version 1.64, 2014/03/31 03:36:54 |
version 1.65, 2014/03/31 04:11:40 |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/023_ip_ah.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/023_ip_ah.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
<li><a name="userldt"></a> |
|
<font color="#009000"><strong>022: SECURITY FIX: Mar 2, 2001</strong></font><br> |
|
The <b>USER_LDT</b> kernel option allows an attacker to gain access to privileged areas of kernel memory. This option is not on by default. |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/022_userltd.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
<p> |
<li><a name="sudo"></a> |
<li><a name="sudo"></a> |
<font color="#009000"><strong>021: SECURITY FIX: Feb 22, 2001</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>021: SECURITY FIX: Feb 22, 2001</strong></font> <i>All architectures</i><br> |
There is an exploitable heap corruption bug in |
There is an exploitable heap corruption bug in |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/016_tl.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/016_tl.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
<li><a name="pms"></a> |
|
<font color="#009000"><strong>015: STABILITY FIX: Dec 22, 2000</strong></font><br> |
|
Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
<p> |
<li><a name="xlock"></a> |
<li><a name="xlock"></a> |
<font color="#009000"><strong>014: SECURITY FIX: Dec 22, 2000</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>014: SECURITY FIX: Dec 22, 2000</strong></font> <i>All architectures</i><br> |
Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.<br> |
Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.<br> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/013_procfs.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/013_procfs.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
<li><a name="imacdv"></a> |
|
<font color="#009000"><strong>012: INSTALL PROBLEM: Dec 14, 2000</strong></font><br> |
|
The IMac DV+ (and probably some other machines) incorrectly identify their video |
|
hardware, but it is possible to work around the problem.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/012_imacdv.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
<p> |
<li><a name="hwcrypto"></a> |
<li><a name="hwcrypto"></a> |
<font color="#009000"><strong>011: RELIABILITY FIX: Dec 13, 2000</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>011: RELIABILITY FIX: Dec 13, 2000</strong></font> <i>All architectures</i><br> |
The crypto subsystem could incorrectly fail to run certain software ciphers, |
The crypto subsystem could incorrectly fail to run certain software ciphers, |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/008_kerberos.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/008_kerberos.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="ftpd"></a> |
<li><a name="x_sun3"></a> |
<font color="#009000"><strong>005: SECURITY FIX: Dec 4, 2000</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br> |
OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.<br> |
The X packages |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a> |
A source code patch exists which remedies this problem.</a> |
and |
You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here. |
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xfont28.tgz">font28.tgz</a> |
|
were not on the CD, and only available via FTP install. These packages can be |
|
added post-install by using the following command: |
|
<pre> |
|
# cd /; tar xvfpz xshare28.tgz |
|
# cd /; tar xvfpz xfont28.tgz |
|
</pre> |
<p> |
<p> |
<li><a name="rijndael"></a> |
|
<font color="#009000"><strong>004: RELIABILITY FIX: Nov 17, 2000</strong></font> <i>All architectures</i><br> |
|
First off, AES (Rijndael) encryption and decryption were broken for IPsec |
|
and swap encryption.<br> |
|
Secondly, the AES code did not work properly on big endian machines.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
This is the second revision of the patch. |
|
<p> |
|
<li><a name="skey"></a> |
|
<font color="#009000"><strong>002: IMPLEMENTATION FIX: Nov 10, 2000</strong></font> <i>All architectures</i><br> |
|
In ssh(1), skey support for SSH1 protocol was broken. Some people might consider |
|
that kind of important.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
</ul> |
|
<p> |
|
<a name="i386"></a> |
|
<h3><font color="#e00000">i386</font></h3> |
|
<ul> |
|
<li><a name="userldt"></a> |
|
<font color="#009000"><strong>022: SECURITY FIX: Mar 2, 2001</strong></font><br> |
|
The <b>USER_LDT</b> kernel option allows an attacker to gain access to privileged areas of kernel memory. This option is not on by default. |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/022_userltd.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
<p> |
|
<li><a name="pms"></a> |
|
<font color="#009000"><strong>015: STABILITY FIX: Dec 22, 2000</strong></font><br> |
|
Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
<p> |
|
<li><a name="pcibios"></a> |
<li><a name="pcibios"></a> |
<font color="#009000"><strong>006: STABILITY FIX: Dec 4, 2000</strong></font><br> |
<font color="#009000"><strong>006: STABILITY FIX: Dec 4, 2000</strong></font><br> |
On some machines, a PCIBIOS device driver interrupt allocation bug can cause a |
On some machines, a PCIBIOS device driver interrupt allocation bug can cause a |
|
|
permanently. |
permanently. |
</ul> |
</ul> |
<p> |
<p> |
</ul> |
<li><a name="ftpd"></a> |
|
<font color="#009000"><strong>005: SECURITY FIX: Dec 4, 2000</strong></font> <i>All architectures</i><br> |
|
OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here. |
<p> |
<p> |
<a name="mac68k"></a> |
<li><a name="rijndael"></a> |
<h3><font color="#e00000">mac68k</font></h3> |
<font color="#009000"><strong>004: RELIABILITY FIX: Nov 17, 2000</strong></font> <i>All architectures</i><br> |
<ul> |
First off, AES (Rijndael) encryption and decryption were broken for IPsec |
<li><a name="x_mac68k"></a> |
and swap encryption.<br> |
<font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br> |
Secondly, the AES code did not work properly on big endian machines.<br> |
The X packages |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xshare28.tgz">share28.tgz</a> |
A source code patch exists which remedies this problem.</a> |
and |
This is the second revision of the patch. |
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xfont28.tgz">font28.tgz</a> |
|
were not on the CD, and only available via FTP install. These packages can be |
|
added post-install by using the following commands: |
|
<pre> |
|
# cd /; tar xvfpz xshare28.tgz |
|
# cd /; tar xvfpz xfont28.tgz |
|
</pre> |
|
</ul> |
|
<p> |
<p> |
<a name="sparc"></a> |
|
<h3><font color="#e00000">sparc</font></h3> |
|
<ul> |
|
<li><a name="x_sparc"></a> |
|
<font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br> |
|
The X packages |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xshare28.tgz">share28.tgz</a> |
|
and |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xfont28.tgz">font28.tgz</a> |
|
were not on the CD, and only available via FTP install. These packages can be |
|
added post-install by using the following commands: |
|
<pre> |
|
# cd /; tar xvfpz xshare28.tgz |
|
# cd /; tar xvfpz xfont28.tgz |
|
</pre> |
|
<p> |
|
<li><a name="qe"></a> |
<li><a name="qe"></a> |
<font color="#009000"><strong>003: RELIABILITY FIX: Nov 17, 2000</strong></font><br> |
<font color="#009000"><strong>003: RELIABILITY FIX: Nov 17, 2000</strong></font><br> |
Configuring a qec+qe causes a NMI panic.<br> |
Configuring a qec+qe causes a NMI panic.<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/003_qe.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/003_qe.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
<li><a name="skey"></a> |
|
<font color="#009000"><strong>002: IMPLEMENTATION FIX: Nov 10, 2000</strong></font> <i>All architectures</i><br> |
|
In ssh(1), skey support for SSH1 protocol was broken. Some people might consider |
|
that kind of important.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
<p> |
<li><a name="zsconsole"></a> |
<li><a name="zsconsole"></a> |
<font color="#009000"><strong>001: RELIABILITY FIX: Nov 10, 2000</strong></font><br> |
<font color="#009000"><strong>001: RELIABILITY FIX: Nov 10, 2000</strong></font><br> |
When running a sparc with a serial console, certain types of interrupts would |
When running a sparc with a serial console, certain types of interrupts would |
cause great grief.<br> |
cause great grief.<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/001_zsconsole.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/001_zsconsole.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
</ul> |
|
<p> |
<p> |
<a name="amiga"></a> |
|
<h3><font color="#e00000">amiga</font></h3> |
|
<ul> |
|
<li><a name="x_amiga"></a> |
|
<font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br> |
|
The X packages |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xshare28.tgz">share28.tgz</a> |
|
and |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xfont28.tgz">font28.tgz</a> |
|
were not on the CD, and only available via FTP install. These packages can be |
|
added post-install by using the following commands: |
|
<pre> |
|
# cd /; tar xvfpz xshare28.tgz |
|
# cd /; tar xvfpz xfont28.tgz |
|
</pre> |
|
</ul> |
</ul> |
<p> |
<p> |
<a name="hp300"></a> |
|
<h3><font color="#e00000">hp300</font></h3> |
|
<ul> |
|
<li><a name="x_hp300"></a> |
|
<font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br> |
|
The X packages |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xshare28.tgz">share28.tgz</a> |
|
and |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xfont28.tgz">font28.tgz</a> |
|
were not on the CD, and only available via FTP install. These packages can be |
|
added post-install by using the following commands: |
|
<pre> |
|
# cd /; tar xvfpz xshare28.tgz |
|
# cd /; tar xvfpz xfont28.tgz |
|
</pre> |
|
</ul> |
|
<p> |
|
<a name="mvme68k"></a> |
|
<h3><font color="#e00000">mvme68k</font></h3> |
|
<ul> |
|
<li><a name="x_mvme68k"></a> |
|
<font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br> |
|
The X packages |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xshare28.tgz">share28.tgz</a> |
|
and |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xfont28.tgz">font28.tgz</a> |
|
were not on the CD, and only available via FTP install. These packages can be |
|
added post-install by using the following command: |
|
<pre> |
|
# cd /; tar xvfpz xshare28.tgz |
|
# cd /; tar xvfpz xfont28.tgz |
|
</pre> |
|
</ul> |
|
<p> |
|
<a name="powerpc"></a> |
|
<h3><font color="#e00000">powerpc</font></h3> |
|
<ul> |
|
<li><a name="imacdv"></a> |
|
<font color="#009000"><strong>012: INSTALL PROBLEM: Dec 14, 2000</strong></font><br> |
|
The IMac DV+ (and probably some other machines) incorrectly identify their video |
|
hardware, but it is possible to work around the problem.<br> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/012_imacdv.patch"> |
|
A source code patch exists which remedies this problem.</a> |
|
</ul> |
|
<p> |
|
<a name="sun3"></a> |
|
<h3><font color="#e00000">sun3</font></h3> |
|
<ul> |
|
<li><a name="x_sun3"></a> |
|
<font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br> |
|
The X packages |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a> |
|
and |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xfont28.tgz">font28.tgz</a> |
|
were not on the CD, and only available via FTP install. These packages can be |
|
added post-install by using the following command: |
|
<pre> |
|
# cd /; tar xvfpz xshare28.tgz |
|
# cd /; tar xvfpz xfont28.tgz |
|
</pre> |
|
<p> |
|
</ul> |
|
|
|
</ul> |
</ul> |
|
|