www/errata28.html - diff

Return to errata28.html CVS log

Up to [local] / www

Diff for /www/errata28.html between version 1.83 and 1.84

version 1.83, 2016/08/15 02:22:06

version 1.84, 2016/10/16 19:11:29

Line 70

<hr>

You can also fetch a tar.gz file containing all the following patches</a>.

This file is updated once a day.

Line 97

some UUCP commands are run as root (and daemon) from cron it is possible

to leverage compromise of the UUCP user to gain root.

A source code patch exists which remedies this problem.</a>

Line 110

access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)

may be used to mount an attack.

A source code patch exists which remedies this problem.</a>

Line 120

that may allow an attacker on the local host to gain root privileges by

specifying out-of-bounds debug parameters.

A source code patch exists which remedies this problem.</a>

Line 128

All architectures

A race condition exists in the kernel <a href="http://man.openbsd.org/?query=execve&sektion=2&format=html">execve(2)</a> implementation that opens a small window of vulnerability for a non-privileged user to <a href="http://man.openbsd.org/?query=ptrace&sektion=2&format=html">ptrace(2)</a> attach to a suid/sgid process.

A source code patch exists which remedies this problem.</a>

Line 140

parent dir is changed out from underneath it. This is similar to

the old fts bug but happens when popping out of directories, as

opposed to descending into them.

A source code patch exists which remedies this problem.</a>

This is the second version of the patch.

Line 152

context of a signal handler. This leads to potentially serious

race conditions. At the moment this is a theoretical attack only

and can only be exploited on the local host (if at all).

A source code patch exists which remedies this problem.</a>

It updates sendmail to version 8.11.4.

Line 160

027: SECURITY FIX: Apr 23, 2001

All architectures

IPF has a serious problem with fragment caching, the bug is triggered if you use the ipf(5) syntax "keep state".

A source code patch exists which remedies this problem.</a>

026: SECURITY FIX: Apr 23, 2001

All architectures

<a href="http://man.openbsd.org/?query=glob&sektion=3">ftpd(8)</a> has a potential DoS related to <a href="http://man.openbsd.org/?query=glob&sektion=3">glob(3)</a>. This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have <a href="#glob">025_glob.patch</a> installed before installing this patch.

A source code patch exists which remedies this problem.</a>

025: SECURITY FIX: Apr 10, 2001

All architectures

<a href="http://man.openbsd.org/?query=glob&sektion=3">glob(3)</a> contains multiple buffer overflows.

A source code patch exists which remedies this problem.</a>

Line 186

This can lead to the leakage of sensitive information in applications

that use passwords and the like during user interaction (one such

application is mysql).

A source code patch exists which remedies this problem.</a>

023: SECURITY FIX: Mar 2, 2001

All architectures

Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun leading to a remote DoS. This option is not on by default.

A source code patch exists which remedies this problem.</a>

022: SECURITY FIX: Mar 2, 2001

The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory. This option is not on by default.

A source code patch exists which remedies this problem.</a>

Line 208

There is an exploitable heap corruption bug in

<a href="http://man.openbsd.org/?query=sudo&sektion=8">sudo</a>.

A source code patch exists which remedies this problem.</a>

020: IMPLEMENTATION FIX: Feb 15, 2001

All architectures

Client side ident protocol was broken in libwrap, affecting anything using libwrap including <a href="http://man.openbsd.org/?query=tcpd&sektion=8">tcpd</a>. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.

A source code patch exists which remedies this problem.</a>

019: IMPLEMENTATION FIX: Jan 31, 2001

All architectures

Fix memory allocation in the PCI LANCE driver, <a href="http://man.openbsd.org/?query=le&sektion=4&arch=i386">le</a>. A side effect of this is that OpenBSD under VMWare now works again.

A source code patch exists which remedies this problem.</a>

Line 231

Merge <a href="http://man.openbsd.org/?query=named&sektion=8">named</a>

with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities (actually it appears

that these were already impossible to exploit beforehand).

A source code patch exists which remedies this problem.</a>

017: SECURITY FIX: Jan 22, 2001

All architectures

The <a href="http://man.openbsd.org/?query=random&sektion=4">rnd(4)</a> device does not use all of its input when data is written to it.

A source code patch exists which remedies this problem.</a>

016: RELIABILITY FIX: Jan 4, 2001

All architectures

Allow ThunderLAN cards to share interrupts nicely.

A source code patch exists which remedies this problem.</a>

015: STABILITY FIX: Dec 22, 2000

Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.

A source code patch exists which remedies this problem.</a>

014: SECURITY FIX: Dec 22, 2000

All architectures

Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.

A source code patch exists which remedies this problem.</a>

In addition to a source code patch, new xlock binaries have been created for each architecture listed below. Place these binaries at /usr/X11R6/bin/xlock

and chmod 4755 /usr/X11R6/bin/xlock.

<ul>

<li><a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/xlock">Xlock - i386</a>

<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/xlock">Xlock - i386</a>

<li><a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/xlock">Xlock - sparc</a>

<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/xlock">Xlock - sparc</a>

<li><a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mac68k/xlock">Xlock - mac68k</a>

<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mac68k/xlock">Xlock - mac68k</a>

<li><a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/xlock">Xlock - powerpc</a>

<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/xlock">Xlock - powerpc</a>

<li><a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/amiga/xlock">Xlock - amiga</a>

<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/amiga/xlock">Xlock - amiga</a>

<li><a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/hp300/xlock">Xlock - hp300</a>

<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/hp300/xlock">Xlock - hp300</a>

<li><a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mvme68k/xlock">Xlock - mvme68k</a>

<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mvme68k/xlock">Xlock - mvme68k</a>

</ul>

013: SECURITY FIX: Dec 18, 2000

All architectures

<a href="http://man.openbsd.org/?query=mount_procfs&sektion=8">Procfs</a> contained numerous overflows, which could lead an intruder to root permissions. Procfs is NOT enabled by default in OpenBSD.

A source code patch exists which remedies this problem.</a>

012: INSTALL PROBLEM: Dec 14, 2000

The IMac DV+ (and probably some other machines) incorrectly identify their video

hardware, but it is possible to work around the problem.

A source code patch exists which remedies this problem.</a>

Line 293

All architectures

The crypto subsystem could incorrectly fail to run certain software ciphers,

if a hardware card existed in the machine.

A source code patch exists which remedies this problem.</a>

010: RELIABILITY FIX: Dec 11, 2000

All architectures

A crash could occur during fast routing, if IPSEC was enabled.

A source code patch exists which remedies this problem.</a>

009: SECURITY FIX: Dec 10, 2000

All architectures

Another problem exists in the Kerberos libraries.

A source code patch exists which remedies this problem.</a>

Line 323

ones that have special meaning on the server. It is not clear at this

time what the impact is, but we recommend everyone to upgrade their

machines immediately.

A source code patch exists which remedies this problem.</a>

007: INSTALL PROBLEM: Dec 4, 2000

The X packages

<a href="http://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>

<a href="https://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>

and

were not on the CD, and only available via FTP install. These packages can be

added post-install by using the following command:

<pre>

Line 360

005: SECURITY FIX: Dec 4, 2000

All architectures

OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.

A source code patch exists which remedies this problem.</a>

You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here.

Line 370

First off, AES (Rijndael) encryption and decryption were broken for IPsec

and swap encryption.

Secondly, the AES code did not work properly on big endian machines.

A source code patch exists which remedies this problem.</a>

This is the second revision of the patch.

003: RELIABILITY FIX: Nov 17, 2000

Configuring a qec+qe causes a NMI panic.

A source code patch exists which remedies this problem.</a>

Line 385

All architectures

In ssh(1), skey support for SSH1 protocol was broken. Some people might consider

that kind of important.

A source code patch exists which remedies this problem.</a>

001: RELIABILITY FIX: Nov 10, 2000

When running a sparc with a serial console, certain types of interrupts would

cause great grief.

A source code patch exists which remedies this problem.</a>