Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.

<li>005: RELIABILITY FIX: May 29, 2000

<li>005: RELIABILITY FIX: May 29, 2000

Parse IPv4 options more carefully. It is not yet clear if this can even be used

to crash the machine remote or locally.

A source code patch exists which remedies this problem.</a>

<li>004: RELIABILITY FIX: May 29, 2000

<li>004: RELIABILITY FIX: May 29, 2000

Certain routing table modifications by the superuser could cause a system panic.

A source code patch exists which remedies this problem.</a>

<li>003: SECURITY FIX: May 26, 2000

<li>003: SECURITY FIX: May 26, 2000

It is possible to bypass the learning flag on an interface if frames

go directly to the machine acting as a

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge</a>.

A source code patch exists which remedies this problem.</a>

<li>002: DRIVER FIX: May 26, 2000

<li>002: DRIVER FIX: May 26, 2000

The

driver will complain when adding an address with ifconfig

(ifconfig: SIOCAIFADDR: Invalid argument).

A source code patch exists which remedies this problem.</a>

<li>001: SECURITY FIX: May 25, 2000

<li>001: SECURITY FIX: May 25, 2000

A misuse of ipf(8)

keep-state rules can result in firewall rules being bypassed.

A source code patch exists</a>, which remedies this problem, and updates ipf

to version 3.3.16.

</ul>

<ul>

<li>016: DRIVER BUG: July 2, 2000

<li>016: DRIVER BUG: July 2, 2000

The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>

driver supporting various 3com cards, had a bug which prevented the multicast

filter from working correctly on the 3c905B, thus preventing many IPv6 things

from working.

A source code patch exists which remedies this problem.</a>

<li>015: DRIVER BUG: June 30, 2000

<li>015: DRIVER BUG: June 30, 2000

The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ste&sektion=4">ste(4)</a>

driver supporting Ethernet cards based on the Sundance ST201 chipset

(i.e., the D-Link 550TX) has a bug which causes the machine to panic at

boot-time.

A source code patch exists which remedies this problem.</a>

<li>014: DRIVER BUG: June 30, 2000

<li>014: DRIVER BUG: June 30, 2000

The PC console driver (PCVT) has two bugs. Display problems can result if

reverse video mode is turned on or off twice in a row. This patch also

fixes a problem with scrolling region handling that has been seen by many

users trying to use the BitchX irc client with the screen program.

There is now a second revision of the source code patch which remedies this problem.</a>

<li>011: DRIVER BUG: June 17, 2000

<li>011: DRIVER BUG: June 17, 2000

The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=an&sektion=4">an(4)</a>

Aironet Communications 4500/4800 IEEE 802.11DS driver has a bug which prevents

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ancontrol&sektion=8">ancontrol(8)</a> from working correctly, instead causing a panic.

A source code patch exists which remedies this problem.</a>

</ul>

<ul>

<li>022: INSTALLATION FIX: July 14, 2000

<li>022: INSTALLATION FIX: July 14, 2000

The MacOS installer shipped with OpenBSD 2.7 does not correctly make all

devices, specifically it does not make the <tt>/dev/arandom</tt> device

Line 392

</ul>

<li><h3>sparc</h3>

<li><h3>sparc</h3>

<ul>

<li>036: RELIABILITY FIX: Nov 17, 2000

<li>036: RELIABILITY FIX: Nov 17, 2000

Configuring a qec+qe causes a NMI panic.

A source code patch exists which remedies this problem.</a>

<li>034: RELIABILITY FIX: Nov 10, 2000

<li>034: RELIABILITY FIX: Nov 10, 2000

When running a sparc with a serial console, certain types of interrupts would

cause great grief.

A source code patch exists which remedies this problem.</a>

</ul>

<li><h3>amiga</h3>

<li><h3>amiga</h3>

<ul>

<li>010: CD DISTRIBUTION ERROR: June 15, 2000

<li>010: CD DISTRIBUTION ERROR: June 15, 2000

On the 2.7 CD media, the amiga distribution contains two pairs of archives

files for installation, ie:

<pre>

Line 438

</ul>

<ul>

<li>020: KERNEL BUG: July 10, 2000

<li>020: KERNEL BUG: July 10, 2000

As originally shipped, the pmax port would fail to install due to

/kern/msgbuf bugs.

The necessary fixes have been merged,

Line 451

<a href=stable.html>stable release source tree</a> or apply the

provided patch to a 2.7 source tree.

A source code patch exists which remedies this problem.</a>

</ul>

<ul>

<li>No problems identified yet.

</ul>

<li><h3>alpha</h3>

<li><h3>alpha</h3>

<ul>

<li>No problems identified yet.

</ul>

<ul>

<li>No problems identified yet.

</ul>

<ul>

<li>No problems identified yet.

</ul>

<li><h3>powerpc</h3>

<li><h3>powerpc</h3>

<ul>

<li>No problems identified yet.

</ul>

Line 508

<hr>

<a href=mailto:www@openbsd.org>www@openbsd.org</a>

<a href="mailto:www@openbsd.org">www@openbsd.org</a>

$OpenBSD$

</body>