Annotation of www/errata28.html, Revision 1.2
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
4: <title>OpenBSD 2.8 errata</title>
5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1997-1998 by OpenBSD.">
11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
15: <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
16: <h2><font color=#0000e0>
17: This is the OpenBSD 2.8 release errata & patch list:
18:
19: </font></h2>
20:
21: <hr>
22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
23: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
24: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
25: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
26: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
27: <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
28: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
29: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
30: <a href=errata28.html>For 2.8 errata, please refer here</a>.<br>
1.2 ! horacio 31: <a href=errata.html>For 2.9 errata, please refer here</a>.<br>
1.1 deraadt 32: <hr>
33:
34: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8.tar.gz>
35: You can also fetch a tar.gz file containing all the following patches</a>.
36: This file is updated once a day.
37:
38: <p> The patches below are available in CVS via the
39: <code>OPENBSD_2_8</code> <a href="stable.html">patch branch</a>.
40:
41: <p>
42: For more detailed information on install patches to OpenBSD, please
43: consult the <a href="./faq/faq10.html#10.14">OpenBSD FAQ</a>.
44: <hr>
45:
46: <dl>
47: <a name=all></a>
48: <li><h3><font color=#e00000>All architectures</font></h3>
49: <ul>
50: <a name=ipf_frag></a>
51: <li><font color=#009000><strong>027: SECURITY FIX: Apr 23, 2001</strong></font><br>
52: IPF has a serious problem with fragment cacheing, the bug is triggered if you use the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=5">ipf(5)</a> syntax "keep state".<br>
53: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/027_ipf-frag.patch">A source code patch exists which remedies the problem.</a><br>
54: <p>
55: <a name=glob_limit></a>
56: <li><font color=#009000><strong>026: SECURITY FIX: Apr 23, 2001</strong></font><br>
57: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glob&sektion=3">ftpd(8)</a> has a potential DoS related to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glob&sektion=3">glob(3)</a>. This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have <a href="#glob">025_glob.patch</a> installed before installing this patch.<br>
58: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/026_globlimit.patch">A source code patch exists which remedies the problem.</a><br>
59: <p>
60: <a name=glob></a>
61: <li><font color=#009000><strong>025: SECURITY FIX: Apr 10, 2001</strong></font><br>
62: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glob&sektion=3">glob(3)</a> contains multiple buffer overflows. <br>
63: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/025_glob.patch">A source code patch exists which remedies the problem.</a><br>
64: <p>
65: <a name=readline></a>
66: <li><font color=#009000><strong>024: SECURITY FIX: Mar 18, 2001</strong></font><br>
67: The readline library shipped with OpenBSD allows history files creation
68: with a permissive
69: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umask&sektion=2">umask(2)</a>.
70: This can lead to the leakage of sensitive information in applications
71: that use passwords and the like during user interaction (one such
72: application is mysql).<br>
73: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch">A source code patch exists which remedies the problem.</a><br>
74: <p>
75: <a name=ipsec_ah></a>
76: <li><font color=#009000><strong>023: SECURITY FIX: Mar 2, 2001</strong></font><br>
77: Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun leading to a remote DoS. This option is not on by default.<br>
78: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/023_ip_ah.patch">A source code patch exists which remedies the problem.</a><br>
79: <p>
80: <a name=sudo></a>
81: <li><font color=#009000><strong>021: SECURITY FIX: Feb 22, 2001</strong></font><br>
82: There is a non-exploitable buffer overflow in
83: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo</a>.
84: <br>
85: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/021_sudo.patch">A source code patch exists which remedies the problem.</a><br>
86: <p>
87: <a name=libwrap></a>
88: <li><font color=#009000><strong>020: IMPLEMENTATION FIX: Feb 15, 2001</strong></font><br>
89: Client side ident protocol was broken in libwrap, affecting anything using libwrap including <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpd&sektion=8">tcpd</a>. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.<br>
90: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/020_libwrap.patch">A source code patch exists which remedies the problem.</a><br>
91: <p>
92: <a name=lepci></a>
93: <li><font color=#009000><strong>019: IMPLEMENTATION FIX: Jan 31, 2001</strong></font><br>
94: Fix memory allocation in the PCI LANCE driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=le&sektion=4&arch=i386">le</a>. A side effect of this is that OpenBSD under VMWare now works again.<br>
95: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/019_lepci.patch">A source code patch exists which remedies the problem.</a><br>
96: <p>
97: <a name=named></a>
98: <li><font color=#009000><strong>018: SECURITY FIX: Jan 29, 2001</strong></font><br>
99: Merge <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named</a>
100: with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities (actually it appears
101: that these were already impossible to exploit beforehands).<br>
102: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/018_named.patch">A source code patch exists which remedies the problem.</a><br>
103: <p>
104: <a name=rnd></a>
105: <li><font color=#009000><strong>017: SECURITY FIX: Jan 22, 2001</strong></font><br>
106: The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=4">rnd(4)</a> device does not use all of its input when data is written to it.<br>
107: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/017_rnd.patch">A source code patch exists which remedies the problem.</a><br>
108: <p>
109: <a name=tl></a>
110: <li><font color=#009000><strong>016: RELIABILITY FIX: Jan 4, 2001</strong></font><br>
111: Allow ThunderLAN cards to share interrupts nicely.<br>
112: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/016_tl.patch">A source code patch exists which remedies the problem.</a>
113: <p>
114: <a name=xlock></a>
115: <li><font color=#009000><strong>014: SECURITY FIX: Dec 22, 2000</strong></font><br>
116: Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.<br>
117: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/014_xlock.patch">A source code patch exists which remedies the problem.</a>
118: <p>
119: In addition to a source code patch, new xlock binaries have been created for each architecture listed below. Place these binaries at <i>/usr/X11R6/bin/xlock</i>
120: and <i>chmod 4755 /usr/X11R6/bin/xlock</i>.
121: <p>
122: <ul>
123: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/xlock">Xlock - i386</a>
124: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/xlock">Xlock - sparc</a>
125: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mac68k/xlock">Xlock - mac68k</a>
126: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/xlock">Xlock - powerpc</a>
127: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/amiga/xlock">Xlock - amiga</a>
128: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/hp300/xlock">Xlock - hp300</a>
129: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mvme68k/xlock">Xlock - mvme68k</a>
130: </ul>
131: <p>
132: <a name=procfs></a>
133: <li><font color=#009000><strong>013: SECURITY FIX: Dec 18, 2000</strong></font><br>
134: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_procfs&sektion=8">Procfs</a> contained numerous overflows, which could lead an intruder to root permissions. Procfs is NOT enabled by default in OpenBSD. <br>
135: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/013_procfs.patch">A source code patch exists which remedies the problem.</a>
136: <p>
137: <a name=hwcrypto></a>
138: <li><font color=#009000><strong>011: RELIABILITY FIX: Dec 13, 2000</strong></font><br>
139: The crypto subsystem could incorrectly fail to run certain software ciphers,
140: if a hardware card existed in the machine.<br>
141: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/011_hwcrypto.patch">
142: A source code patch exists which remedies the problem.</a>
143: <p>
144: <a name=fastroute></a>
145: <li><font color=#009000><strong>010: RELIABILITY FIX: Dec 11, 2000</strong></font><br>
146: A crash could occur during fast routing, if IPSEC was enabled.<br>
147: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/010_fastroute.patch">
148: A source code patch exists which remedies the problem.</a>
149: <p>
150: <a name=kerberos2></a>
151: <li><font color=#009000><strong>009: SECURITY FIX: Dec 10, 2000</strong></font><br>
152: Another problem exists in the Kerberos libraries.<br>
153: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/009_kerberos2.patch">
154: A source code patch exists which remedies the problem.</a>
155: <p>
156: <a name=kerberos></a>
157: <li><font color=#009000><strong>008: SECURITY FIX: Dec 7, 2000</strong></font><br>
158: Two problems have recently been discovered in the KerberosIV code.<p>
159: 1. A symlink problem was discovered in the KerberosIV password checking
160: routines /usr/bin/su and /usr/bin/login, which makes it possible for a
161: local user to overwrite any file on the local machine.<p>
162: 2. It is possible to specify environment variables in telnet
163: which will be passed over the to the remote host. This makes it
164: possible to set environment variables on the remote side, including
165: ones that have special meaning on the server. It is not clear at this
166: time what the impact is, but we recommend everyone to upgrade their
167: machines immediately.<p>
168: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/008_kerberos.patch">
169: A source code patch exists which remedies the problem.</a>
170: <p>
171: <a name=ftpd></a>
172: <li><font color=#009000><strong>005: SECURITY FIX: Dec 4, 2000</strong></font><br>
173: OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.<br>
174: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch">
175: A source code patch exists which remedies the problem.</a><br>
176: You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here.
177: <p>
178: <a name=rijndael> </a>
179: <li><font color=#009000><strong>004: RELIABILITY FIX: Nov 17, 2000</strong></font><br>
180: First off, AES (rijndael) encryption and decryption were broken for IPSec
181: and swap encryption.<br>
182: Secondly, the AES code did not work properly on big endian machines.<br>
183: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch">
184: A second revision source code patch exists which remedies the problem.</a>
185: <p>
186: <li><font color=#009000><strong>002: IMPLEMENTATION FIX: Nov 10, 2000</strong></font><br>
187: In ssh(1), skey support for SSH1 protocol was broken. Some people might consider
188: that kind of important.<br>
189: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patch>
190: A source code patch exists which remedies this problem.</a>
191: </ul>
192: <p>
193: <a name=i386></a>
194: <li><h3><font color=#e00000>i386</font></h3>
195: <ul>
196: <a name=userldt></a>
197: <li><font color=#009000><strong>022: SECURITY FIX: Mar 2, 2001</strong></font><br>
198: The <b>USER_LDT</b> kernel option allows an attacker to gain access to privileged areas of kernel memory. This option is not on by default.
199: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/022_userltd.patch">A source code patch exists which remedies the problem.</a><br>
200: <p>
201: <a name=pms></a>
202: <li><font color=#009000><strong>015: STABILITY FIX: Dec 22, 2000</strong></font><br>
203: Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.<br>
204: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch">A source code patch exists which remedies this problem.</a>
205: <p>
206: <a name=pcibios></a>
207: <li><font color=#009000><strong>006: STABILITY FIX: Dec 4, 2000</strong></font><br>
208: On some machines, a PCIBIOS device driver interrupt allocation bug can cause a
209: kernel hang while probing PCI devices. If you have this symptom, you can disable
210: PCIBIOS as a workaround. To do this,
211: <ul>
212: <li>Enter the User Kernel Configuration by booting with the
213: option "boot -c".
214: <li>Once at the <i>UKC></i> prompt, enter <pre><tt>
215: UKC> disable pcibios
216: UKC> quit
217: </tt></pre>
218: <li>See <a href="./faq/faq5.html#5.6">FAQ 5.6</a> after a successful
219: boot for instructions on how to re-write your kernel to disable PCIBIOS
220: permanently.
221: </ul>
222: <p>
223: </ul>
224: <p>
225: <a name=mac68k></a>
226: <li><h3><font color=#e00000>mac68k</font></h3>
227: <ul>
228: <a name=x_mac68k></a>
229: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
230: The X packages
231: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xshare28.tgz">share28.tgz</a>
232: and
233: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xfont28.tgz">font28.tgz</a>
234: were not on the CD, and only available via FTP install. These packages can be
235: added post-install by using the following command:
236: <tt><pre>
237: # cd /; tar xvfpz xshare28.tgz
238: # cd /; tar xvfpz xfont28.tgz
239: </pre></tt>
240: </ul>
241: <p>
242: <a name=sparc></a>
243: <li><h3><font color=#e00000>sparc</font></h3>
244: <ul>
245: <a name=x_sparc></a>
246: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
247: The X packages
248: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xshare28.tgz">share28.tgz</a>
249: and
250: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xfont28.tgz">font28.tgz</a>
251: were not on the CD, and only available via FTP install. These packages can be
252: added post-install by using the following command:
253: <tt><pre>
254: # cd /; tar xvfpz xshare28.tgz
255: # cd /; tar xvfpz xfont28.tgz
256: </pre></tt>
257: <p>
258: <a name=qe></a>
259: <li><font color=#009000><strong>003: RELIABILITY FIX: Nov 17, 2000</strong></font><br>
260: Configuring a qec+qe causes a NMI panic.<br>
261: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/003_qe.patch>
262: A source code patch exists which remedies this problem.</a>
263: <p>
264: <a name=zsconsole> </a>
265: <li><font color=#009000><strong>001: RELIABILITY FIX: Nov 10, 2000</strong></font><br>
266: When running a sparc with a serial console, certain types of interrupts would
267: cause great grief.<br>
268: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/001_zsconsole.patch>
269: A source code patch exists which remedies this problem.</a>
270: </ul>
271: <p>
272: <a name=amiga></a>
273: <li><h3><font color=#e00000>amiga</font></h3>
274: <ul>
275: <a name=x_amiga></a>
276: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
277: The X packages
278: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xshare28.tgz">share28.tgz</a>
279: and
280: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xfont28.tgz">font28.tgz</a>
281: were not on the CD, and only available via FTP install. These packages can be
282: added post-install by using the following command:
283: <tt><pre>
284: # cd /; tar xvfpz xshare28.tgz
285: # cd /; tar xvfpz xfont28.tgz
286: </pre></tt>
287: </ul>
288: <p>
289: <a name=pmax></a>
290: <li><h3><font color=#e00000>pmax</font></h3>
291: <ul>
292: <li>No problems identified yet.
293: </ul>
294: <p>
295: <a name=hp300></a>
296: <li><h3><font color=#e00000>hp300</font></h3>
297: <ul>
298: <a name=x_hp300></a>
299: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
300: The X packages
301: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xshare28.tgz">share28.tgz</a>
302: and
303: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xfont28.tgz">font28.tgz</a>
304: were not on the CD, and only available via FTP install. These packages can be
305: added post-install by using the following command:
306: <tt><pre>
307: # cd /; tar xvfpz xshare28.tgz
308: # cd /; tar xvfpz xfont28.tgz
309: </pre></tt>
310: </ul>
311: <p>
312: <a name=mvme68k></a>
313: <li><h3><font color=#e00000>mvme68k</font></h3>
314: <ul>
315: <a name=x_mvme68k></a>
316: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
317: The X packages
318: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xshare28.tgz">share28.tgz</a>
319: and
320: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xfont28.tgz">font28.tgz</a>
321: were not on the CD, and only available via FTP install. These packages can be
322: added post-install by using the following command:
323: <tt><pre>
324: # cd /; tar xvfpz xshare28.tgz
325: # cd /; tar xvfpz xfont28.tgz
326: </pre></tt>
327: </ul>
328: <p>
329: <a name=powerpc></a>
330: <li><h3><font color=#e00000>powerpc</font></h3>
331: <ul>
332: <a name=imacdv></a>
333: <li><font color=#009000><strong>012: INSTALL PROBLEM: Dec 14, 2000</strong></font><br>
334: The IMac DV+ (and probably some other machines) incorrectly identify their video
335: hardware, but it is possible to work around the problem.<br>
336: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/012_imacdv.patch">
337: A source code patch exists which remedies the problem.</a>
338: </ul>
339: <p>
340: <a name=vax></a>
341: <li><h3><font color=#e00000>vax</font></h3>
342: <ul>
343: <li>No problems identified yet.
344: </ul>
345: <p>
346: <a name=sun3></a>
347: <li><h3><font color=#e00000>sun3</font></h3>
348: <ul>
349: <a name=x_sun3></a>
350: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
351: The X packages
352: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>
353: and
354: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xfont28.tgz">font28.tgz</a>
355: were not on the CD, and only available via FTP install. These packages can be
356: added post-install by using the following command:
357: <tt><pre>
358: # cd /; tar xvfpz xshare28.tgz
359: # cd /; tar xvfpz xfont28.tgz
360: </pre></tt>
361: </ul>
362:
363: </dl>
364: <br>
365:
366: <hr>
367: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
368: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
369: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
370: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
371: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
372: <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
373: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
374: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
375: <a href=errata28.html>For 2.8 errata, please refer here</a>.<br>
1.2 ! horacio 376: <a href=errata.html>For 2.9 errata, please refer here</a>.<br>
1.1 deraadt 377: <hr>
378:
379: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
380: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.2 ! horacio 381: <br><small>$OpenBSD: errata28.html,v 1.1 2001/04/24 06:59:16 deraadt Exp $</small>
1.1 deraadt 382:
383: </body>
384: </html>