===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata28.html,v
retrieving revision 1.94
retrieving revision 1.95
diff -u -r1.94 -r1.95
--- www/errata28.html	2019/05/27 22:55:19	1.94
+++ www/errata28.html	2019/05/28 16:32:41	1.95
@@ -84,144 +84,186 @@
 <hr>
 
 <ul>
-<li id="uucp">
-<strong>033: SECURITY FIX: September 11, 2001</strong>
-&nbsp; <i>All architectures</i><br>
-A security hole exists in <a href="https://man.openbsd.org/OpenBSD-2.8/uuxqt.8">uuxqt(8)</a>
-that may allow an attacker to run arbitrary commands as user uucp and
-use this to gain root access.
-The UUCP execution daemon, uuxqt(8), has a bug in its command line
-parsing routine may allow arbitrary commands to be run.  Because
-some UUCP commands are run as root (and daemon) from cron it is possible
-to leverage compromise of the UUCP user to gain root.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/033_uucp.patch">
+
+<li id="zsconsole">
+<strong>001: RELIABILITY FIX: Nov 10, 2000</strong><br>
+When running a sparc with a serial console, certain types of interrupts would
+cause great grief.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/001_zsconsole.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="lpd">
-<strong>032: SECURITY FIX: August 29, 2001</strong>
+
+<li id="skey">
+<strong>002: IMPLEMENTATION FIX: Nov 10, 2000</strong>
 &nbsp; <i>All architectures</i><br>
-A security hole exists in <a href="https://man.openbsd.org/OpenBSD-2.8/lpd.8">lpd(8)</a>
-that may allow an attacker with line printer access to gain root
-privileges.  A machine must be running lpd to be vulnerable (OpenBSD
-does not start lpd by default).  Only machines with line printer
-access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
-may be used to mount an attack.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/032_lpd.patch">
+In ssh(1), skey support for SSH1 protocol was broken.  Some people might consider
+that kind of important.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="sendmail2">
-<strong>031: SECURITY FIX: August 21, 2001</strong>
-&nbsp; <i>All architectures</i><br>
-A security hole exists in <a href="https://man.openbsd.org/OpenBSD-2.8/sendmail.8">sendmail(8)</a>
-that may allow an attacker on the local host to gain root privileges by
-specifying out-of-bounds debug parameters.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/031_sendmail.patch">
+
+<li id="qe">
+<strong>003: RELIABILITY FIX: Nov 17, 2000</strong><br>
+Configuring a qec+qe causes a NMI panic.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/003_qe.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="kernexec">
-<strong>030: SECURITY FIX: June 15, 2001</strong>
+
+<li id="rijndael">
+<strong>004: RELIABILITY FIX: Nov 17, 2000</strong>
 &nbsp; <i>All architectures</i><br>
-A race condition exists in the kernel <a href="https://man.openbsd.org/OpenBSD-2.8/execve.2">execve(2)</a> implementation that opens a small window of vulnerability for a non-privileged user to <a href="https://man.openbsd.org/OpenBSD-2.8/ptrace.2">ptrace(2)</a> attach to a suid/sgid process.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/030_kernexec.patch">
+First off, AES (Rijndael) encryption and decryption were broken for IPsec
+and swap encryption.<br>
+Secondly, the AES code did not work properly on big endian machines.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch">
 A source code patch exists which remedies this problem.</a>
+This is the second revision of the patch.
 <p>
-<li id="fts">
-<strong>029: SECURITY FIX: May 30, 2001</strong>
+
+<li id="ftpd">
+<strong>005: SECURITY FIX: Dec 4, 2000</strong>
 &nbsp; <i>All architectures</i><br>
-Programs using the <a href="https://man.openbsd.org/OpenBSD-2.8/fts.3">fts(3)</a>
-routines (such as rm, find, and most programs that take a <b>-R</b>
-flag) can be tricked into changing into the wrong directory if the
-parent dir is changed out from underneath it.  This is similar to
-the old fts bug but happens when popping out of directories, as
-opposed to descending into them.
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/029_fts.patch">
+OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch">
 A source code patch exists which remedies this problem.</a>
-This is the second version of the patch.
+You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here.
 <p>
-<li id="sendmail">
-<strong>028: SECURITY FIX: May 29, 2001</strong>
+
+<li id="pcibios">
+<strong>006: STABILITY FIX: Dec 4, 2000</strong><br>
+On some machines, a PCIBIOS device driver interrupt allocation bug can cause a
+kernel hang while probing PCI devices.  If you have this symptom, you can disable
+PCIBIOS as a workaround.  To do this,
+    <ul>
+    <li>Enter the User Kernel Configuration by booting with the
+	option &quot;boot -c&quot;.
+    <li>Once at the <i>UKC></i> prompt, enter
+        <blockquote><pre>
+	UKC> disable pcibios
+	UKC> quit<!--
+	--></pre></blockquote>
+    <li>See <a href="./faq/faq5.html#5.6">this page</a> after a successful
+    boot for instructions on how to re-write your kernel to disable PCIBIOS
+    permanently.
+    </ul>
+<p>
+
+<li id="x_sun3">
+<strong>007: INSTALL PROBLEM: Dec 4, 2000</strong><br>
+The X packages
+<a href="https://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>
+and
+<a href="https://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xfont28.tgz">font28.tgz</a>
+were not on the CD, and only available via FTP install.  These packages can be
+added post-install by using the following command:
+<pre>
+    # cd /; tar xvfpz xshare28.tgz
+    # cd /; tar xvfpz xfont28.tgz
+</pre>
+<p>
+
+<li id="kerberos">
+<strong>008: SECURITY FIX: Dec 7, 2000</strong>
 &nbsp; <i>All architectures</i><br>
-The signal handlers in <a href="https://man.openbsd.org/OpenBSD-2.8/sendmail.8">sendmail(8)</a> contain code that is unsafe in the
-context of a signal handler.  This leads to potentially serious
-race conditions.  At the moment this is a theoretical attack only
-and can only be exploited on the local host (if at all).<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/028_sendmail.patch">
+Two problems have recently been discovered in the KerberosIV code.<p>
+1. A symlink problem was discovered in the KerberosIV password checking
+routines /usr/bin/su and /usr/bin/login, which makes it possible for a
+local user to overwrite any file on the local machine.<p>
+2. It is possible to specify environment variables in telnet
+which will be passed over the to the remote host. This makes it
+possible to set environment variables on the remote side, including
+ones that have special meaning on the server. It is not clear at this
+time what the impact is, but we recommend everyone to upgrade their
+machines immediately.<p>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/008_kerberos.patch">
 A source code patch exists which remedies this problem.</a>
-It updates sendmail to version 8.11.4.
 <p>
-<li id="ipf_frag">
-<strong>027: SECURITY FIX: Apr 23, 2001</strong>
+
+<li id="kerberos2">
+<strong>009: SECURITY FIX: Dec 10, 2000</strong>
 &nbsp; <i>All architectures</i><br>
-IPF has a serious problem with fragment caching, the bug is triggered if you use the ipf(5) syntax &quot;keep state&quot;.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/027_ipf-frag.patch">
+Another problem exists in the Kerberos libraries.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/009_kerberos2.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="glob_limit">
-<strong>026: SECURITY FIX: Apr 23, 2001</strong>
+
+<li id="fastroute">
+<strong>010: RELIABILITY FIX: Dec 11, 2000</strong>
 &nbsp; <i>All architectures</i><br>
-<a href="https://man.openbsd.org/OpenBSD-2.8/glob.3">ftpd(8)</a> has a potential DoS related to <a href="https://man.openbsd.org/OpenBSD-2.8/glob.3">glob(3)</a>. This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have <a href="#glob">025_glob.patch</a> installed before installing this patch.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/026_globlimit.patch">
+A crash could occur during fast routing, if IPSEC was enabled.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/010_fastroute.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="glob">
-<strong>025: SECURITY FIX: Apr 10, 2001</strong>
+
+<li id="hwcrypto">
+<strong>011: RELIABILITY FIX: Dec 13, 2000</strong>
 &nbsp; <i>All architectures</i><br>
-<a href="https://man.openbsd.org/OpenBSD-2.8/glob.3">glob(3)</a> contains multiple buffer overflows. <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/025_glob.patch">
+The crypto subsystem could incorrectly fail to run certain software ciphers,
+if a hardware card existed in the machine.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/011_hwcrypto.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="readline">
-<strong>024: SECURITY FIX: Mar 18, 2001</strong>
-&nbsp; <i>All architectures</i><br>
-The readline library shipped with OpenBSD allows history files creation
-with a permissive
-<a href="https://man.openbsd.org/OpenBSD-2.8/umask.2">umask(2)</a>.
-This can lead to the leakage of sensitive information in applications
-that use passwords and the like during user interaction (one such
-application is mysql).<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch">
+
+<li id="imacdv">
+<strong>012: INSTALL PROBLEM: Dec 14, 2000</strong><br>
+The IMac DV+ (and probably some other machines) incorrectly identify their video
+hardware, but it is possible to work around the problem.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/012_imacdv.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="ipsec_ah">
-<strong>023: SECURITY FIX: Mar 2, 2001</strong>
+
+<li id="procfs">
+<strong>013: SECURITY FIX: Dec 18, 2000</strong>
 &nbsp; <i>All architectures</i><br>
-Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun leading to a remote DoS. This option is not on by default.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/023_ip_ah.patch">
+<a href="https://man.openbsd.org/OpenBSD-2.8/mount_procfs.8">Procfs</a> contained numerous overflows, which could lead an intruder to root permissions. Procfs is NOT enabled by default in OpenBSD. <br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/013_procfs.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="userldt">
-<strong>022: SECURITY FIX: Mar 2, 2001</strong><br>
-The <b>USER_LDT</b> kernel option allows an attacker to gain access to privileged areas of kernel memory. This option is not on by default.
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/022_userltd.patch">
+
+<li id="xlock">
+<strong>014: SECURITY FIX: Dec 22, 2000</strong>
+&nbsp; <i>All architectures</i><br>
+Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/014_xlock.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="sudo">
-<strong>021: SECURITY FIX: Feb 22, 2001</strong>
-&nbsp; <i>All architectures</i><br>
-There is an exploitable heap corruption bug in
-<a href="https://man.openbsd.org/OpenBSD-2.8/sudo.8">sudo</a>.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/021_sudo.patch">
+In addition to a source code patch, new xlock binaries have been created for each architecture listed below. Place these binaries at <i>/usr/X11R6/bin/xlock</i>
+ and <i>chmod 4755 /usr/X11R6/bin/xlock</i>.
+<p>
+<ul>
+<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/xlock">Xlock - i386</a>
+<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/xlock">Xlock - sparc</a>
+<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mac68k/xlock">Xlock - mac68k</a>
+<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/xlock">Xlock - powerpc</a>
+<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/amiga/xlock">Xlock - amiga</a>
+<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/hp300/xlock">Xlock - hp300</a>
+<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mvme68k/xlock">Xlock - mvme68k</a>
+</ul>
+<p>
+
+<li id="pms">
+<strong>015: STABILITY FIX: Dec 22, 2000</strong><br>
+Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="libwrap">
-<strong>020: IMPLEMENTATION FIX: Feb 15, 2001</strong>
+
+<li id="tl">
+<strong>016: RELIABILITY FIX: Jan 4, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-Client side ident protocol was broken in libwrap, affecting anything using libwrap including <a href="https://man.openbsd.org/OpenBSD-2.8/tcpd.8">tcpd</a>. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/020_libwrap.patch">
+Allow ThunderLAN cards to share interrupts nicely.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/016_tl.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="lepci">
-<strong>019: IMPLEMENTATION FIX: Jan 31, 2001</strong>
+
+<li id="rnd">
+<strong>017: SECURITY FIX: Jan 22, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-Fix memory allocation in the PCI LANCE driver, <a href="https://man.openbsd.org/OpenBSD-2.8/le.4">le</a>.  A side effect of this is that OpenBSD under VMWare now works again.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/019_lepci.patch">
+The <a href="https://man.openbsd.org/OpenBSD-2.8/random.4">rnd(4)</a> device does not use all of its input when data is written to it.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/017_rnd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
+
 <li id="named">
 <strong>018: SECURITY FIX: Jan 29, 2001</strong>
 &nbsp; <i>All architectures</i><br>
@@ -231,166 +273,157 @@
 <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/018_named.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="rnd">
-<strong>017: SECURITY FIX: Jan 22, 2001</strong>
+
+<li id="lepci">
+<strong>019: IMPLEMENTATION FIX: Jan 31, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-The <a href="https://man.openbsd.org/OpenBSD-2.8/random.4">rnd(4)</a> device does not use all of its input when data is written to it.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/017_rnd.patch">
+Fix memory allocation in the PCI LANCE driver, <a href="https://man.openbsd.org/OpenBSD-2.8/le.4">le</a>.  A side effect of this is that OpenBSD under VMWare now works again.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/019_lepci.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="tl">
-<strong>016: RELIABILITY FIX: Jan 4, 2001</strong>
+
+<li id="libwrap">
+<strong>020: IMPLEMENTATION FIX: Feb 15, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-Allow ThunderLAN cards to share interrupts nicely.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/016_tl.patch">
+Client side ident protocol was broken in libwrap, affecting anything using libwrap including <a href="https://man.openbsd.org/OpenBSD-2.8/tcpd.8">tcpd</a>. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/020_libwrap.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="pms">
-<strong>015: STABILITY FIX: Dec 22, 2000</strong><br>
-Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch">
+
+<li id="sudo">
+<strong>021: SECURITY FIX: Feb 22, 2001</strong>
+&nbsp; <i>All architectures</i><br>
+There is an exploitable heap corruption bug in
+<a href="https://man.openbsd.org/OpenBSD-2.8/sudo.8">sudo</a>.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/021_sudo.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="xlock">
-<strong>014: SECURITY FIX: Dec 22, 2000</strong>
-&nbsp; <i>All architectures</i><br>
-Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/014_xlock.patch">
+
+<li id="userldt">
+<strong>022: SECURITY FIX: Mar 2, 2001</strong><br>
+The <b>USER_LDT</b> kernel option allows an attacker to gain access to privileged areas of kernel memory. This option is not on by default.
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/022_userltd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-In addition to a source code patch, new xlock binaries have been created for each architecture listed below. Place these binaries at <i>/usr/X11R6/bin/xlock</i>
- and <i>chmod 4755 /usr/X11R6/bin/xlock</i>.
-<p>
-<ul>
-<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/xlock">Xlock - i386</a>
-<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/xlock">Xlock - sparc</a>
-<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mac68k/xlock">Xlock - mac68k</a>
-<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/xlock">Xlock - powerpc</a>
-<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/amiga/xlock">Xlock - amiga</a>
-<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/hp300/xlock">Xlock - hp300</a>
-<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mvme68k/xlock">Xlock - mvme68k</a>
-</ul>
-<p>
-<li id="procfs">
-<strong>013: SECURITY FIX: Dec 18, 2000</strong>
+
+<li id="ipsec_ah">
+<strong>023: SECURITY FIX: Mar 2, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-<a href="https://man.openbsd.org/OpenBSD-2.8/mount_procfs.8">Procfs</a> contained numerous overflows, which could lead an intruder to root permissions. Procfs is NOT enabled by default in OpenBSD. <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/013_procfs.patch">
+Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun leading to a remote DoS. This option is not on by default.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/023_ip_ah.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="imacdv">
-<strong>012: INSTALL PROBLEM: Dec 14, 2000</strong><br>
-The IMac DV+ (and probably some other machines) incorrectly identify their video
-hardware, but it is possible to work around the problem.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/012_imacdv.patch">
+
+<li id="readline">
+<strong>024: SECURITY FIX: Mar 18, 2001</strong>
+&nbsp; <i>All architectures</i><br>
+The readline library shipped with OpenBSD allows history files creation
+with a permissive
+<a href="https://man.openbsd.org/OpenBSD-2.8/umask.2">umask(2)</a>.
+This can lead to the leakage of sensitive information in applications
+that use passwords and the like during user interaction (one such
+application is mysql).<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="hwcrypto">
-<strong>011: RELIABILITY FIX: Dec 13, 2000</strong>
+
+<li id="glob">
+<strong>025: SECURITY FIX: Apr 10, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-The crypto subsystem could incorrectly fail to run certain software ciphers,
-if a hardware card existed in the machine.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/011_hwcrypto.patch">
+<a href="https://man.openbsd.org/OpenBSD-2.8/glob.3">glob(3)</a> contains multiple buffer overflows. <br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/025_glob.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="fastroute">
-<strong>010: RELIABILITY FIX: Dec 11, 2000</strong>
+
+<li id="glob_limit">
+<strong>026: SECURITY FIX: Apr 23, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-A crash could occur during fast routing, if IPSEC was enabled.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/010_fastroute.patch">
+<a href="https://man.openbsd.org/OpenBSD-2.8/glob.3">ftpd(8)</a> has a potential DoS related to <a href="https://man.openbsd.org/OpenBSD-2.8/glob.3">glob(3)</a>. This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have <a href="#glob">025_glob.patch</a> installed before installing this patch.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/026_globlimit.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="kerberos2">
-<strong>009: SECURITY FIX: Dec 10, 2000</strong>
+
+<li id="ipf_frag">
+<strong>027: SECURITY FIX: Apr 23, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-Another problem exists in the Kerberos libraries.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/009_kerberos2.patch">
+IPF has a serious problem with fragment caching, the bug is triggered if you use the ipf(5) syntax &quot;keep state&quot;.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/027_ipf-frag.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="kerberos">
-<strong>008: SECURITY FIX: Dec 7, 2000</strong>
+
+<li id="sendmail">
+<strong>028: SECURITY FIX: May 29, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-Two problems have recently been discovered in the KerberosIV code.<p>
-1. A symlink problem was discovered in the KerberosIV password checking
-routines /usr/bin/su and /usr/bin/login, which makes it possible for a
-local user to overwrite any file on the local machine.<p>
-2. It is possible to specify environment variables in telnet
-which will be passed over the to the remote host. This makes it
-possible to set environment variables on the remote side, including
-ones that have special meaning on the server. It is not clear at this
-time what the impact is, but we recommend everyone to upgrade their
-machines immediately.<p>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/008_kerberos.patch">
+The signal handlers in <a href="https://man.openbsd.org/OpenBSD-2.8/sendmail.8">sendmail(8)</a> contain code that is unsafe in the
+context of a signal handler.  This leads to potentially serious
+race conditions.  At the moment this is a theoretical attack only
+and can only be exploited on the local host (if at all).<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/028_sendmail.patch">
 A source code patch exists which remedies this problem.</a>
+It updates sendmail to version 8.11.4.
 <p>
-<li id="x_sun3">
-<strong>007: INSTALL PROBLEM: Dec 4, 2000</strong><br>
-The X packages
-<a href="https://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>
-and
-<a href="https://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xfont28.tgz">font28.tgz</a>
-were not on the CD, and only available via FTP install.  These packages can be
-added post-install by using the following command:
-<pre>
-    # cd /; tar xvfpz xshare28.tgz
-    # cd /; tar xvfpz xfont28.tgz
-</pre>
-<p>
-<li id="pcibios">
-<strong>006: STABILITY FIX: Dec 4, 2000</strong><br>
-On some machines, a PCIBIOS device driver interrupt allocation bug can cause a
-kernel hang while probing PCI devices.  If you have this symptom, you can disable
-PCIBIOS as a workaround.  To do this,
-    <ul>
-    <li>Enter the User Kernel Configuration by booting with the
-	option &quot;boot -c&quot;.
-    <li>Once at the <i>UKC></i> prompt, enter
-        <blockquote><pre>
-	UKC> disable pcibios
-	UKC> quit<!--
-	--></pre></blockquote>
-    <li>See <a href="./faq/faq5.html#5.6">this page</a> after a successful
-    boot for instructions on how to re-write your kernel to disable PCIBIOS
-    permanently.
-    </ul>
-<p>
-<li id="ftpd">
-<strong>005: SECURITY FIX: Dec 4, 2000</strong>
+
+<li id="fts">
+<strong>029: SECURITY FIX: May 30, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch">
+Programs using the <a href="https://man.openbsd.org/OpenBSD-2.8/fts.3">fts(3)</a>
+routines (such as rm, find, and most programs that take a <b>-R</b>
+flag) can be tricked into changing into the wrong directory if the
+parent dir is changed out from underneath it.  This is similar to
+the old fts bug but happens when popping out of directories, as
+opposed to descending into them.
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/029_fts.patch">
 A source code patch exists which remedies this problem.</a>
-You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here.
+This is the second version of the patch.
 <p>
-<li id="rijndael">
-<strong>004: RELIABILITY FIX: Nov 17, 2000</strong>
+
+<li id="kernexec">
+<strong>030: SECURITY FIX: June 15, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-First off, AES (Rijndael) encryption and decryption were broken for IPsec
-and swap encryption.<br>
-Secondly, the AES code did not work properly on big endian machines.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch">
+A race condition exists in the kernel <a href="https://man.openbsd.org/OpenBSD-2.8/execve.2">execve(2)</a> implementation that opens a small window of vulnerability for a non-privileged user to <a href="https://man.openbsd.org/OpenBSD-2.8/ptrace.2">ptrace(2)</a> attach to a suid/sgid process.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/030_kernexec.patch">
 A source code patch exists which remedies this problem.</a>
-This is the second revision of the patch.
 <p>
-<li id="qe">
-<strong>003: RELIABILITY FIX: Nov 17, 2000</strong><br>
-Configuring a qec+qe causes a NMI panic.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/003_qe.patch">
+
+<li id="sendmail2">
+<strong>031: SECURITY FIX: August 21, 2001</strong>
+&nbsp; <i>All architectures</i><br>
+A security hole exists in <a href="https://man.openbsd.org/OpenBSD-2.8/sendmail.8">sendmail(8)</a>
+that may allow an attacker on the local host to gain root privileges by
+specifying out-of-bounds debug parameters.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/031_sendmail.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="skey">
-<strong>002: IMPLEMENTATION FIX: Nov 10, 2000</strong>
+
+<li id="lpd">
+<strong>032: SECURITY FIX: August 29, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-In ssh(1), skey support for SSH1 protocol was broken.  Some people might consider
-that kind of important.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patch">
+A security hole exists in <a href="https://man.openbsd.org/OpenBSD-2.8/lpd.8">lpd(8)</a>
+that may allow an attacker with line printer access to gain root
+privileges.  A machine must be running lpd to be vulnerable (OpenBSD
+does not start lpd by default).  Only machines with line printer
+access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
+may be used to mount an attack.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/032_lpd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="zsconsole">
-<strong>001: RELIABILITY FIX: Nov 10, 2000</strong><br>
-When running a sparc with a serial console, certain types of interrupts would
-cause great grief.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/001_zsconsole.patch">
+
+<li id="uucp">
+<strong>033: SECURITY FIX: September 11, 2001</strong>
+&nbsp; <i>All architectures</i><br>
+A security hole exists in <a href="https://man.openbsd.org/OpenBSD-2.8/uuxqt.8">uuxqt(8)</a>
+that may allow an attacker to run arbitrary commands as user uucp and
+use this to gain root access.
+The UUCP execution daemon, uuxqt(8), has a bug in its command line
+parsing routine may allow arbitrary commands to be run.  Because
+some UUCP commands are run as root (and daemon) from cron it is possible
+to leverage compromise of the UUCP user to gain root.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/033_uucp.patch">
 A source code patch exists which remedies this problem.</a>
 <p>