www/errata28.html - diff

Return to errata28.html CVS log

Up to [local] / www

Diff for /www/errata28.html between version 1.64 and 1.65

-version 1.64, 2014/03/31 03:36:54
+version 1.65, 2014/03/31 04:11:40
 Line 175
 Line 175
 Line 175
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/023_ip_ah.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
+ <li><a name="userldt"></a>
+ <font color="#009000"><strong>022: SECURITY FIX: Mar 2, 2001</strong></font><br>
+ The <b>USER_LDT</b> kernel option allows an attacker to gain access to privileged areas of kernel memory. This option is not on by default.
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/022_userltd.patch">
+ A source code patch exists which remedies this problem.</a>
+ <p>
  <li><a name="sudo"></a>
  <font color="#009000"><strong>021: SECURITY FIX: Feb 22, 2001</strong></font> &nbsp; <i>All architectures</i><br>
  There is an exploitable heap corruption bug in
-Line 215
+Line 221
 Line 215
 Line 221
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/016_tl.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
+ <li><a name="pms"></a>
+ <font color="#009000"><strong>015: STABILITY FIX: Dec 22, 2000</strong></font><br>
+ Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.<br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch">
+ A source code patch exists which remedies this problem.</a>
+ <p>
  <li><a name="xlock"></a>
  <font color="#009000"><strong>014: SECURITY FIX: Dec 22, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.<br>
-Line 240
+Line 252
 Line 240
 Line 252
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/013_procfs.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
+ <li><a name="imacdv"></a>
+ <font color="#009000"><strong>012: INSTALL PROBLEM: Dec 14, 2000</strong></font><br>
+ The IMac DV+ (and probably some other machines) incorrectly identify their video
+ hardware, but it is possible to work around the problem.<br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/012_imacdv.patch">
+ A source code patch exists which remedies this problem.</a>
+ <p>
  <li><a name="hwcrypto"></a>
  <font color="#009000"><strong>011: RELIABILITY FIX: Dec 13, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  The crypto subsystem could incorrectly fail to run certain software ciphers,
-Line 274
+Line 293
 Line 274
 Line 293
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/008_kerberos.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
- <li><a name="ftpd"></a>
+ <li><a name="x_sun3"></a>
- <font color="#009000"><strong>005: SECURITY FIX: Dec 4, 2000</strong></font> &nbsp; <i>All architectures</i><br>
+ <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
- OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.<br>
+ The X packages
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch">
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>
- A source code patch exists which remedies this problem.</a>
+ and
- You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here.
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xfont28.tgz">font28.tgz</a>
+ were not on the CD, and only available via FTP install.  These packages can be
+ added post-install by using the following command:
+ <pre>
+     # cd /; tar xvfpz xshare28.tgz
+     # cd /; tar xvfpz xfont28.tgz
+ </pre>
  <p>
- <li><a name="rijndael"></a>
- <font color="#009000"><strong>004: RELIABILITY FIX: Nov 17, 2000</strong></font> &nbsp; <i>All architectures</i><br>
- First off, AES (Rijndael) encryption and decryption were broken for IPsec
- and swap encryption.<br>
- Secondly, the AES code did not work properly on big endian machines.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch">
- A source code patch exists which remedies this problem.</a>
- This is the second revision of the patch.
- <p>
- <li><a name="skey"></a>
- <font color="#009000"><strong>002: IMPLEMENTATION FIX: Nov 10, 2000</strong></font> &nbsp; <i>All architectures</i><br>
- In ssh(1), skey support for SSH1 protocol was broken.  Some people might consider
- that kind of important.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patch">
- A source code patch exists which remedies this problem.</a>
- </ul>
- <p>
- <a name="i386"></a>
- <h3><font color="#e00000">i386</font></h3>
- <ul>
- <li><a name="userldt"></a>
- <font color="#009000"><strong>022: SECURITY FIX: Mar 2, 2001</strong></font><br>
- The <b>USER_LDT</b> kernel option allows an attacker to gain access to privileged areas of kernel memory. This option is not on by default.
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/022_userltd.patch">
- A source code patch exists which remedies this problem.</a>
- <p>
- <li><a name="pms"></a>
- <font color="#009000"><strong>015: STABILITY FIX: Dec 22, 2000</strong></font><br>
- Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch">
- A source code patch exists which remedies this problem.</a>
- <p>
  <li><a name="pcibios"></a>
  <font color="#009000"><strong>006: STABILITY FIX: Dec 4, 2000</strong></font><br>
  On some machines, a PCIBIOS device driver interrupt allocation bug can cause a
-Line 330
+Line 323
 Line 330
 Line 323
      permanently.
      </ul>
  <p>
- </ul>
+ <li><a name="ftpd"></a>
+ <font color="#009000"><strong>005: SECURITY FIX: Dec 4, 2000</strong></font> &nbsp; <i>All architectures</i><br>
+ OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.<br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch">
+ A source code patch exists which remedies this problem.</a>
+ You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here.
  <p>
- <a name="mac68k"></a>
+ <li><a name="rijndael"></a>
- <h3><font color="#e00000">mac68k</font></h3>
+ <font color="#009000"><strong>004: RELIABILITY FIX: Nov 17, 2000</strong></font> &nbsp; <i>All architectures</i><br>
- <ul>
+ First off, AES (Rijndael) encryption and decryption were broken for IPsec
- <li><a name="x_mac68k"></a>
+ and swap encryption.<br>
- <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
+ Secondly, the AES code did not work properly on big endian machines.<br>
- The X packages
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch">
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xshare28.tgz">share28.tgz</a>
+ A source code patch exists which remedies this problem.</a>
- and
+ This is the second revision of the patch.
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xfont28.tgz">font28.tgz</a>
- were not on the CD, and only available via FTP install.  These packages can be
- added post-install by using the following commands:
- <pre>
-     # cd /; tar xvfpz xshare28.tgz
-     # cd /; tar xvfpz xfont28.tgz
- </pre>
- </ul>
  <p>
- <a name="sparc"></a>
- <h3><font color="#e00000">sparc</font></h3>
- <ul>
- <li><a name="x_sparc"></a>
- <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
- The X packages
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xshare28.tgz">share28.tgz</a>
- and
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xfont28.tgz">font28.tgz</a>
- were not on the CD, and only available via FTP install.  These packages can be
- added post-install by using the following commands:
- <pre>
-     # cd /; tar xvfpz xshare28.tgz
-     # cd /; tar xvfpz xfont28.tgz
- </pre>
- <p>
  <li><a name="qe"></a>
  <font color="#009000"><strong>003: RELIABILITY FIX: Nov 17, 2000</strong></font><br>
  Configuring a qec+qe causes a NMI panic.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/003_qe.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
+ <li><a name="skey"></a>
+ <font color="#009000"><strong>002: IMPLEMENTATION FIX: Nov 10, 2000</strong></font> &nbsp; <i>All architectures</i><br>
+ In ssh(1), skey support for SSH1 protocol was broken.  Some people might consider
+ that kind of important.<br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patch">
+ A source code patch exists which remedies this problem.</a>
+ <p>
  <li><a name="zsconsole"></a>
  <font color="#009000"><strong>001: RELIABILITY FIX: Nov 10, 2000</strong></font><br>
  When running a sparc with a serial console, certain types of interrupts would
  cause great grief.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/001_zsconsole.patch">
  A source code patch exists which remedies this problem.</a>
- </ul>
  <p>
- <a name="amiga"></a>
- <h3><font color="#e00000">amiga</font></h3>
- <ul>
- <li><a name="x_amiga"></a>
- <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
- The X packages
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xshare28.tgz">share28.tgz</a>
- and
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xfont28.tgz">font28.tgz</a>
- were not on the CD, and only available via FTP install.  These packages can be
- added post-install by using the following commands:
- <pre>
-     # cd /; tar xvfpz xshare28.tgz
-     # cd /; tar xvfpz xfont28.tgz
- </pre>
  </ul>
  <p>
- <a name="hp300"></a>
- <h3><font color="#e00000">hp300</font></h3>
- <ul>
- <li><a name="x_hp300"></a>
- <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
- The X packages
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xshare28.tgz">share28.tgz</a>
- and
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xfont28.tgz">font28.tgz</a>
- were not on the CD, and only available via FTP install.  These packages can be
- added post-install by using the following commands:
- <pre>
-     # cd /; tar xvfpz xshare28.tgz
-     # cd /; tar xvfpz xfont28.tgz
- </pre>
- </ul>
- <p>
- <a name="mvme68k"></a>
- <h3><font color="#e00000">mvme68k</font></h3>
- <ul>
- <li><a name="x_mvme68k"></a>
- <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
- The X packages
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xshare28.tgz">share28.tgz</a>
- and
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xfont28.tgz">font28.tgz</a>
- were not on the CD, and only available via FTP install.  These packages can be
- added post-install by using the following command:
- <pre>
-     # cd /; tar xvfpz xshare28.tgz
-     # cd /; tar xvfpz xfont28.tgz
- </pre>
- </ul>
- <p>
- <a name="powerpc"></a>
- <h3><font color="#e00000">powerpc</font></h3>
- <ul>
- <li><a name="imacdv"></a>
- <font color="#009000"><strong>012: INSTALL PROBLEM: Dec 14, 2000</strong></font><br>
- The IMac DV+ (and probably some other machines) incorrectly identify their video
- hardware, but it is possible to work around the problem.<br>
- <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/012_imacdv.patch">
- A source code patch exists which remedies this problem.</a>
- </ul>
- <p>
- <a name="sun3"></a>
- <h3><font color="#e00000">sun3</font></h3>
- <ul>
- <li><a name="x_sun3"></a>
- <font color="#009000"><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
- The X packages
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>
- and
- <a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xfont28.tgz">font28.tgz</a>
- were not on the CD, and only available via FTP install.  These packages can be
- added post-install by using the following command:
- <pre>
-     # cd /; tar xvfpz xshare28.tgz
-     # cd /; tar xvfpz xfont28.tgz
- </pre>
- <p>
- </ul>
  </ul>