+
+
+004: RELIABILITY FIX: May 29, 2000
+ All architectures
+Certain routing table modifications by the superuser could cause a system panic.
+
+
A source code patch exists which remedies this problem.
-
-035: SECURITY FIX: Nov 10, 2000
+
+
+005: RELIABILITY FIX: May 29, 2000
All architectures
-Hostile servers can force OpenSSH clients to do agent or X11 forwarding.
-This problem is fixed as of OpenSSH 2.3.0.
-
+Parse IPv4 options more carefully. It is not yet clear if this can even be used
+to crash the machine remote or locally.
+
+
A source code patch exists which remedies this problem.
-
-034: RELIABILITY FIX: Nov 10, 2000
-When running a sparc with a serial console, certain types of interrupts would
-cause great grief.
-
-A source code patch exists which remedies this problem.
+
+
+006: SECURITY FIX: June 6, 2000
+ All architectures
+The non-default UseLogin feature in /etc/sshd_config is broken and should not
+be used. On other operating systems, it results in a hole.
+Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
-
-033: RELIABILITY FIX: Nov 6, 2000
+
+
+007: RELIABILITY FIX: June 8, 2000
All architectures
-Invalid fields in the exec header could cause a crash.
-
+NFS exporting of CD filesystems caused a system panic.
+
+
A source code patch exists which remedies this problem.
-
-032: SECURITY FIX: Oct 26, 2000
+
+
+008: RELIABILITY FIX: June 8, 2000
All architectures
-There are two possibly exploitable potential buffer overflows in the X11
-libraries using the xtrans code. One of these vulnerabilities was
-reported to the
-BUGTRAQ
-mailing list.
+Some operations in msdosfs could result in a system panic.
-
+
A source code patch exists which remedies this problem.
-
-031: SECURITY FIX: Oct 18, 2000
+
+
+009: SECURITY FIX: June 9, 2000
All architectures
-Apache has several bugs in mod_rewrite
and mod_vhost_alias
-that could cause arbitrary files accessible to the www user on the server
-to be exposed under certain configurations when these modules are used.
-(These modules are not active by default).
+A serious bug in isakmpd(8) policy handling wherein policy
+verification could be completely bypassed in isakmpd.
-
+
A source code patch exists which remedies this problem.
-
-030: SECURITY FIX: Oct 10, 2000
- All architectures
-The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH
-and TERMCAP (when it starts with a '/') environment variables.
+
+
+010: CD DISTRIBUTION ERROR: June 15, 2000
+On the 2.7 CD media, the amiga distribution contains two pairs of archives
+files for installation, ie:
+
+-rw-r--r-- 1 root mirftp 20191465 Apr 29 14:27 base27.tar.gz
+-rw-r--r-- 1 root mirftp 20291753 May 13 19:33 base27.tgz
+-rw-r--r-- 1 root mirftp 13699507 Apr 29 14:26 comp27.tar.gz
+-rw-r--r-- 1 root mirftp 13748096 May 13 19:33 comp27.tgz
+-rw-r--r-- 1 root mirftp 1005376 Apr 29 14:26 etc27.tar.gz
+-rw-r--r-- 1 root mirftp 1010772 May 13 19:33 etc27.tgz
+-rw-r--r-- 1 root mirftp 2755567 Apr 29 14:26 game27.tar.gz
+-rw-r--r-- 1 root mirftp 2755624 May 13 19:33 game27.tgz
+-rw-r--r-- 1 root mirftp 5002872 Apr 29 14:26 man27.tar.gz
+-rw-r--r-- 1 root mirftp 5038896 May 13 19:33 man27.tgz
+-rw-r--r-- 1 root mirftp 1684356 Apr 29 14:26 misc27.tar.gz
+-rw-r--r-- 1 root mirftp 1684381 May 13 19:33 misc27.tgz
+
+The installation script will list ALL of these files. For proper
+operation one should install the *.tgz versions, and deselect
+the *.tar.gz versions.
+The FTP area sets do not suffer from this problem.
+
+
+
+011: DRIVER BUG: June 17, 2000
+The an(4)
+Aironet Communications 4500/4800 IEEE 802.11DS driver has a bug which prevents
+ancontrol(8) from working correctly, instead causing a panic.
-
+
A source code patch exists which remedies this problem.
-
-029: RELIABILITY FIX: Oct 9, 2000
+
+
+012: SECURITY FIX: June 24, 2000
All architectures
-There is a non-exploitable buffer overflow in sendmail's test mode.
+A serious bug in dhclient(8) could allow strings from a malicious dhcp
+server to be executed in the shell as root.
-
+
A source code patch exists which remedies this problem.
-
-028: SECURITY FIX: Oct 6, 2000
+
+
+013: SECURITY FIX: June 28, 2000
All architectures
-There are printf-style format string bugs in several privileged programs.
+libedit would check for a .editrc file in the current directory.
+That behaviour is not nice; this does not turn into a security problem in
+any real world situation that we know of, but a patch is available anyways.
-
+
A source code patch exists which remedies this problem.
-
-027: SECURITY FIX: Oct 6, 2000
- All architectures
-libcurses honored terminal descriptions in the $HOME/.terminfo directory
-as well as in the TERMCAP environment variable for setuid and setgid
-applications.
+
+
+014: DRIVER BUG: June 30, 2000
+The PC console driver (PCVT) has two bugs. Display problems can result if
+reverse video mode is turned on or off twice in a row. This patch also
+fixes a problem with scrolling region handling that has been seen by many
+users trying to use the BitchX irc client with the screen program.
-
+
A source code patch exists which remedies this problem.
+This is the second revision of the patch.
-
-026: SECURITY FIX: Oct 6, 2000
- All architectures
-A format string vulnerability exists in talkd(8). It is not clear
-yet what the impact is.
+
+
+015: DRIVER BUG: June 30, 2000
+The ste(4)
+driver supporting Ethernet cards based on the Sundance ST201 chipset
+(i.e., the D-Link 550TX) has a bug which causes the machine to panic at
+boot-time.
-
+
A source code patch exists which remedies this problem.
-
-025: SECURITY FIX: Oct 3, 2000
+
+
+016: DRIVER BUG: July 2, 2000
+The xl(4)
+driver supporting various 3com cards, had a bug which prevented the multicast
+filter from working correctly on the 3c905B, thus preventing many IPv6 things
+from working.
+
+
+A source code patch exists which remedies this problem.
+
+
+
+017: INSTALLATION FIX: July 3, 2000
All architectures
-A format string vulnerability exists in the pw_error(3) function. This
-manifests itself as a security hole in the chpass utility. As a workaround
-which disables its functionality, do
-
-# chmod u-s /usr/bin/chpass
-
-
+The screen package shipped with 2.7 does not install itself properly. The
+existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to
+screen-3.9.5.tgz.old and a replacement package has been provided under the
+name screen-3.9.5p1.tgz.
+
+
A source code patch exists which remedies this problem.
-
-024: SECURITY FIX: Sep 18, 2000
+
+
+018: SECURITY FIX: July 5, 2000
All architectures
-Bad ESP/AH packets could cause a crash under certain conditions.
-
+Mopd contained a buffer overflow.
+
+
A source code patch exists which remedies this problem.
-
-023: SECURITY FIX: Aug 16, 2000
+
+
+019: SECURITY FIX: July 5, 2000
All architectures
-A format string vulnerability exists in xlock. As a workaround which disables
-its functionality, do
-
-# chmod u-s /usr/X11R6/bin/xlock
-
-
+Just like pretty much all the other unix ftp daemons on the planet,
+ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default.
+The problem exists if anonymous ftp is enabled.
+
+
A source code patch exists which remedies this problem.
-
-022: INSTALLATION FIX: July 14, 2000
+
+
+020: KERNEL BUG: July 10, 2000
+As originally shipped, the pmax port would fail to install due to
+/kern/msgbuf bugs.
+The necessary fixes have been merged,
+and the binaries needed re-released on the FTP site.
+However, the 2.7 srcsys.tar.gz file has not been updated.
+If you recompile a kernel, you should use either the
+stable release source tree or apply the
+provided patch to a 2.7 source tree.
-The MacOS installer shipped with OpenBSD 2.7 does not correctly make all
-devices, specifically it does not make the /dev/arandom
device
-needed for the userland crypto such as ssh to work. The problem shows itself
-when ssh-keygen fails to make RSA or DSA keys, resulting in messages like
-RSA-generate_keys failed or DSA-generate_keys failed.
-
-To work around this, once your machine is up and running run the following
-commands as root:
-
-# cd /dev
-# ./MAKEDEV arandom
-
+
+A source code patch exists which remedies this problem.
-After doing this (and possibly installing one of the ssl27 packages),
-reboot your machine and it will generate ssh keys correctly.
-
+
021: SECURITY FIX: July 14, 2000
All architectures
@@ -290,208 +340,197 @@
ignore the build error. The whatis database will be rebuilt the next
time /etc/weekly runs.
-
-020: KERNEL BUG: July 10, 2000
-As originally shipped, the pmax port would fail to install due to
-/kern/msgbuf bugs.
-The necessary fixes have been merged,
-and the binaries needed re-released on the FTP site.
-However, the 2.7 srcsys.tar.gz file has not been updated.
-If you recompile a kernel, you should use either the
-stable release source tree or apply the
-provided patch to a 2.7 source tree.
+
+
+022: INSTALLATION FIX: July 14, 2000
-
-A source code patch exists which remedies this problem.
+The MacOS installer shipped with OpenBSD 2.7 does not correctly make all
+devices, specifically it does not make the /dev/arandom
device
+needed for the userland crypto such as ssh to work. The problem shows itself
+when ssh-keygen fails to make RSA or DSA keys, resulting in messages like
+RSA-generate_keys failed or DSA-generate_keys failed.
+
+To work around this, once your machine is up and running run the following
+commands as root:
+
+# cd /dev
+# ./MAKEDEV arandom
+
-
-019: SECURITY FIX: July 5, 2000
+After doing this (and possibly installing one of the ssl27 packages),
+reboot your machine and it will generate ssh keys correctly.
+
+
+
+023: SECURITY FIX: Aug 16, 2000
All architectures
-Just like pretty much all the other unix ftp daemons on the planet,
-ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default.
-The problem exists if anonymous ftp is enabled.
-
-
+A format string vulnerability exists in xlock. As a workaround which disables
+its functionality, do
+
+# chmod u-s /usr/X11R6/bin/xlock
+
+
A source code patch exists which remedies this problem.
-
-018: SECURITY FIX: July 5, 2000
+
+
+024: SECURITY FIX: Sep 18, 2000
All architectures
-Mopd contained a buffer overflow.
-
-
+Bad ESP/AH packets could cause a crash under certain conditions.
+
A source code patch exists which remedies this problem.
-
-017: INSTALLATION FIX: July 3, 2000
+
+
+025: SECURITY FIX: Oct 3, 2000
All architectures
-The screen package shipped with 2.7 does not install itself properly. The
-existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to
-screen-3.9.5.tgz.old and a replacement package has been provided under the
-name screen-3.9.5p1.tgz.
-
-
+A format string vulnerability exists in the pw_error(3) function. This
+manifests itself as a security hole in the chpass utility. As a workaround
+which disables its functionality, do
+
+# chmod u-s /usr/bin/chpass
+
+
A source code patch exists which remedies this problem.
-
-016: DRIVER BUG: July 2, 2000
-The xl(4)
-driver supporting various 3com cards, had a bug which prevented the multicast
-filter from working correctly on the 3c905B, thus preventing many IPv6 things
-from working.
+
+
+026: SECURITY FIX: Oct 6, 2000
+ All architectures
+A format string vulnerability exists in talkd(8). It is not clear
+yet what the impact is.
-
+
A source code patch exists which remedies this problem.
-
-015: DRIVER BUG: June 30, 2000
-The ste(4)
-driver supporting Ethernet cards based on the Sundance ST201 chipset
-(i.e., the D-Link 550TX) has a bug which causes the machine to panic at
-boot-time.
+
+
+027: SECURITY FIX: Oct 6, 2000
+ All architectures
+libcurses honored terminal descriptions in the $HOME/.terminfo directory
+as well as in the TERMCAP environment variable for setuid and setgid
+applications.
-
+
A source code patch exists which remedies this problem.
-
-014: DRIVER BUG: June 30, 2000
-The PC console driver (PCVT) has two bugs. Display problems can result if
-reverse video mode is turned on or off twice in a row. This patch also
-fixes a problem with scrolling region handling that has been seen by many
-users trying to use the BitchX irc client with the screen program.
+
+
+028: SECURITY FIX: Oct 6, 2000
+ All architectures
+There are printf-style format string bugs in several privileged programs.
-
+
A source code patch exists which remedies this problem.
-This is the second revision of the patch.
-
-013: SECURITY FIX: June 28, 2000
+
+
+029: RELIABILITY FIX: Oct 9, 2000
All architectures
-libedit would check for a .editrc file in the current directory.
-That behaviour is not nice; this does not turn into a security problem in
-any real world situation that we know of, but a patch is available anyways.
+There is a non-exploitable buffer overflow in sendmail's test mode.
-
+
A source code patch exists which remedies this problem.
-
-012: SECURITY FIX: June 24, 2000
+
+
+030: SECURITY FIX: Oct 10, 2000
All architectures
-A serious bug in dhclient(8) could allow strings from a malicious dhcp
-server to be executed in the shell as root.
+The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH
+and TERMCAP (when it starts with a '/') environment variables.
-
+
A source code patch exists which remedies this problem.
-
-011: DRIVER BUG: June 17, 2000
-The an(4)
-Aironet Communications 4500/4800 IEEE 802.11DS driver has a bug which prevents
-ancontrol(8) from working correctly, instead causing a panic.
+
+
+031: SECURITY FIX: Oct 18, 2000
+ All architectures
+Apache has several bugs in mod_rewrite
and mod_vhost_alias
+that could cause arbitrary files accessible to the www user on the server
+to be exposed under certain configurations when these modules are used.
+(These modules are not active by default).
-
+
A source code patch exists which remedies this problem.
-
-010: CD DISTRIBUTION ERROR: June 15, 2000
-On the 2.7 CD media, the amiga distribution contains two pairs of archives
-files for installation, ie:
-
--rw-r--r-- 1 root mirftp 20191465 Apr 29 14:27 base27.tar.gz
--rw-r--r-- 1 root mirftp 20291753 May 13 19:33 base27.tgz
--rw-r--r-- 1 root mirftp 13699507 Apr 29 14:26 comp27.tar.gz
--rw-r--r-- 1 root mirftp 13748096 May 13 19:33 comp27.tgz
--rw-r--r-- 1 root mirftp 1005376 Apr 29 14:26 etc27.tar.gz
--rw-r--r-- 1 root mirftp 1010772 May 13 19:33 etc27.tgz
--rw-r--r-- 1 root mirftp 2755567 Apr 29 14:26 game27.tar.gz
--rw-r--r-- 1 root mirftp 2755624 May 13 19:33 game27.tgz
--rw-r--r-- 1 root mirftp 5002872 Apr 29 14:26 man27.tar.gz
--rw-r--r-- 1 root mirftp 5038896 May 13 19:33 man27.tgz
--rw-r--r-- 1 root mirftp 1684356 Apr 29 14:26 misc27.tar.gz
--rw-r--r-- 1 root mirftp 1684381 May 13 19:33 misc27.tgz
-
-The installation script will list ALL of these files. For proper
-operation one should install the *.tgz versions, and deselect
-the *.tar.gz versions.
-The FTP area sets do not suffer from this problem.
-
-
-009: SECURITY FIX: June 9, 2000
+
+
+032: SECURITY FIX: Oct 26, 2000
All architectures
-A serious bug in isakmpd(8) policy handling wherein policy
-verification could be completely bypassed in isakmpd.
+There are two possibly exploitable potential buffer overflows in the X11
+libraries using the xtrans code. One of these vulnerabilities was
+reported to the
+BUGTRAQ
+mailing list.
-
+
A source code patch exists which remedies this problem.
-
-008: RELIABILITY FIX: June 8, 2000
+
+
+033: RELIABILITY FIX: Nov 6, 2000
All architectures
-Some operations in msdosfs could result in a system panic.
-
-
+Invalid fields in the exec header could cause a crash.
+
A source code patch exists which remedies this problem.
-
-007: RELIABILITY FIX: June 8, 2000
- All architectures
-NFS exporting of CD filesystems caused a system panic.
-
-
+
+
+034: RELIABILITY FIX: Nov 10, 2000
+When running a sparc with a serial console, certain types of interrupts would
+cause great grief.
+
A source code patch exists which remedies this problem.
-
-006: SECURITY FIX: June 6, 2000
+
+
+035: SECURITY FIX: Nov 10, 2000
All architectures
-The non-default UseLogin feature in /etc/sshd_config is broken and should not
-be used. On other operating systems, it results in a hole.
-Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
+Hostile servers can force OpenSSH clients to do agent or X11 forwarding.
+This problem is fixed as of OpenSSH 2.3.0.
+
+A source code patch exists which remedies this problem.
-
-005: RELIABILITY FIX: May 29, 2000
- All architectures
-Parse IPv4 options more carefully. It is not yet clear if this can even be used
-to crash the machine remote or locally.
-
-
+
+
+036: RELIABILITY FIX: Nov 17, 2000
+Configuring a qec+qe causes a NMI panic.
+
A source code patch exists which remedies this problem.
-
-004: RELIABILITY FIX: May 29, 2000
+
+
+037: SECURITY FIX: Dec 4, 2000
All architectures
-Certain routing table modifications by the superuser could cause a system panic.
-
-
+OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.
+
A source code patch exists which remedies this problem.
-
-003: SECURITY FIX: May 26, 2000
+
+
+039: SECURITY FIX: Feb 22, 2001
All architectures
-It is possible to bypass the learning flag on an interface if frames
-go directly to the machine acting as a
-bridge.
+There is an exploitable heap corruption bug in
+sudo.
-
+
A source code patch exists which remedies this problem.
-
-002: DRIVER FIX: May 26, 2000
+
+
+040: SECURITY FIX: Mar 18, 2001
All architectures
-The
-ef(4)
-driver will complain when adding an address with ifconfig
-(ifconfig: SIOCAIFADDR: Invalid argument).
-
+The readline library shipped with OpenBSD allows history files creation
+with a permissive
+umask(2).
+This can lead to the leakage of sensitive information in applications
+that use passwords and the like during user interaction (one such
+application is mysql). Additionally, if the HOME environment variable
+is not set, the current working directory is used; this patch disables
+the history file if HOME is not set.
+
A source code patch exists which remedies this problem.
-
-
-001: SECURITY FIX: May 25, 2000
- All architectures
-A misuse of ipf(8)
-keep-state rules can result in firewall rules being bypassed.
-
-A source code patch exists which remedies this problem.
-It updates ipf to version 3.3.16.