| version 1.30, 2003/02/16 11:35:43 |
version 1.31, 2003/03/06 21:44:07 |
|
|
| <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN"> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
| <html> |
<html> |
| <head> |
<head> |
| <title>OpenBSD 2.9 errata</title> |
<title>OpenBSD 2.9 errata</title> |
| <link rev=made href=mailto:www@openbsd.org> |
<link rev=made href="mailto:www@openbsd.org"> |
| <meta name="resource-type" content="document"> |
<meta name="resource-type" content="document"> |
| <meta name="description" content="the OpenBSD CD errata page"> |
<meta name="description" content="the OpenBSD CD errata page"> |
| <meta name="keywords" content="openbsd,cd,errata"> |
<meta name="keywords" content="openbsd,cd,errata"> |
|
|
| <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E"> |
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E"> |
| |
|
| <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a> |
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a> |
| <h2><font color=#0000e0> |
<h2><font color="#0000e0"> |
| This is the OpenBSD 2.9 release errata & patch list: |
This is the OpenBSD 2.9 release errata & patch list: |
| |
|
| </font></h2> |
</font></h2> |
|
|
| <br> |
<br> |
| <hr> |
<hr> |
| |
|
| <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9.tar.gz> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9.tar.gz"> |
| You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
| This file is updated once a day. |
This file is updated once a day. |
| |
|
|
|
| |
|
| <dl> |
<dl> |
| <a name=all></a> |
<a name=all></a> |
| <li><h3><font color=#e00000>All architectures</font></h3> |
<li><h3><font color="#e00000">All architectures</font></h3> |
| <ul> |
<ul> |
| <a name=resolver></a> |
<a name=resolver></a> |
| <li><font color=#009000><strong>027: SECURITY FIX: June 25, 2002</strong></font><br> |
<li><font color="#009000"><strong>027: SECURITY FIX: June 25, 2002</strong></font><br> |
| A potential buffer overflow in the DNS resolver has been found.<br> |
A potential buffer overflow in the DNS resolver has been found.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/027_resolver.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/027_resolver.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=fdalloc2></a> |
<a name=fdalloc2></a> |
| <li><font color=#009000><strong>026: SECURITY FIX: May 8, 2002</strong></font><br> |
<li><font color="#009000"><strong>026: SECURITY FIX: May 8, 2002</strong></font><br> |
| A race condition exists where an attacker could fill the file descriptor |
A race condition exists where an attacker could fill the file descriptor |
| table and defeat the kernel's protection of fd slots 0, 1, and 2 for a |
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a |
| setuid or setgid process.<br> |
setuid or setgid process.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/026_fdalloc2.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/026_fdalloc2.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=sudo2></a> |
<a name=sudo2></a> |
| <li><font color=#009000><strong>025: SECURITY FIX: April 25, 2002</strong></font><br> |
<li><font color="#009000"><strong>025: SECURITY FIX: April 25, 2002</strong></font><br> |
| A bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.<br> |
A bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/025_sudo.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/025_sudo.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=sshafs></a> |
<a name=sshafs></a> |
| <li><font color=#009000><strong>024: SECURITY FIX: April 22, 2002</strong></font><br> |
<li><font color="#009000"><strong>024: SECURITY FIX: April 22, 2002</strong></font><br> |
| A local user can gain super-user privileges due to a buffer overflow |
A local user can gain super-user privileges due to a buffer overflow |
| in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> |
in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> |
| if AFS has been configured on the system or if |
if AFS has been configured on the system or if |
| KerberosTgtPassing or AFSTokenPassing has been enabled |
KerberosTgtPassing or AFSTokenPassing has been enabled |
| in the sshd_config file. Ticket and token passing is not enabled |
in the sshd_config file. Ticket and token passing is not enabled |
|
|
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/024_sshafs.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/024_sshafs.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=mail></a> |
<a name=mail></a> |
| <li><font color=#009000><strong>023: SECURITY FIX: April 11, 2002</strong></font><br> |
<li><font color="#009000"><strong>023: SECURITY FIX: April 11, 2002</strong></font><br> |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mail&sektion=1">mail(1)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mail&sektion=1">mail(1)</a> |
| will process tilde escapes even in non-interactive mode. |
will process tilde escapes even in non-interactive mode. |
| This can lead to a local root compromise. |
This can lead to a local root compromise. |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/023_mail.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/023_mail.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=zlib></a> |
<a name=zlib></a> |
| <li><font color=#009000><strong>022: RELIABILITY FIX: March 13, 2002</strong></font><br> |
<li><font color="#009000"><strong>022: RELIABILITY FIX: March 13, 2002</strong></font><br> |
| Under some circumstances the zlib compression library can free dynamically |
Under some circumstances the zlib compression library can free dynamically |
| allocated memory twice. This is not a security issue on OpenBSD since the BSD |
allocated memory twice. This is not a security issue on OpenBSD since the BSD |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=free&sektion=3">free(3)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=free&sektion=3">free(3)</a> |
| function detects this. |
function detects this. |
| There is also a kernel zlib component that may be used by pppd and IPsec. |
There is also a kernel zlib component that may be used by pppd and IPsec. |
| The feasibility of attacking the kernel this way is currently unknown.<br> |
The feasibility of attacking the kernel this way is currently unknown.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/022_zlib.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/022_zlib.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=openssh></a> |
<a name=openssh></a> |
| <li><font color=#009000><strong>021: SECURITY FIX: March 8, 2002</strong></font> |
<li><font color="#009000"><strong>021: SECURITY FIX: March 8, 2002</strong></font> |
| <br> |
<br> |
| A local user can gain super-user privileges due to an off-by-one check |
A local user can gain super-user privileges due to an off-by-one check |
| in the channel forwarding code of OpenSSH.<br> |
in the channel forwarding code of OpenSSH.<br> |
|
|
| >A source code patch exists which remedies the problem</a>. |
>A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=ptrace></a> |
<a name=ptrace></a> |
| <li><font color=#009000><strong>020: SECURITY FIX: February 20, 2002</strong></font><br> |
<li><font color="#009000"><strong>020: SECURITY FIX: February 20, 2002</strong></font><br> |
| A race condition between the ptrace(2) and execve(2) system calls allows |
A race condition between the ptrace(2) and execve(2) system calls allows |
| an attacker to modify the memory contents of suid/sgid processes which |
an attacker to modify the memory contents of suid/sgid processes which |
| could lead to compromise of the super-user account.<br> |
could lead to compromise of the super-user account.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/020_ptrace.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/020_ptrace.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=sudo> |
<a name=sudo> |
| <li><font color=#009000><strong>019: SECURITY FIX: January 17, 2002</strong></font><br> |
<li><font color="#009000"><strong>019: SECURITY FIX: January 17, 2002</strong></font><br> |
| If the Postfix sendmail replacement is installed on a system an |
If the Postfix sendmail replacement is installed on a system an |
| attacker may be able to gain root privileges on the local host via |
attacker may be able to gain root privileges on the local host via |
| sudo(8) which runs the mailer as root with an environment inherited |
sudo(8) which runs the mailer as root with an environment inherited |
|
|
| source code patch exists which remedies the problem</a>. |
source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=lpd2> |
<a name=lpd2> |
| <li><font color=#009000><strong>017: SECURITY FIX: November 28, 2001</strong></font><br> |
<li><font color="#009000"><strong>017: SECURITY FIX: November 28, 2001</strong></font><br> |
| A security issue exists in the lpd daemon that may allow an attacker |
A security issue exists in the lpd daemon that may allow an attacker |
| to create arbitrary new files in the root directory. Only machines |
to create arbitrary new files in the root directory. Only machines |
| with line printer access (ie: listed in either /etc/hosts.lpd or |
with line printer access (ie: listed in either /etc/hosts.lpd or |
|
|
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/017_lpd.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/017_lpd.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=vi.recover> |
<a name=vi.recover> |
| <li><font color=#009000><strong>016: SECURITY FIX: November 13, 2001</strong></font><br> |
<li><font color="#009000"><strong>016: SECURITY FIX: November 13, 2001</strong></font><br> |
| A security issue exists in the vi.recover script that may allow an attacker |
A security issue exists in the vi.recover script that may allow an attacker |
| to remove arbitrary zero-length files, regardless of ownership. |
to remove arbitrary zero-length files, regardless of ownership. |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=uucp> |
<a name=uucp> |
| <li><font color=#009000><strong>015: SECURITY FIX: September 11, 2001</strong></font><br> |
<li><font color="#009000"><strong>015: SECURITY FIX: September 11, 2001</strong></font><br> |
| A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uuxqt&sektion=8">uuxqt(8)</a> |
A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uuxqt&sektion=8">uuxqt(8)</a> |
| that may allow an attacker to run arbitrary commands as user uucp and |
that may allow an attacker to run arbitrary commands as user uucp and |
| use this to gain root access. |
use this to gain root access. |
| The UUCP execution daemon, uuxqt(8), has a bug in its command line |
The UUCP execution daemon, uuxqt(8), has a bug in its command line |
|
|
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/015_uucp.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/015_uucp.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=lpd> |
<a name=lpd> |
| <li><font color=#009000><strong>014: SECURITY FIX: August 29, 2001</strong></font><br> |
<li><font color="#009000"><strong>014: SECURITY FIX: August 29, 2001</strong></font><br> |
| A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a> |
A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a> |
| that may allow an attacker with line printer access to gain root |
that may allow an attacker with line printer access to gain root |
| privileges. A machine must be running lpd to be vulnerable (OpenBSD |
privileges. A machine must be running lpd to be vulnerable (OpenBSD |
| does not start lpd by default). Only machines with line printer |
does not start lpd by default). Only machines with line printer |
|
|
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/014_lpd.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/014_lpd.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=sendmail2> |
<a name=sendmail2> |
| <li><font color=#009000><strong>013: SECURITY FIX: August 21, 2001</strong></font><br> |
<li><font color="#009000"><strong>013: SECURITY FIX: August 21, 2001</strong></font><br> |
| A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
| that may allow an attacker on the local host to gain root privileges by |
that may allow an attacker on the local host to gain root privileges by |
| specifying out-of-bounds debug parameters. |
specifying out-of-bounds debug parameters. |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/013_sendmail.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/013_sendmail.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=nfs> |
<a name=nfs> |
| <li><font color=#009000><strong>012: SECURITY FIX: July 30, 2001</strong></font><br> |
<li><font color="#009000"><strong>012: SECURITY FIX: July 30, 2001</strong></font><br> |
| A kernel buffer overflow exists in the NFS mount code. An attacker may |
A kernel buffer overflow exists in the NFS mount code. An attacker may |
| use this overflow to execute arbitrary code in kernel mode. However, |
use this overflow to execute arbitrary code in kernel mode. However, |
| only users with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount&sektion=2">mount(2)</a> |
only users with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount&sektion=2">mount(2)</a> |
| privileges can initiate this attack. In default installs, only super-user has |
privileges can initiate this attack. In default installs, only super-user has |
| mount privileges. The kern.usermount <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> controls whether other users have mount privileges. |
mount privileges. The kern.usermount <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> controls whether other users have mount privileges. |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/012_nfs.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/012_nfs.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=pkg></a> |
<a name=pkg></a> |
| <li><font color=#009000><strong>011: RELIABILITY FIX: July 15, 2001</strong></font> |
<li><font color="#009000"><strong>011: RELIABILITY FIX: July 15, 2001</strong></font> |
| <br> |
<br> |
| The |
The |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=packages&sektion=7&format=html">packages(7)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=packages&sektion=7&format=html">packages(7)</a> |
| subsystem incorrectly accepts some package dependencies as okay (see |
subsystem incorrectly accepts some package dependencies as okay (see |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=packages-specs&sektion=7&format=html">packages-specs(7)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=packages-specs&sektion=7&format=html">packages-specs(7)</a> |
| for details). |
for details). |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/011_pkg.patch">A source code patch exists which remedies the problem</a>, |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/011_pkg.patch">A source code patch exists which remedies the problem</a>, |
|
|
| version numbers. |
version numbers. |
| <p> |
<p> |
| <a name=twe></a> |
<a name=twe></a> |
| <li><font color=#009000><strong>008: RELIABILITY FIX: June 15, 2001</strong></font> |
<li><font color="#009000"><strong>008: RELIABILITY FIX: June 15, 2001</strong></font> |
| <br> |
<br> |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=twe&sektion=4&format=html">twe(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=twe&sektion=4&format=html">twe(4)</a> |
| mishandles the DMA mapping resulting in a kernel panic on unaligned data |
mishandles the DMA mapping resulting in a kernel panic on unaligned data |
| transfers, induced by programs such as |
transfers, induced by programs such as |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8&format=html">disklabel(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8&format=html">disklabel(8)</a> |
| and |
and |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dump&sektion=8&format=html">dump(8)</a>. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dump&sektion=8&format=html">dump(8)</a>. |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/008_twe.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/008_twe.patch">A source code patch exists which remedies the problem</a>. |
| This is the second version of the patch. |
This is the second version of the patch. |
| <p> |
<p> |
| <a name=kernexec></a> |
<a name=kernexec></a> |
| <li><font color=#009000><strong>007: SECURITY FIX: June 15, 2001</strong></font><br> |
<li><font color="#009000"><strong>007: SECURITY FIX: June 15, 2001</strong></font><br> |
| A race condition exists in the kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execve&sektion=2&format=html">execve(2)</a> implementation that opens a small window of vulnerability for a non-privileged user to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ptrace&sektion=2&format=html">ptrace(2)</a> attach to a suid/sgid process. |
A race condition exists in the kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execve&sektion=2&format=html">execve(2)</a> implementation that opens a small window of vulnerability for a non-privileged user to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ptrace&sektion=2&format=html">ptrace(2)</a> attach to a suid/sgid process. |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=sshcookie></a> |
<a name=sshcookie></a> |
| <li><font color=#009000><strong>006: SECURITY FIX: June 12, 2001</strong></font><br> |
<li><font color="#009000"><strong>006: SECURITY FIX: June 12, 2001</strong></font><br> |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8&format=html">sshd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8&format=html">sshd(8)</a> |
| allows users to delete arbitrary files named "cookies" if X11 |
allows users to delete arbitrary files named "cookies" if X11 |
| forwarding is enabled. X11 forwarding is disabled by default. |
forwarding is enabled. X11 forwarding is disabled by default. |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=pwd_mkdb></a> |
<a name=pwd_mkdb></a> |
| <li><font color=#009000><strong>005: RELIABILITY FIX: June 7, 2001</strong></font><br> |
<li><font color="#009000"><strong>005: RELIABILITY FIX: June 7, 2001</strong></font><br> |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pwd_mkdb&sektion=8&format=html">pwd_mkdb(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pwd_mkdb&sektion=8&format=html">pwd_mkdb(8)</a> |
| corrupts /etc/pwd.db when modifying an existing user. |
corrupts /etc/pwd.db when modifying an existing user. |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/005_pwd_mkdb.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/005_pwd_mkdb.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=isakmpd></a> |
<a name=isakmpd></a> |
| <li><font color=#009000><strong>004: RELIABILITY FIX: June 5, 2001</strong></font><br> |
<li><font color="#009000"><strong>004: RELIABILITY FIX: June 5, 2001</strong></font><br> |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8&format=html">isakmpd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8&format=html">isakmpd(8)</a> |
| will fail to use a certificate with an identity string that is |
will fail to use a certificate with an identity string that is |
| exactly N * 8 bytes long. |
exactly N * 8 bytes long. |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/004_isakmpd.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/004_isakmpd.patch">A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <li><font color=#009000><strong>003: DOCUMENTATION FIX: June 1, 2001</strong></font><br> |
<li><font color="#009000"><strong>003: DOCUMENTATION FIX: June 1, 2001</strong></font><br> |
| The 2.9 CD cover states that XFree86 3.3.6-current is included. This is only half-true. |
The 2.9 CD cover states that XFree86 3.3.6-current is included. This is only half-true. |
| In fact, the XFree86 included for all architectures is 4.0.3. On the i386, the |
In fact, the XFree86 included for all architectures is 4.0.3. On the i386, the |
| 3.3.6 Xservers have also been included, because 4.0.3 still has weak support for |
3.3.6 Xservers have also been included, because 4.0.3 still has weak support for |
| some devices which 3.3.6 supported better. |
some devices which 3.3.6 supported better. |
| <p> |
<p> |
| <a name=fts></a> |
<a name=fts></a> |
| <li><font color=#009000><strong>002: SECURITY FIX: May 30, 2001</strong></font><br> |
<li><font color="#009000"><strong>002: SECURITY FIX: May 30, 2001</strong></font><br> |
| Programs using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fts&sektion=3&format=html">fts(3)</a> |
Programs using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fts&sektion=3&format=html">fts(3)</a> |
| routines (such as rm, find, and most programs that take a <b>-R</b> |
routines (such as rm, find, and most programs that take a <b>-R</b> |
| flag) can be tricked into changing into the wrong directory if the |
flag) can be tricked into changing into the wrong directory if the |
| parent dir is changed out from underneath it. This is similar to |
parent dir is changed out from underneath it. This is similar to |
|
|
| This is the second version of the patch. |
This is the second version of the patch. |
| <p> |
<p> |
| <a name=sendmail></a> |
<a name=sendmail></a> |
| <li><font color=#009000><strong>001: SECURITY FIX: May 29, 2001</strong></font><br> |
<li><font color="#009000"><strong>001: SECURITY FIX: May 29, 2001</strong></font><br> |
| The signal handlers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8&format=html">sendmail(8)</a> contain code that is unsafe in the |
The signal handlers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8&format=html">sendmail(8)</a> contain code that is unsafe in the |
| context of a signal handler. This leads to potentially serious |
context of a signal handler. This leads to potentially serious |
| race conditions. At the moment this is a theoretical attack only |
race conditions. At the moment this is a theoretical attack only |
| and can only be exploited on the local host (if at all).<br> |
and can only be exploited on the local host (if at all).<br> |
|
|
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=i386></a> |
<a name=i386></a> |
| <li><h3><font color=#e00000>i386</font></h3> |
<li><h3><font color="#e00000">i386</font></h3> |
| <ul> |
<ul> |
| <a name=nvidia></a> |
<a name=nvidia></a> |
| <li><font color=#009000><strong>010: RELIABILITY FIX: Jul 9, |
<li><font color="#009000"><strong>010: RELIABILITY FIX: Jul 9, |
| 2001</strong></font></br> |
2001</strong></font></br> |
| The nVidia driver for XFree86 4.0.3 is incorrectly restoring the text |
The nVidia driver for XFree86 4.0.3 is incorrectly restoring the text |
| mode palette upon exit of the X server. <a |
mode palette upon exit of the X server. <a |
|
|
| restart your X server. |
restart your X server. |
| <p> |
<p> |
| <a name=XF86Setup></a> |
<a name=XF86Setup></a> |
| <li><font color=#009000><strong>009: RELIABILITY FIX: Jun 23, |
<li><font color="#009000"><strong>009: RELIABILITY FIX: Jun 23, |
| 2001</strong></font><br> |
2001</strong></font><br> |
| The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing |
The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing |
| corrupted /etc/XF86Config files. |
corrupted /etc/XF86Config files. |
|
|
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=alpha></a> |
<a name=alpha></a> |
| <li><h3><font color=#e00000>alpha</font></h3> |
<li><h3><font color="#e00000">alpha</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=mac68k></a> |
<a name=mac68k></a> |
| <li><h3><font color=#e00000>mac68k</font></h3> |
<li><h3><font color="#e00000">mac68k</font></h3> |
| <ul> |
<ul> |
| <li><font color=#00900><strong>019: INSTALL PROBLEM: Dec 11, 2001</strong></font><br> |
<li><font color="#00900>"<strong>019: INSTALL PROBLEM: Dec 11, 2001</strong></font><br> |
| The X binary sets shipped with OpenBSD 2.9 do not contain several files. These |
The X binary sets shipped with OpenBSD 2.9 do not contain several files. These |
| missing files can be added manually from the sparc tarballs after the |
missing files can be added manually from the sparc tarballs after the |
| installation:<br> |
installation:<br> |
|
|
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=sparc></a> |
<a name=sparc></a> |
| <li><h3><font color=#e00000>sparc</font></h3> |
<li><h3><font color="#e00000">sparc</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=amiga></a> |
<a name=amiga></a> |
| <li><h3><font color=#e00000>amiga</font></h3> |
<li><h3><font color="#e00000">amiga</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=pmax></a> |
<a name=pmax></a> |
| <li><h3><font color=#e00000>pmax</font></h3> |
<li><h3><font color="#e00000">pmax</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=hp300></a> |
<a name=hp300></a> |
| <li><h3><font color=#e00000>hp300</font></h3> |
<li><h3><font color="#e00000">hp300</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=mvme68k></a> |
<a name=mvme68k></a> |
| <li><h3><font color=#e00000>mvme68k</font></h3> |
<li><h3><font color="#e00000">mvme68k</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=powerpc></a> |
<a name=powerpc></a> |
| <li><h3><font color=#e00000>powerpc</font></h3> |
<li><h3><font color="#e00000">powerpc</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=vax></a> |
<a name=vax></a> |
| <li><h3><font color=#e00000>vax</font></h3> |
<li><h3><font color="#e00000">vax</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=sun3></a> |
<a name=sun3></a> |
| <li><h3><font color=#e00000>sun3</font></h3> |
<li><h3><font color="#e00000">sun3</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
|
|
| |
|
| <hr> |
<hr> |
| <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> |
<a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> |
| <a href=mailto:www@openbsd.org>www@openbsd.org</a> |
<a href="mailto:www@openbsd.org">www@openbsd.org</a> |
| <br><small>$OpenBSD$</small> |
<br><small>$OpenBSD$</small> |
| |
|
| </body> |
</body> |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata29.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www