===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata28.html,v
retrieving revision 1.64
retrieving revision 1.65
diff -c -r1.64 -r1.65
*** www/errata28.html	2014/03/31 03:36:54	1.64
--- www/errata28.html	2014/03/31 04:11:40	1.65
***************
*** 175,180 ****
--- 175,186 ----
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/023_ip_ah.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
+ <li><a name="userldt"></a>
+ <font color="#009000"><strong>022: SECURITY FIX: Mar 2, 2001</strong></font><br>
+ The <b>USER_LDT</b> kernel option allows an attacker to gain access to privileged areas of kernel memory. This option is not on by default.
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/022_userltd.patch">
+ A source code patch exists which remedies this problem.</a>
+ <p>
  <li><a name="sudo"></a>
  <font color="#009000"><strong>021: SECURITY FIX: Feb 22, 2001</strong></font> &nbsp; <i>All architectures</i><br>
  There is an exploitable heap corruption bug in
***************
*** 215,220 ****
--- 221,232 ----
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/016_tl.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
+ <li><a name="pms"></a>
+ <font color="#009000"><strong>015: STABILITY FIX: Dec 22, 2000</strong></font><br>
+ Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.<br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch">
+ A source code patch exists which remedies this problem.</a>
+ <p>
  <li><a name="xlock"></a>
  <font color="#009000"><strong>014: SECURITY FIX: Dec 22, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.<br>
***************
*** 240,245 ****
--- 252,264 ----
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/013_procfs.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
+ <li><a name="imacdv"></a>
+ <font color="#009000"><strong>012: INSTALL PROBLEM: Dec 14, 2000</strong></font><br>
+ The IMac DV+ (and probably some other machines) incorrectly identify their video
+ hardware, but it is possible to work around the problem.<br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/012_imacdv.patch">
+ A source code patch exists which remedies this problem.</a>
+ <p>
  <li><a name="hwcrypto"></a>
  <font color="#009000"><strong>011: RELIABILITY FIX: Dec 13, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  The crypto subsystem could incorrectly fail to run certain software ciphers,
***************
*** 274,318 ****
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/008_kerberos.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! <li><a name="ftpd"></a>
! <font color="#009000"><strong>005: SECURITY FIX: Dec 4, 2000</strong></font> &nbsp; <i>All architectures</i><br>
! OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.<br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch">
! A source code patch exists which remedies this problem.</a>
! You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here.
  <p>
- <li><a name="rijndael"></a>
- <font color="#009000"><strong>004: RELIABILITY FIX: Nov 17, 2000</strong></font> &nbsp; <i>All architectures</i><br>
- First off, AES (Rijndael) encryption and decryption were broken for IPsec
- and swap encryption.<br>
- Secondly, the AES code did not work properly on big endian machines.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch">
- A source code patch exists which remedies this problem.</a>
- This is the second revision of the patch.
- <p>
- <li><a name="skey"></a>
- <font color="#009000"><strong>002: IMPLEMENTATION FIX: Nov 10, 2000</strong></font> &nbsp; <i>All architectures</i><br>
- In ssh(1), skey support for SSH1 protocol was broken.  Some people might consider
- that kind of important.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patch">
- A source code patch exists which remedies this problem.</a>
- </ul>
- <p>
- <a name="i386"></a>
- <h3><font color="#e00000">i386</font></h3>
- <ul>
- <li><a name="userldt"></a>
- <font color="#009000"><strong>022: SECURITY FIX: Mar 2, 2001</strong></font><br>
- The <b>USER_LDT</b> kernel option allows an attacker to gain access to privileged areas of kernel memory. This option is not on by default.
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/022_userltd.patch">
- A source code patch exists which remedies this problem.</a>
- <p>
- <li><a name="pms"></a>
- <font color="#009000"><strong>015: STABILITY FIX: Dec 22, 2000</strong></font><br>
- Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch">
- A source code patch exists which remedies this problem.</a>
- <p>
  <li><a name="pcibios"></a>
  <font color="#009000"><strong>006: STABILITY FIX: Dec 4, 2000</strong></font><br>
  On some machines, a PCIBIOS device driver interrupt allocation bug can cause a
--- 293,311 ----
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/008_kerberos.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
! <li><a name="x_sun3"></a>
! <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
! The X packages
! <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>
! and
! <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xfont28.tgz">font28.tgz</a>
! were not on the CD, and only available via FTP install.  These packages can be
! added post-install by using the following command:
! <pre>
!     # cd /; tar xvfpz xshare28.tgz
!     # cd /; tar xvfpz xfont28.tgz
! </pre>
  <p>
  <li><a name="pcibios"></a>
  <font color="#009000"><strong>006: STABILITY FIX: Dec 4, 2000</strong></font><br>
  On some machines, a PCIBIOS device driver interrupt allocation bug can cause a
***************
*** 330,463 ****
      permanently.
      </ul>
  <p>
! </ul>
  <p>
! <a name="mac68k"></a>
! <h3><font color="#e00000">mac68k</font></h3>
! <ul>
! <li><a name="x_mac68k"></a>
! <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
! The X packages
! <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xshare28.tgz">share28.tgz</a>
! and
! <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xfont28.tgz">font28.tgz</a>
! were not on the CD, and only available via FTP install.  These packages can be
! added post-install by using the following commands:
! <pre>
!     # cd /; tar xvfpz xshare28.tgz
!     # cd /; tar xvfpz xfont28.tgz
! </pre>
! </ul>
  <p>
- <a name="sparc"></a>
- <h3><font color="#e00000">sparc</font></h3>
- <ul>
- <li><a name="x_sparc"></a>
- <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
- The X packages
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xshare28.tgz">share28.tgz</a>
- and
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xfont28.tgz">font28.tgz</a>
- were not on the CD, and only available via FTP install.  These packages can be
- added post-install by using the following commands:
- <pre>
-     # cd /; tar xvfpz xshare28.tgz
-     # cd /; tar xvfpz xfont28.tgz
- </pre>
- <p>
  <li><a name="qe"></a>
  <font color="#009000"><strong>003: RELIABILITY FIX: Nov 17, 2000</strong></font><br>
  Configuring a qec+qe causes a NMI panic.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/003_qe.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="zsconsole"></a>
  <font color="#009000"><strong>001: RELIABILITY FIX: Nov 10, 2000</strong></font><br>
  When running a sparc with a serial console, certain types of interrupts would
  cause great grief.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/001_zsconsole.patch">
  A source code patch exists which remedies this problem.</a>
- </ul>
  <p>
- <a name="amiga"></a>
- <h3><font color="#e00000">amiga</font></h3>
- <ul>
- <li><a name="x_amiga"></a>
- <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
- The X packages
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xshare28.tgz">share28.tgz</a>
- and
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xfont28.tgz">font28.tgz</a>
- were not on the CD, and only available via FTP install.  These packages can be
- added post-install by using the following commands:
- <pre>
-     # cd /; tar xvfpz xshare28.tgz
-     # cd /; tar xvfpz xfont28.tgz
- </pre>
  </ul>
  <p>
- <a name="hp300"></a>
- <h3><font color="#e00000">hp300</font></h3>
- <ul>
- <li><a name="x_hp300"></a>
- <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
- The X packages
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xshare28.tgz">share28.tgz</a>
- and
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xfont28.tgz">font28.tgz</a>
- were not on the CD, and only available via FTP install.  These packages can be
- added post-install by using the following commands:
- <pre>
-     # cd /; tar xvfpz xshare28.tgz
-     # cd /; tar xvfpz xfont28.tgz
- </pre>
- </ul>
- <p>
- <a name="mvme68k"></a>
- <h3><font color="#e00000">mvme68k</font></h3>
- <ul>
- <li><a name="x_mvme68k"></a>
- <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
- The X packages
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xshare28.tgz">share28.tgz</a>
- and
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xfont28.tgz">font28.tgz</a>
- were not on the CD, and only available via FTP install.  These packages can be
- added post-install by using the following command:
- <pre>
-     # cd /; tar xvfpz xshare28.tgz
-     # cd /; tar xvfpz xfont28.tgz
- </pre>
- </ul>
- <p>
- <a name="powerpc"></a>
- <h3><font color="#e00000">powerpc</font></h3>
- <ul>
- <li><a name="imacdv"></a>
- <font color="#009000"><strong>012: INSTALL PROBLEM: Dec 14, 2000</strong></font><br>
- The IMac DV+ (and probably some other machines) incorrectly identify their video
- hardware, but it is possible to work around the problem.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/012_imacdv.patch">
- A source code patch exists which remedies this problem.</a>
- </ul>
- <p>
- <a name="sun3"></a>
- <h3><font color="#e00000">sun3</font></h3>
- <ul>
- <li><a name="x_sun3"></a>
- <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
- The X packages
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>
- and
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xfont28.tgz">font28.tgz</a>
- were not on the CD, and only available via FTP install.  These packages can be
- added post-install by using the following command:
- <pre>
-     # cd /; tar xvfpz xshare28.tgz
-     # cd /; tar xvfpz xfont28.tgz
- </pre>
- <p>
- </ul>
  
  </ul>
  
--- 323,366 ----
      permanently.
      </ul>
  <p>
! <li><a name="ftpd"></a>
! <font color="#009000"><strong>005: SECURITY FIX: Dec 4, 2000</strong></font> &nbsp; <i>All architectures</i><br>
! OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.<br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch">
! A source code patch exists which remedies this problem.</a>
! You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here.
  <p>
! <li><a name="rijndael"></a>
! <font color="#009000"><strong>004: RELIABILITY FIX: Nov 17, 2000</strong></font> &nbsp; <i>All architectures</i><br>
! First off, AES (Rijndael) encryption and decryption were broken for IPsec
! and swap encryption.<br>
! Secondly, the AES code did not work properly on big endian machines.<br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch">
! A source code patch exists which remedies this problem.</a>
! This is the second revision of the patch.
  <p>
  <li><a name="qe"></a>
  <font color="#009000"><strong>003: RELIABILITY FIX: Nov 17, 2000</strong></font><br>
  Configuring a qec+qe causes a NMI panic.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/003_qe.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
+ <li><a name="skey"></a>
+ <font color="#009000"><strong>002: IMPLEMENTATION FIX: Nov 10, 2000</strong></font> &nbsp; <i>All architectures</i><br>
+ In ssh(1), skey support for SSH1 protocol was broken.  Some people might consider
+ that kind of important.<br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patch">
+ A source code patch exists which remedies this problem.</a>
+ <p>
  <li><a name="zsconsole"></a>
  <font color="#009000"><strong>001: RELIABILITY FIX: Nov 10, 2000</strong></font><br>
  When running a sparc with a serial console, certain types of interrupts would
  cause great grief.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/001_zsconsole.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  
  </ul>