| version 1.85, 2016/08/15 02:22:06 |
version 1.86, 2016/10/16 19:11:29 |
|
|
| <br> |
<br> |
| <hr> |
<hr> |
| |
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9.tar.gz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9.tar.gz"> |
| You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
| This file is updated once a day. |
This file is updated once a day. |
| <p> |
<p> |
|
|
| <font color="#009000"><strong>027: SECURITY FIX: June 25, 2002</strong></font> |
<font color="#009000"><strong>027: SECURITY FIX: June 25, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A potential buffer overflow in the DNS resolver has been found.<br> |
A potential buffer overflow in the DNS resolver has been found.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/027_resolver.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/027_resolver.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="fdalloc2"> |
<li id="fdalloc2"> |
|
|
| A race condition exists where an attacker could fill the file descriptor |
A race condition exists where an attacker could fill the file descriptor |
| table and defeat the kernel's protection of fd slots 0, 1, and 2 for a |
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a |
| setuid or setgid process.<br> |
setuid or setgid process.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/026_fdalloc2.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/026_fdalloc2.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="sudo2"> |
<li id="sudo2"> |
| <font color="#009000"><strong>025: SECURITY FIX: April 25, 2002</strong></font> |
<font color="#009000"><strong>025: SECURITY FIX: April 25, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A bug in <a href="http://man.openbsd.org/?query=sudo&sektion=8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.<br> |
A bug in <a href="http://man.openbsd.org/?query=sudo&sektion=8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/025_sudo.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/025_sudo.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="sshafs"> |
<li id="sshafs"> |
|
|
| KerberosTgtPassing or AFSTokenPassing has been enabled |
KerberosTgtPassing or AFSTokenPassing has been enabled |
| in the sshd_config file. Ticket and token passing is not enabled |
in the sshd_config file. Ticket and token passing is not enabled |
| by default.<br> |
by default.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/024_sshafs.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/024_sshafs.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="mail"> |
<li id="mail"> |
|
|
| will process tilde escapes even in non-interactive mode. |
will process tilde escapes even in non-interactive mode. |
| This can lead to a local root compromise. |
This can lead to a local root compromise. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/023_mail.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/023_mail.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="zlib"> |
<li id="zlib"> |
|
|
| function detects this. |
function detects this. |
| There is also a kernel zlib component that may be used by pppd and IPsec. |
There is also a kernel zlib component that may be used by pppd and IPsec. |
| The feasibility of attacking the kernel this way is currently unknown.<br> |
The feasibility of attacking the kernel this way is currently unknown.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/022_zlib.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/022_zlib.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="openssh"> |
<li id="openssh"> |
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A local user can gain super-user privileges due to an off-by-one check |
A local user can gain super-user privileges due to an off-by-one check |
| in the channel forwarding code of OpenSSH.<br> |
in the channel forwarding code of OpenSSH.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/021_openssh.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/021_openssh.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="ptrace"> |
<li id="ptrace"> |
|
|
| A race condition between the ptrace(2) and execve(2) system calls allows |
A race condition between the ptrace(2) and execve(2) system calls allows |
| an attacker to modify the memory contents of suid/sgid processes which |
an attacker to modify the memory contents of suid/sgid processes which |
| could lead to compromise of the super-user account.<br> |
could lead to compromise of the super-user account.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/020_ptrace.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/020_ptrace.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="sudo"> |
<li id="sudo"> |
|
|
| ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes |
ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes |
| the mailer an environment that is not subject to influence from the |
the mailer an environment that is not subject to influence from the |
| invoking user.<br> |
invoking user.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/019_sudo.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/019_sudo.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="missing"> |
<li id="missing"> |
|
|
| missing files can be added manually from the sparc tarballs after the |
missing files can be added manually from the sparc tarballs after the |
| installation:<br> |
installation:<br> |
| Grab the |
Grab the |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/2.9/sparc/xbase29.tgz">xbase29.tgz</a> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.9/sparc/xbase29.tgz">xbase29.tgz</a> |
| and |
and |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/2.9/sparc/xshare29.tgz">xshare29.tgz</a> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.9/sparc/xshare29.tgz">xshare29.tgz</a> |
| files found in the 2.9/sparc directory on the CD, or any FTP site. The missing |
files found in the 2.9/sparc directory on the CD, or any FTP site. The missing |
| files can be installed by using the following commands: |
files can be installed by using the following commands: |
| <pre> |
<pre> |
|
|
| /etc/hosts.equiv) may be used to mount an attack and the attacker |
/etc/hosts.equiv) may be used to mount an attack and the attacker |
| must have root access on the machine. OpenBSD does not start lpd |
must have root access on the machine. OpenBSD does not start lpd |
| in the default installation. |
in the default installation. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/017_lpd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/017_lpd.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="vi.recover"> |
<li id="vi.recover"> |
|
|
| A security issue exists in the vi.recover script that may allow an attacker |
A security issue exists in the vi.recover script that may allow an attacker |
| to remove arbitrary zero-length files, regardless of ownership. |
to remove arbitrary zero-length files, regardless of ownership. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="uucp"> |
<li id="uucp"> |
|
|
| some UUCP commands are run as root (and daemon) from cron it is possible |
some UUCP commands are run as root (and daemon) from cron it is possible |
| to leverage compromise of the UUCP user to gain root. |
to leverage compromise of the UUCP user to gain root. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/015_uucp.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/015_uucp.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="lpd"> |
<li id="lpd"> |
|
|
| access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv) |
access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv) |
| may be used to mount an attack. |
may be used to mount an attack. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/014_lpd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/014_lpd.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="sendmail2"> |
<li id="sendmail2"> |
|
|
| that may allow an attacker on the local host to gain root privileges by |
that may allow an attacker on the local host to gain root privileges by |
| specifying out-of-bounds debug parameters. |
specifying out-of-bounds debug parameters. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/013_sendmail.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/013_sendmail.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="nfs"> |
<li id="nfs"> |
|
|
| privileges can initiate this attack. In default installs, only super-user has |
privileges can initiate this attack. In default installs, only super-user has |
| mount privileges. The kern.usermount <a href="http://man.openbsd.org/?query=sysctl&sektion=3">sysctl(3)</a> controls whether other users have mount privileges. |
mount privileges. The kern.usermount <a href="http://man.openbsd.org/?query=sysctl&sektion=3">sysctl(3)</a> controls whether other users have mount privileges. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/012_nfs.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/012_nfs.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="pkg"> |
<li id="pkg"> |
|
|
| <a href="http://man.openbsd.org/?query=packages-specs&sektion=7&format=html">packages-specs(7)</a> |
<a href="http://man.openbsd.org/?query=packages-specs&sektion=7&format=html">packages-specs(7)</a> |
| for details). |
for details). |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/011_pkg.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/011_pkg.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| by forcing <code>/usr/sbin/pkg</code> to be more careful in checking |
by forcing <code>/usr/sbin/pkg</code> to be more careful in checking |
| version numbers. |
version numbers. |
|
|
| <font color="#009000"><strong>010: RELIABILITY FIX: Jul 9, 2001</strong></font><br> |
<font color="#009000"><strong>010: RELIABILITY FIX: Jul 9, 2001</strong></font><br> |
| The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text |
The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text |
| mode palette upon exit of the X server. <a |
mode palette upon exit of the X server. <a |
| href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/010_nvidia.patch"> |
href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/010_nvidia.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| To avoid rebuilding the whole XFree86 tree, an updated binary driver |
To avoid rebuilding the whole XFree86 tree, an updated binary driver |
| is also available |
is also available |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/nv_drv.o">here</a>. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/nv_drv.o">here</a>. |
| Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and |
Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and |
| restart your X server. |
restart your X server. |
| <p> |
<p> |
|
|
| <font color="#009000"><strong>009: RELIABILITY FIX: Jun 23, 2001</strong></font><br> |
<font color="#009000"><strong>009: RELIABILITY FIX: Jun 23, 2001</strong></font><br> |
| The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing |
The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing |
| corrupted /etc/XF86Config files. |
corrupted /etc/XF86Config files. |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/009_XF86Setup.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/009_XF86Setup.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| It does so by linking XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a. |
It does so by linking XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a. |
| <p> |
<p> |
|
|
| and |
and |
| <a href="http://man.openbsd.org/?query=dump&sektion=8&format=html">dump(8)</a>. |
<a href="http://man.openbsd.org/?query=dump&sektion=8&format=html">dump(8)</a>. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/008_twe.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/008_twe.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| This is the second version of the patch. |
This is the second version of the patch. |
| <p> |
<p> |
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A race condition exists in the kernel <a href="http://man.openbsd.org/?query=execve&sektion=2&format=html">execve(2)</a> implementation that opens a small window of vulnerability for a non-privileged user to <a href="http://man.openbsd.org/?query=ptrace&sektion=2&format=html">ptrace(2)</a> attach to a suid/sgid process. |
A race condition exists in the kernel <a href="http://man.openbsd.org/?query=execve&sektion=2&format=html">execve(2)</a> implementation that opens a small window of vulnerability for a non-privileged user to <a href="http://man.openbsd.org/?query=ptrace&sektion=2&format=html">ptrace(2)</a> attach to a suid/sgid process. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="sshcookie"> |
<li id="sshcookie"> |
|
|
| allows users to delete arbitrary files named "cookies" if X11 |
allows users to delete arbitrary files named "cookies" if X11 |
| forwarding is enabled. X11 forwarding is disabled by default. |
forwarding is enabled. X11 forwarding is disabled by default. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="pwd_mkdb"> |
<li id="pwd_mkdb"> |
|
|
| <a href="http://man.openbsd.org/?query=pwd_mkdb&sektion=8&format=html">pwd_mkdb(8)</a> |
<a href="http://man.openbsd.org/?query=pwd_mkdb&sektion=8&format=html">pwd_mkdb(8)</a> |
| corrupts /etc/pwd.db when modifying an existing user. |
corrupts /etc/pwd.db when modifying an existing user. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/005_pwd_mkdb.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/005_pwd_mkdb.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="isakmpd"> |
<li id="isakmpd"> |
|
|
| will fail to use a certificate with an identity string that is |
will fail to use a certificate with an identity string that is |
| exactly N * 8 bytes long. |
exactly N * 8 bytes long. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/004_isakmpd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/004_isakmpd.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="cd_cover"> |
<li id="cd_cover"> |
|
|
| the old fts bug but happens when popping out of directories, as |
the old fts bug but happens when popping out of directories, as |
| opposed to descending into them. |
opposed to descending into them. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/002_fts.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/002_fts.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| This is the second version of the patch. |
This is the second version of the patch. |
| <p> |
<p> |
|
|
| context of a signal handler. This leads to potentially serious |
context of a signal handler. This leads to potentially serious |
| race conditions. At the moment this is a theoretical attack only |
race conditions. At the moment this is a theoretical attack only |
| and can only be exploited on the local host (if at all).<br> |
and can only be exploited on the local host (if at all).<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/001_sendmail.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/001_sendmail.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to errata29.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www