www/errata28.html - diff

Return to errata28.html CVS log

Up to [local] / www

Diff for /www/errata28.html between version 1.32 and 1.33

version 1.32, 2003/10/24 22:12:40

version 1.33, 2003/11/21 16:55:16

Line 8

</head>

Line 50

Line 51

consult the <a href="./faq/faq10.html#10.14">OpenBSD FAQ</a>.

<hr>

<dl>

<h3>All architectures</h3>

<li><h3>All architectures</h3>

<ul>

<li>033: SECURITY FIX: September 11, 2001

033: SECURITY FIX: September 11, 2001

A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uuxqt&sektion=8">uuxqt(8)</a>

that may allow an attacker to run arbitrary commands as user uucp and

use this to gain root access.

Line 66

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/033_uucp.patch">A source code patch exists which remedies the problem</a>

<li>032: SECURITY FIX: August 29, 2001

032: SECURITY FIX: August 29, 2001

A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a>

that may allow an attacker with line printer access to gain root

privileges. A machine must be running lpd to be vulnerable (OpenBSD

Line 77

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/032_lpd.patch">A source code patch exists which remedies the problem</a>

<li>031: SECURITY FIX: August 21, 2001

031: SECURITY FIX: August 21, 2001

A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>

that may allow an attacker on the local host to gain root privileges by

specifying out-of-bounds debug parameters.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/031_sendmail.patch">A source code patch exists which remedies the problem</a>

<li>030: SECURITY FIX: June 15, 2001

030: SECURITY FIX: June 15, 2001

A race condition exists in the kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execve&sektion=2&format=html">execve(2)</a> implementation that opens a small window of vulnerability for a non-privileged user to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ptrace&sektion=2&format=html">ptrace(2)</a> attach to a suid/sgid process.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/030_kernexec.patch">A source code patch exists which remedies the problem</a>.

<li>029: SECURITY FIX: May 30, 2001

029: SECURITY FIX: May 30, 2001

Programs using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fts&sektion=3&format=html">fts(3)</a>

routines (such as rm, find, and most programs that take a -R

flag) can be tricked into changing into the wrong directory if the

Line 103

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/029_fts.patch">A source code patch exists which remedies the problem</a>.

This is the second version of the patch.

<li>028: SECURITY FIX: May 29, 2001

028: SECURITY FIX: May 29, 2001

The signal handlers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sen

dmail&sektion=8&format=html">sendmail(8)</a> contain code that is unsafe in the

context of a signal handler. This leads to potentially serious

Line 112

and can only be exploited on the local host (if at all).

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/028_sendmail.patch">A source code patch exists</a> which remedies the problem by updating sendmail to version 8.11.4.

<li>027: SECURITY FIX: Apr 23, 2001

027: SECURITY FIX: Apr 23, 2001

IPF has a serious problem with fragment caching, the bug is triggered if you use the ipf(5) syntax "keep state".

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/027_ipf-frag.patch">A source code patch exists which remedies the problem.</a>

<li>026: SECURITY FIX: Apr 23, 2001

026: SECURITY FIX: Apr 23, 2001

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glob&sektion=3">ftpd(8)</a> has a potential DoS related to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glob&sektion=3">glob(3)</a>. This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have <a href="#glob">025_glob.patch</a> installed before installing this patch.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/026_globlimit.patch">A source code patch exists which remedies the problem.</a>

<li>025: SECURITY FIX: Apr 10, 2001

025: SECURITY FIX: Apr 10, 2001

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glob&sektion=3">glob(3)</a> contains multiple buffer overflows.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/025_glob.patch">A source code patch exists which remedies the problem.</a>

<li>024: SECURITY FIX: Mar 18, 2001

024: SECURITY FIX: Mar 18, 2001

The readline library shipped with OpenBSD allows history files creation

with a permissive

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umask&sektion=2">umask(2)</a>.

Line 137

application is mysql).

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch">A source code patch exists which remedies the problem.</a>

<li>023: SECURITY FIX: Mar 2, 2001

023: SECURITY FIX: Mar 2, 2001

Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun leading to a remote DoS. This option is not on by default.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/023_ip_ah.patch">A source code patch exists which remedies the problem.</a>

<li>021: SECURITY FIX: Feb 22, 2001

021: SECURITY FIX: Feb 22, 2001

There is an exploitable heap corruption bug in

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo</a>.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/021_sudo.patch">A source code patch exists which remedies the problem.</a>

<li>020: IMPLEMENTATION FIX: Feb 15, 2001

020: IMPLEMENTATION FIX: Feb 15, 2001

Client side ident protocol was broken in libwrap, affecting anything using libwrap including <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpd&sektion=8">tcpd</a>. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/020_libwrap.patch">A source code patch exists which remedies the problem.</a>

<li>019: IMPLEMENTATION FIX: Jan 31, 2001

019: IMPLEMENTATION FIX: Jan 31, 2001

Fix memory allocation in the PCI LANCE driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=le&sektion=4&arch=i386">le</a>. A side effect of this is that OpenBSD under VMWare now works again.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/019_lepci.patch">A source code patch exists which remedies the problem.</a>

<li>018: SECURITY FIX: Jan 29, 2001

018: SECURITY FIX: Jan 29, 2001

Merge <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named</a>

with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities (actually it appears

that these were already impossible to exploit beforehand).

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/018_named.patch">A source code patch exists which remedies the problem.</a>

<li>017: SECURITY FIX: Jan 22, 2001

017: SECURITY FIX: Jan 22, 2001

The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=4">rnd(4)</a> device does not use all of its input when data is written to it.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/017_rnd.patch">A source code patch exists which remedies the problem.</a>

<li>016: RELIABILITY FIX: Jan 4, 2001

016: RELIABILITY FIX: Jan 4, 2001

Allow ThunderLAN cards to share interrupts nicely.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/016_tl.patch">A source code patch exists which remedies the problem.</a>

<li>014: SECURITY FIX: Dec 22, 2000

014: SECURITY FIX: Dec 22, 2000

Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/014_xlock.patch">A source code patch exists which remedies the problem.</a>

Line 194

<li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mvme68k/xlock">Xlock - mvme68k</a>

</ul>

<li>013: SECURITY FIX: Dec 18, 2000

013: SECURITY FIX: Dec 18, 2000

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_procfs&sektion=8">Procfs</a> contained numerous overflows, which could lead an intruder to root permissions. Procfs is NOT enabled by default in OpenBSD.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/013_procfs.patch">A source code patch exists which remedies the problem.</a>

<li>011: RELIABILITY FIX: Dec 13, 2000

011: RELIABILITY FIX: Dec 13, 2000

The crypto subsystem could incorrectly fail to run certain software ciphers,

if a hardware card existed in the machine.

A source code patch exists which remedies the problem.</a>

<li>010: RELIABILITY FIX: Dec 11, 2000

010: RELIABILITY FIX: Dec 11, 2000

A crash could occur during fast routing, if IPSEC was enabled.

A source code patch exists which remedies the problem.</a>

<li>009: SECURITY FIX: Dec 10, 2000

009: SECURITY FIX: Dec 10, 2000

Another problem exists in the Kerberos libraries.

A source code patch exists which remedies the problem.</a>

<li>008: SECURITY FIX: Dec 7, 2000

008: SECURITY FIX: Dec 7, 2000

Two problems have recently been discovered in the KerberosIV code.

1. A symlink problem was discovered in the KerberosIV password checking

routines /usr/bin/su and /usr/bin/login, which makes it possible for a

Line 233

A source code patch exists which remedies the problem.</a>

<li>005: SECURITY FIX: Dec 4, 2000

005: SECURITY FIX: Dec 4, 2000

OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.

A source code patch exists which remedies the problem.</a>

You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here.

<li>004: RELIABILITY FIX: Nov 17, 2000

004: RELIABILITY FIX: Nov 17, 2000

First off, AES (Rijndael) encryption and decryption were broken for IPsec

and swap encryption.

Secondly, the AES code did not work properly on big endian machines.

Line 255

A source code patch exists which remedies this problem.</a>

</ul>

<ul>

<li>022: SECURITY FIX: Mar 2, 2001

022: SECURITY FIX: Mar 2, 2001

The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory. This option is not on by default.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/022_userltd.patch">A source code patch exists which remedies the problem.</a>

<li>015: STABILITY FIX: Dec 22, 2000

015: STABILITY FIX: Dec 22, 2000

Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch">A source code patch exists which remedies this problem.</a>

<li>006: STABILITY FIX: Dec 4, 2000

006: STABILITY FIX: Dec 4, 2000

On some machines, a PCIBIOS device driver interrupt allocation bug can cause a

kernel hang while probing PCI devices. If you have this symptom, you can disable

PCIBIOS as a workaround. To do this,

Line 287

</ul>

<ul>

<li>007: INSTALL PROBLEM: Dec 4, 2000

007: INSTALL PROBLEM: Dec 4, 2000

The X packages

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xshare28.tgz">share28.tgz</a>

and

were not on the CD, and only available via FTP install. These packages can be

added post-install by using the following commands:

<pre>

# cd /; tar xvfpz xshare28.tgz

# cd /; tar xvfpz xfont28.tgz

</pre></tt>

</pre>

</ul>

<li><h3>sparc</h3>

<h3>sparc</h3>

<ul>

<li>007: INSTALL PROBLEM: Dec 4, 2000

007: INSTALL PROBLEM: Dec 4, 2000

The X packages

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xshare28.tgz">share28.tgz</a>

and

were not on the CD, and only available via FTP install. These packages can be

added post-install by using the following commands:

<pre>

# cd /; tar xvfpz xshare28.tgz

# cd /; tar xvfpz xfont28.tgz

</pre></tt>

</pre>

<li>003: RELIABILITY FIX: Nov 17, 2000

003: RELIABILITY FIX: Nov 17, 2000

Configuring a qec+qe causes a NMI panic.

A source code patch exists which remedies this problem.</a>

<li>001: RELIABILITY FIX: Nov 10, 2000

001: RELIABILITY FIX: Nov 10, 2000

When running a sparc with a serial console, certain types of interrupts would

cause great grief.

A source code patch exists which remedies this problem.</a>

</ul>

<li><h3>amiga</h3>

<h3>amiga</h3>

<ul>

<li>007: INSTALL PROBLEM: Dec 4, 2000

007: INSTALL PROBLEM: Dec 4, 2000

The X packages

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xshare28.tgz">share28.tgz</a>

and

were not on the CD, and only available via FTP install. These packages can be

added post-install by using the following commands:

<pre>

# cd /; tar xvfpz xshare28.tgz

# cd /; tar xvfpz xfont28.tgz

</pre></tt>

</pre>

</ul>

<ul>

<li>No problems identified yet.

</ul>

<ul>

<li>007: INSTALL PROBLEM: Dec 4, 2000

007: INSTALL PROBLEM: Dec 4, 2000

The X packages

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xshare28.tgz">share28.tgz</a>

and

were not on the CD, and only available via FTP install. These packages can be

added post-install by using the following commands:

<pre>

# cd /; tar xvfpz xshare28.tgz

# cd /; tar xvfpz xfont28.tgz

</pre></tt>

</pre>

</ul>

<ul>

<li>007: INSTALL PROBLEM: Dec 4, 2000

007: INSTALL PROBLEM: Dec 4, 2000

The X packages

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xshare28.tgz">share28.tgz</a>

and

were not on the CD, and only available via FTP install. These packages can be

added post-install by using the following command:

<pre>

# cd /; tar xvfpz xshare28.tgz

# cd /; tar xvfpz xfont28.tgz

</pre></tt>

</pre>

</ul>

<li><h3>powerpc</h3>

<h3>powerpc</h3>

<ul>

<li>012: INSTALL PROBLEM: Dec 14, 2000

012: INSTALL PROBLEM: Dec 14, 2000

The IMac DV+ (and probably some other machines) incorrectly identify their video

hardware, but it is possible to work around the problem.

A source code patch exists which remedies the problem.</a>

</ul>

<ul>

<li>No problems identified yet.

</ul>

<ul>

<li>007: INSTALL PROBLEM: Dec 4, 2000

007: INSTALL PROBLEM: Dec 4, 2000

The X packages

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>

and

were not on the CD, and only available via FTP install. These packages can be

added post-install by using the following command:

<pre>

# cd /; tar xvfpz xshare28.tgz

# cd /; tar xvfpz xfont28.tgz

</pre></tt>

</pre>

</ul>

</dl>

<hr>