www/errata27.html - diff

Return to errata27.html CVS log

Up to [local] / www

Diff for /www/errata27.html between version 1.72 and 1.73

version 1.72, 2014/10/02 14:34:45

version 1.73, 2015/02/14 04:36:51

Line 81

<hr>

<ul>

040: SECURITY FIX: Mar 18, 2001

All architectures

The readline library shipped with OpenBSD allows history files creation

Line 95

A source code patch exists which remedies this problem.</a>

039: SECURITY FIX: Feb 22, 2001

All architectures

There is an exploitable heap corruption bug in

Line 104

A source code patch exists which remedies this problem.</a>

037: SECURITY FIX: Dec 4, 2000

All architectures

OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.

A source code patch exists which remedies this problem.</a>

036: RELIABILITY FIX: Nov 17, 2000

Configuring a qec+qe causes a NMI panic.

A source code patch exists which remedies this problem.</a>

035: SECURITY FIX: Nov 10, 2000

All architectures

Hostile servers can force OpenSSH clients to do agent or X11 forwarding.

Line 125

A source code patch exists which remedies this problem.</a>

034: RELIABILITY FIX: Nov 10, 2000

When running a sparc with a serial console, certain types of interrupts would

cause great grief.

A source code patch exists which remedies this problem.</a>

033: RELIABILITY FIX: Nov 6, 2000

All architectures

Invalid fields in the exec header could cause a crash.

A source code patch exists which remedies this problem.</a>

032: SECURITY FIX: Oct 26, 2000

All architectures

There are two possibly exploitable potential buffer overflows in the X11

Line 151

A source code patch exists which remedies this problem.</a>

031: SECURITY FIX: Oct 18, 2000

All architectures

Apache has several bugs in <tt>mod_rewrite</tt> and <tt>mod_vhost_alias</tt>

Line 162

A source code patch exists which remedies this problem.</a>

030: SECURITY FIX: Oct 10, 2000

All architectures

The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH

Line 171

A source code patch exists which remedies this problem.</a>

029: RELIABILITY FIX: Oct 9, 2000

All architectures

There is a non-exploitable buffer overflow in sendmail's test mode.

Line 179

A source code patch exists which remedies this problem.</a>

028: SECURITY FIX: Oct 6, 2000

All architectures

There are printf-style format string bugs in several privileged programs.

Line 187

A source code patch exists which remedies this problem.</a>

027: SECURITY FIX: Oct 6, 2000

All architectures

libcurses honored terminal descriptions in the $HOME/.terminfo directory

Line 197

A source code patch exists which remedies this problem.</a>

026: SECURITY FIX: Oct 6, 2000

All architectures

A format string vulnerability exists in talkd(8). It is not clear

Line 206

A source code patch exists which remedies this problem.</a>

025: SECURITY FIX: Oct 3, 2000

All architectures

A format string vulnerability exists in the pw_error(3) function. This

Line 218

A source code patch exists which remedies this problem.</a>

024: SECURITY FIX: Sep 18, 2000

All architectures

Bad ESP/AH packets could cause a crash under certain conditions.

A source code patch exists which remedies this problem.</a>

023: SECURITY FIX: Aug 16, 2000

All architectures

A format string vulnerability exists in xlock. As a workaround which disables

Line 236

A source code patch exists which remedies this problem.</a>

022: INSTALLATION FIX: July 14, 2000

The MacOS installer shipped with OpenBSD 2.7 does not correctly make all

Line 255

After doing this (and possibly installing one of the ssl27 packages),

reboot your machine and it will generate ssh keys correctly.

021: SECURITY FIX: July 14, 2000

All architectures

Various problems in X11 libraries have various side effects. We provide a

Line 287

ignore the build error. The whatis database will be rebuilt the next

time /etc/weekly runs.

020: KERNEL BUG: July 10, 2000

As originally shipped, the pmax port would fail to install due to

/kern/msgbuf bugs.

Line 301

A source code patch exists which remedies this problem.</a>

019: SECURITY FIX: July 5, 2000

All architectures

Just like pretty much all the other unix ftp daemons on the planet,

Line 311

A source code patch exists which remedies this problem.</a>

018: SECURITY FIX: July 5, 2000

All architectures

Mopd contained a buffer overflow.

Line 319

A source code patch exists which remedies this problem.</a>

017: INSTALLATION FIX: July 3, 2000

All architectures

The screen package shipped with 2.7 does not install itself properly. The

Line 330

A source code patch exists which remedies this problem.</a>

016: DRIVER BUG: July 2, 2000

The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>

driver supporting various 3com cards, had a bug which prevented the multicast

Line 340

A source code patch exists which remedies this problem.</a>

015: DRIVER BUG: June 30, 2000

The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ste&sektion=4">ste(4)</a>

driver supporting Ethernet cards based on the Sundance ST201 chipset

Line 350

A source code patch exists which remedies this problem.</a>

014: DRIVER BUG: June 30, 2000

The PC console driver (PCVT) has two bugs. Display problems can result if

reverse video mode is turned on or off twice in a row. This patch also

Line 361

A source code patch exists which remedies this problem.</a>

This is the second revision of the patch.

013: SECURITY FIX: June 28, 2000

All architectures

libedit would check for a .editrc file in the current directory.

Line 371

A source code patch exists which remedies this problem.</a>

012: SECURITY FIX: June 24, 2000

All architectures

A serious bug in dhclient(8) could allow strings from a malicious dhcp

Line 380

A source code patch exists which remedies this problem.</a>

011: DRIVER BUG: June 17, 2000

The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=an&sektion=4">an(4)</a>

Aironet Communications 4500/4800 IEEE 802.11DS driver has a bug which prevents

Line 389

A source code patch exists which remedies this problem.</a>

010: CD DISTRIBUTION ERROR: June 15, 2000

On the 2.7 CD media, the amiga distribution contains two pairs of archives

files for installation, ie:

Line 412

the *.tar.gz versions.

The FTP area sets do not suffer from this problem.

009: SECURITY FIX: June 9, 2000

All architectures

A serious bug in isakmpd(8) policy handling wherein policy

Line 421

A source code patch exists which remedies this problem.</a>

008: RELIABILITY FIX: June 8, 2000

All architectures

Some operations in msdosfs could result in a system panic.

Line 429

A source code patch exists which remedies this problem.</a>

007: RELIABILITY FIX: June 8, 2000

All architectures

NFS exporting of CD filesystems caused a system panic.

Line 437

A source code patch exists which remedies this problem.</a>

006: SECURITY FIX: June 6, 2000

All architectures

The non-default UseLogin feature in /etc/sshd_config is broken and should not

be used. On other operating systems, it results in a hole.

Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.

005: RELIABILITY FIX: May 29, 2000

All architectures

Parse IPv4 options more carefully. It is not yet clear if this can even be used

Line 453

A source code patch exists which remedies this problem.</a>

004: RELIABILITY FIX: May 29, 2000

All architectures

Certain routing table modifications by the superuser could cause a system panic.

Line 461

A source code patch exists which remedies this problem.</a>

003: SECURITY FIX: May 26, 2000

All architectures

It is possible to bypass the learning flag on an interface if frames

Line 471

A source code patch exists which remedies this problem.</a>

002: DRIVER FIX: May 26, 2000

All architectures

The

Line 481

A source code patch exists which remedies this problem.</a>

001: SECURITY FIX: May 25, 2000

All architectures

A misuse of ipf(8)