File: [local] / www / errata28.html (download) (as text)
Revision 1.107, Sun Mar 10 18:46:50 2024 UTC (2 months ago) by tj
Branch: MAIN
CVS Tags: HEAD
Changes since 1.106: +2 -1 lines
add 7.5 errata page
|
<!doctype html>
<html lang=en id=errata>
<meta charset=utf-8>
<title>OpenBSD 2.8 Errata</title>
<meta name="description" content="the OpenBSD CD errata page">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/errata28.html">
<!--
IMPORTANT REMINDER
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE
-->
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
2.8 Errata
</h2>
<hr>
For errata on a certain release, click below:<br>
<a href="errata20.html">2.0</a>,
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata27.html">2.7</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>,
<a href="errata35.html">3.5</a>,
<a href="errata36.html">3.6</a>,
<br>
<a href="errata37.html">3.7</a>,
<a href="errata38.html">3.8</a>,
<a href="errata39.html">3.9</a>,
<a href="errata40.html">4.0</a>,
<a href="errata41.html">4.1</a>,
<a href="errata42.html">4.2</a>,
<a href="errata43.html">4.3</a>,
<a href="errata44.html">4.4</a>,
<a href="errata45.html">4.5</a>,
<a href="errata46.html">4.6</a>,
<a href="errata47.html">4.7</a>,
<a href="errata48.html">4.8</a>,
<a href="errata49.html">4.9</a>,
<a href="errata50.html">5.0</a>,
<a href="errata51.html">5.1</a>,
<a href="errata52.html">5.2</a>,
<br>
<a href="errata53.html">5.3</a>,
<a href="errata54.html">5.4</a>,
<a href="errata55.html">5.5</a>,
<a href="errata56.html">5.6</a>,
<a href="errata57.html">5.7</a>,
<a href="errata58.html">5.8</a>,
<a href="errata59.html">5.9</a>,
<a href="errata60.html">6.0</a>,
<a href="errata61.html">6.1</a>,
<a href="errata62.html">6.2</a>,
<a href="errata63.html">6.3</a>,
<a href="errata64.html">6.4</a>,
<a href="errata65.html">6.5</a>,
<a href="errata66.html">6.6</a>,
<a href="errata67.html">6.7</a>,
<a href="errata68.html">6.8</a>,
<br>
<a href="errata69.html">6.9</a>,
<a href="errata70.html">7.0</a>,
<a href="errata71.html">7.1</a>,
<a href="errata72.html">7.2</a>,
<a href="errata73.html">7.3</a>,
<a href="errata74.html">7.4</a>,
<a href="errata75.html">7.5</a>.
<hr>
<p>
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch contains usage instructions.
All the following patches are also available in one
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8.tar.gz">tar.gz file</a>
for convenience.
<p>
Patches for supported releases are also incorporated into the
<a href="stable.html">-stable branch</a>.
<hr>
<ul>
<li id="zsconsole">
<strong>001: RELIABILITY FIX: Nov 10, 2000</strong><br>
When running a sparc with a serial console, certain types of interrupts would
cause great grief.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/001_zsconsole.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="skey">
<strong>002: IMPLEMENTATION FIX: Nov 10, 2000</strong>
<i>All architectures</i><br>
In ssh(1), skey support for SSH1 protocol was broken. Some people might consider
that kind of important.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="qe">
<strong>003: RELIABILITY FIX: Nov 17, 2000</strong><br>
Configuring a qec+qe causes a NMI panic.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/003_qe.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="rijndael">
<strong>004: RELIABILITY FIX: Nov 17, 2000</strong>
<i>All architectures</i><br>
First off, AES (Rijndael) encryption and decryption were broken for IPsec
and swap encryption.<br>
Secondly, the AES code did not work properly on big endian machines.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch">
A source code patch exists which remedies this problem.</a>
This is the second revision of the patch.
<p>
<li id="ftpd">
<strong>005: SECURITY FIX: Dec 4, 2000</strong>
<i>All architectures</i><br>
OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch">
A source code patch exists which remedies this problem.</a>
You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here.
<p>
<li id="pcibios">
<strong>006: STABILITY FIX: Dec 4, 2000</strong><br>
On some machines, a PCIBIOS device driver interrupt allocation bug can cause a
kernel hang while probing PCI devices. If you have this symptom, you can disable
PCIBIOS as a workaround. To do this,
<ul>
<li>Enter the User Kernel Configuration by booting with the
option "boot -c".
<li>Once at the <i>UKC></i> prompt, enter
<blockquote><pre>
UKC> disable pcibios
UKC> quit<!--
--></pre></blockquote>
<li>See <a href="./faq/faq5.html#5.6">this page</a> after a successful
boot for instructions on how to re-write your kernel to disable PCIBIOS
permanently.
</ul>
<p>
<li id="x_sun3">
<strong>007: INSTALL PROBLEM: Dec 4, 2000</strong><br>
The X packages
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>
and
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xfont28.tgz">font28.tgz</a>
were not on the CD, and only available via FTP install. These packages can be
added post-install by using the following command:
<pre>
# cd /; tar xvfpz xshare28.tgz
# cd /; tar xvfpz xfont28.tgz
</pre>
<p>
<li id="kerberos">
<strong>008: SECURITY FIX: Dec 7, 2000</strong>
<i>All architectures</i><br>
Two problems have recently been discovered in the KerberosIV code.<p>
1. A symlink problem was discovered in the KerberosIV password checking
routines /usr/bin/su and /usr/bin/login, which makes it possible for a
local user to overwrite any file on the local machine.<p>
2. It is possible to specify environment variables in telnet
which will be passed over the to the remote host. This makes it
possible to set environment variables on the remote side, including
ones that have special meaning on the server. It is not clear at this
time what the impact is, but we recommend everyone to upgrade their
machines immediately.<p>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/008_kerberos.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="kerberos2">
<strong>009: SECURITY FIX: Dec 10, 2000</strong>
<i>All architectures</i><br>
Another problem exists in the Kerberos libraries.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/009_kerberos2.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="fastroute">
<strong>010: RELIABILITY FIX: Dec 11, 2000</strong>
<i>All architectures</i><br>
A crash could occur during fast routing, if IPSEC was enabled.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/010_fastroute.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="hwcrypto">
<strong>011: RELIABILITY FIX: Dec 13, 2000</strong>
<i>All architectures</i><br>
The crypto subsystem could incorrectly fail to run certain software ciphers,
if a hardware card existed in the machine.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/011_hwcrypto.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="imacdv">
<strong>012: INSTALL PROBLEM: Dec 14, 2000</strong><br>
The IMac DV+ (and probably some other machines) incorrectly identify their video
hardware, but it is possible to work around the problem.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/012_imacdv.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="procfs">
<strong>013: SECURITY FIX: Dec 18, 2000</strong>
<i>All architectures</i><br>
<a href="https://man.openbsd.org/OpenBSD-2.8/mount_procfs.8">Procfs</a> contained numerous overflows, which could lead an intruder to root permissions. Procfs is NOT enabled by default in OpenBSD. <br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/013_procfs.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="xlock">
<strong>014: SECURITY FIX: Dec 22, 2000</strong>
<i>All architectures</i><br>
Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/014_xlock.patch">
A source code patch exists which remedies this problem.</a>
<p>
In addition to a source code patch, new xlock binaries have been created for each architecture listed below. Place these binaries at <i>/usr/X11R6/bin/xlock</i>
and <i>chmod 4755 /usr/X11R6/bin/xlock</i>.
<p>
<ul>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/xlock">Xlock - i386</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/xlock">Xlock - sparc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mac68k/xlock">Xlock - mac68k</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/xlock">Xlock - powerpc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/amiga/xlock">Xlock - amiga</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/hp300/xlock">Xlock - hp300</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mvme68k/xlock">Xlock - mvme68k</a>
</ul>
<p>
<li id="pms">
<strong>015: STABILITY FIX: Dec 22, 2000</strong><br>
Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="tl">
<strong>016: RELIABILITY FIX: Jan 4, 2001</strong>
<i>All architectures</i><br>
Allow ThunderLAN cards to share interrupts nicely.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/016_tl.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="rnd">
<strong>017: SECURITY FIX: Jan 22, 2001</strong>
<i>All architectures</i><br>
The <a href="https://man.openbsd.org/OpenBSD-2.8/random.4">rnd(4)</a> device does not use all of its input when data is written to it.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/017_rnd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="named">
<strong>018: SECURITY FIX: Jan 29, 2001</strong>
<i>All architectures</i><br>
Merge <a href="https://man.openbsd.org/OpenBSD-2.8/named.8">named</a>
with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities (actually it appears
that these were already impossible to exploit beforehand).<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/018_named.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="lepci">
<strong>019: IMPLEMENTATION FIX: Jan 31, 2001</strong>
<i>All architectures</i><br>
Fix memory allocation in the PCI LANCE driver, <a href="https://man.openbsd.org/OpenBSD-2.8/le.4">le</a>. A side effect of this is that OpenBSD under VMWare now works again.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/019_lepci.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="libwrap">
<strong>020: IMPLEMENTATION FIX: Feb 15, 2001</strong>
<i>All architectures</i><br>
Client side ident protocol was broken in libwrap, affecting anything using libwrap including <a href="https://man.openbsd.org/OpenBSD-2.8/tcpd.8">tcpd</a>. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/020_libwrap.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="sudo">
<strong>021: SECURITY FIX: Feb 22, 2001</strong>
<i>All architectures</i><br>
There is an exploitable heap corruption bug in
<a href="https://man.openbsd.org/OpenBSD-2.8/sudo.8">sudo</a>.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/021_sudo.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="userldt">
<strong>022: SECURITY FIX: Mar 2, 2001</strong><br>
The <b>USER_LDT</b> kernel option allows an attacker to gain access to privileged areas of kernel memory. This option is not on by default.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/022_userltd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="ipsec_ah">
<strong>023: SECURITY FIX: Mar 2, 2001</strong>
<i>All architectures</i><br>
Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun leading to a remote DoS. This option is not on by default.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/023_ip_ah.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="readline">
<strong>024: SECURITY FIX: Mar 18, 2001</strong>
<i>All architectures</i><br>
The readline library shipped with OpenBSD allows history files creation
with a permissive
<a href="https://man.openbsd.org/OpenBSD-2.8/umask.2">umask(2)</a>.
This can lead to the leakage of sensitive information in applications
that use passwords and the like during user interaction (one such
application is mysql).<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="glob">
<strong>025: SECURITY FIX: Apr 10, 2001</strong>
<i>All architectures</i><br>
<a href="https://man.openbsd.org/OpenBSD-2.8/glob.3">glob(3)</a> contains multiple buffer overflows. <br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/025_glob.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="glob_limit">
<strong>026: SECURITY FIX: Apr 23, 2001</strong>
<i>All architectures</i><br>
<a href="https://man.openbsd.org/OpenBSD-2.8/glob.3">ftpd(8)</a> has a potential DoS related to <a href="https://man.openbsd.org/OpenBSD-2.8/glob.3">glob(3)</a>. This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have <a href="#glob">025_glob.patch</a> installed before installing this patch.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/026_globlimit.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="ipf_frag">
<strong>027: SECURITY FIX: Apr 23, 2001</strong>
<i>All architectures</i><br>
IPF has a serious problem with fragment caching, the bug is triggered if you use the ipf(5) syntax "keep state".<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/027_ipf-frag.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="sendmail">
<strong>028: SECURITY FIX: May 29, 2001</strong>
<i>All architectures</i><br>
The signal handlers in <a href="https://man.openbsd.org/OpenBSD-2.8/sendmail.8">sendmail(8)</a> contain code that is unsafe in the
context of a signal handler. This leads to potentially serious
race conditions. At the moment this is a theoretical attack only
and can only be exploited on the local host (if at all).<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/028_sendmail.patch">
A source code patch exists which remedies this problem.</a>
It updates sendmail to version 8.11.4.
<p>
<li id="fts">
<strong>029: SECURITY FIX: May 30, 2001</strong>
<i>All architectures</i><br>
Programs using the <a href="https://man.openbsd.org/OpenBSD-2.8/fts.3">fts(3)</a>
routines (such as rm, find, and most programs that take a <b>-R</b>
flag) can be tricked into changing into the wrong directory if the
parent dir is changed out from underneath it. This is similar to
the old fts bug but happens when popping out of directories, as
opposed to descending into them.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/029_fts.patch">
A source code patch exists which remedies this problem.</a>
This is the second version of the patch.
<p>
<li id="kernexec">
<strong>030: SECURITY FIX: June 15, 2001</strong>
<i>All architectures</i><br>
A race condition exists in the kernel <a href="https://man.openbsd.org/OpenBSD-2.8/execve.2">execve(2)</a> implementation that opens a small window of vulnerability for a non-privileged user to <a href="https://man.openbsd.org/OpenBSD-2.8/ptrace.2">ptrace(2)</a> attach to a suid/sgid process.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/030_kernexec.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="sendmail2">
<strong>031: SECURITY FIX: August 21, 2001</strong>
<i>All architectures</i><br>
A security hole exists in <a href="https://man.openbsd.org/OpenBSD-2.8/sendmail.8">sendmail(8)</a>
that may allow an attacker on the local host to gain root privileges by
specifying out-of-bounds debug parameters.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/031_sendmail.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="lpd">
<strong>032: SECURITY FIX: August 29, 2001</strong>
<i>All architectures</i><br>
A security hole exists in <a href="https://man.openbsd.org/OpenBSD-2.8/lpd.8">lpd(8)</a>
that may allow an attacker with line printer access to gain root
privileges. A machine must be running lpd to be vulnerable (OpenBSD
does not start lpd by default). Only machines with line printer
access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
may be used to mount an attack.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/032_lpd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="uucp">
<strong>033: SECURITY FIX: September 11, 2001</strong>
<i>All architectures</i><br>
A security hole exists in <a href="https://man.openbsd.org/OpenBSD-2.8/uuxqt.8">uuxqt(8)</a>
that may allow an attacker to run arbitrary commands as user uucp and
use this to gain root access.
The UUCP execution daemon, uuxqt(8), has a bug in its command line
parsing routine may allow arbitrary commands to be run. Because
some UUCP commands are run as root (and daemon) from cron it is possible
to leverage compromise of the UUCP user to gain root.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/033_uucp.patch">
A source code patch exists which remedies this problem.</a>
<p>
</ul>
<hr>
![[BACK]](/icons/back.gif){kind=icon}
Return to errata28.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www