=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata29.html,v retrieving revision 1.54 retrieving revision 1.55 diff -c -r1.54 -r1.55 *** www/errata29.html 2010/03/08 21:53:37 1.54 --- www/errata29.html 2010/07/08 19:00:07 1.55 *************** *** 53,59 ****
! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. --- 53,59 ----
! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. *************** *** 71,89 ****
  • 027: SECURITY FIX: June 25, 2002
    A potential buffer overflow in the DNS resolver has been found.
    ! A source code patch exists which remedies the problem.

  • 026: SECURITY FIX: May 8, 2002
    A race condition exists where an attacker could fill the file descriptor table and defeat the kernel's protection of fd slots 0, 1, and 2 for a setuid or setgid process.
    ! A source code patch exists which remedies the problem.

  • 025: SECURITY FIX: April 25, 2002
    A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
    ! A source code patch exists which remedies the problem.

  • 024: SECURITY FIX: April 22, 2002
    --- 71,89 ----
  • 027: SECURITY FIX: June 25, 2002
    A potential buffer overflow in the DNS resolver has been found.
    ! A source code patch exists which remedies the problem.

  • 026: SECURITY FIX: May 8, 2002
    A race condition exists where an attacker could fill the file descriptor table and defeat the kernel's protection of fd slots 0, 1, and 2 for a setuid or setgid process.
    ! A source code patch exists which remedies the problem.

  • 025: SECURITY FIX: April 25, 2002
    A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
    ! A source code patch exists which remedies the problem.

  • 024: SECURITY FIX: April 22, 2002
    *************** *** 93,99 **** KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default.
    ! A source code patch exists which remedies the problem.

  • 023: SECURITY FIX: April 11, 2002
    --- 93,99 ---- KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default.
    ! A source code patch exists which remedies the problem.

  • 023: SECURITY FIX: April 11, 2002
    *************** *** 101,107 **** will process tilde escapes even in non-interactive mode. This can lead to a local root compromise.
    ! A source code patch exists which remedies the problem.

  • 022: RELIABILITY FIX: March 13, 2002
    --- 101,107 ---- will process tilde escapes even in non-interactive mode. This can lead to a local root compromise.
    ! A source code patch exists which remedies the problem.

  • 022: RELIABILITY FIX: March 13, 2002
    *************** *** 111,124 **** function detects this. There is also a kernel zlib component that may be used by pppd and IPsec. The feasibility of attacking the kernel this way is currently unknown.
    ! A source code patch exists which remedies the problem.

  • 021: SECURITY FIX: March 8, 2002
    A local user can gain super-user privileges due to an off-by-one check in the channel forwarding code of OpenSSH.
    ! A source code patch exists which remedies the problem.

  • --- 111,124 ---- function detects this. There is also a kernel zlib component that may be used by pppd and IPsec. The feasibility of attacking the kernel this way is currently unknown.
    ! A source code patch exists which remedies the problem.

  • 021: SECURITY FIX: March 8, 2002
    A local user can gain super-user privileges due to an off-by-one check in the channel forwarding code of OpenSSH.
    ! A source code patch exists which remedies the problem.

  • *************** *** 126,132 **** A race condition between the ptrace(2) and execve(2) system calls allows an attacker to modify the memory contents of suid/sgid processes which could lead to compromise of the super-user account.
    ! A source code patch exists which remedies the problem.

  • 019: SECURITY FIX: January 17, 2002
    --- 126,132 ---- A race condition between the ptrace(2) and execve(2) system calls allows an attacker to modify the memory contents of suid/sgid processes which could lead to compromise of the super-user account.
    ! A source code patch exists which remedies the problem.

  • 019: SECURITY FIX: January 17, 2002
    *************** *** 138,144 **** ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes the mailer an environment that is not subject to influence from the invoking user.
    ! A source code patch exists which remedies the problem.

  • --- 138,144 ---- ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes the mailer an environment that is not subject to influence from the invoking user.
    ! A source code patch exists which remedies the problem.

  • *************** *** 149,162 **** /etc/hosts.equiv) may be used to mount an attack and the attacker must have root access on the machine. OpenBSD does not start lpd in the default installation. ! A source code patch exists which remedies the problem.

  • 016: SECURITY FIX: November 13, 2001
    A security issue exists in the vi.recover script that may allow an attacker to remove arbitrary zero-length files, regardless of ownership.
    ! A source code patch exists which remedies the problem.

  • 015: SECURITY FIX: September 11, 2001
    --- 149,162 ---- /etc/hosts.equiv) may be used to mount an attack and the attacker must have root access on the machine. OpenBSD does not start lpd in the default installation. ! A source code patch exists which remedies the problem.

  • 016: SECURITY FIX: November 13, 2001
    A security issue exists in the vi.recover script that may allow an attacker to remove arbitrary zero-length files, regardless of ownership.
    ! A source code patch exists which remedies the problem.

  • 015: SECURITY FIX: September 11, 2001
    *************** *** 168,174 **** some UUCP commands are run as root (and daemon) from cron it is possible to leverage compromise of the UUCP user to gain root.
    ! A source code patch exists which remedies the problem.

  • 014: SECURITY FIX: August 29, 2001
    --- 168,174 ---- some UUCP commands are run as root (and daemon) from cron it is possible to leverage compromise of the UUCP user to gain root.
    ! A source code patch exists which remedies the problem.

  • 014: SECURITY FIX: August 29, 2001
    *************** *** 179,185 **** access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv) may be used to mount an attack.
    ! A source code patch exists which remedies the problem.

  • 013: SECURITY FIX: August 21, 2001
    --- 179,185 ---- access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv) may be used to mount an attack.
    ! A source code patch exists which remedies the problem.

  • 013: SECURITY FIX: August 21, 2001
    *************** *** 187,193 **** that may allow an attacker on the local host to gain root privileges by specifying out-of-bounds debug parameters.
    ! A source code patch exists which remedies the problem.

  • 012: SECURITY FIX: July 30, 2001
    --- 187,193 ---- that may allow an attacker on the local host to gain root privileges by specifying out-of-bounds debug parameters.
    ! A source code patch exists which remedies the problem.

  • 012: SECURITY FIX: July 30, 2001
    *************** *** 197,203 **** privileges can initiate this attack. In default installs, only super-user has mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges.
    ! A source code patch exists which remedies the problem.

  • 011: RELIABILITY FIX: July 15, 2001 --- 197,203 ---- privileges can initiate this attack. In default installs, only super-user has mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges.
    ! A source code patch exists which remedies the problem.

  • 011: RELIABILITY FIX: July 15, 2001 *************** *** 208,214 **** packages-specs(7) for details).
    ! A source code patch exists which remedies the problem, by forcing /usr/sbin/pkg to be more careful in checking version numbers.

    --- 208,214 ---- packages-specs(7) for details).
    ! A source code patch exists which remedies the problem, by forcing /usr/sbin/pkg to be more careful in checking version numbers.

    *************** *** 222,235 **** and dump(8).
    ! A source code patch exists which remedies the problem. This is the second version of the patch.

  • 007: SECURITY FIX: June 15, 2001
    A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
    ! A source code patch exists which remedies the problem.

  • 006: SECURITY FIX: June 12, 2001
    --- 222,235 ---- and dump(8).
    ! A source code patch exists which remedies the problem. This is the second version of the patch.

  • 007: SECURITY FIX: June 15, 2001
    A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
    ! A source code patch exists which remedies the problem.

  • 006: SECURITY FIX: June 12, 2001
    *************** *** 237,250 **** allows users to delete arbitrary files named "cookies" if X11 forwarding is enabled. X11 forwarding is disabled by default.
    ! A source code patch exists which remedies the problem.

  • 005: RELIABILITY FIX: June 7, 2001
    pwd_mkdb(8) corrupts /etc/pwd.db when modifying an existing user.
    ! A source code patch exists which remedies the problem.

  • 004: RELIABILITY FIX: June 5, 2001
    --- 237,250 ---- allows users to delete arbitrary files named "cookies" if X11 forwarding is enabled. X11 forwarding is disabled by default.
    ! A source code patch exists which remedies the problem.

  • 005: RELIABILITY FIX: June 7, 2001
    pwd_mkdb(8) corrupts /etc/pwd.db when modifying an existing user.
    ! A source code patch exists which remedies the problem.

  • 004: RELIABILITY FIX: June 5, 2001
    *************** *** 252,258 **** will fail to use a certificate with an identity string that is exactly N * 8 bytes long.
    ! A source code patch exists which remedies the problem.

  • 003: DOCUMENTATION FIX: June 1, 2001
    --- 252,258 ---- will fail to use a certificate with an identity string that is exactly N * 8 bytes long.
    ! A source code patch exists which remedies the problem.

  • 003: DOCUMENTATION FIX: June 1, 2001
    *************** *** 270,276 **** the old fts bug but happens when popping out of directories, as opposed to descending into them.
    ! A source code patch exists which remedies the problem. This is the second version of the patch.

  • --- 270,276 ---- the old fts bug but happens when popping out of directories, as opposed to descending into them.
    ! A source code patch exists which remedies the problem. This is the second version of the patch.

  • *************** *** 279,285 **** context of a signal handler. This leads to potentially serious race conditions. At the moment this is a theoretical attack only and can only be exploited on the local host (if at all).
    ! A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.

    --- 279,285 ---- context of a signal handler. This leads to potentially serious race conditions. At the moment this is a theoretical attack only and can only be exploited on the local host (if at all).
    ! A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.

    *************** *** 290,301 **** 2001
    The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text mode palette upon exit of the X server. A source code patch exists which remedies the problem. To avoid rebuilding the whole XFree86 tree, an updated binary driver is also available here . Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and restart your X server.

    --- 290,301 ---- 2001
    The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text mode palette upon exit of the X server. A source code patch exists which remedies the problem. To avoid rebuilding the whole XFree86 tree, an updated binary driver is also available here . Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and restart your X server.

    *************** *** 304,310 **** 2001
    The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing corrupted /etc/XF86Config files. ! A source code patch exists which remedies the problem by linking XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a.

    --- 304,310 ---- 2001
    The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing corrupted /etc/XF86Config files. ! A source code patch exists which remedies the problem by linking XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a.

    *************** *** 329,337 **** missing files can be added manually from the sparc tarballs after the installation:
    Grab the ! xbase29.tgz and ! xshare29.tgz files found in the 2.9/sparc directory on the CD, or any FTP site. The missing files can be installed by using the following commands: 

    --- 329,337 ----
  missing files can be added manually from the sparc tarballs after the
  installation:
    
  Grab the
! xbase29.tgz
  and
! xshare29.tgz
  files found in the 2.9/sparc directory on the CD, or any FTP site.  The missing
  files can be installed by using the following commands:
  
    ***************
*** 427,433 ****
  
    
  OpenBSD 
  www@openbsd.org
! 
    $OpenBSD: errata29.html,v 1.54 2010/03/08 21:53:37 deraadt Exp $
  
  
  
--- 427,433 ----
  
    
  OpenBSD 
  www@openbsd.org
! 
    $OpenBSD: errata29.html,v 1.55 2010/07/08 19:00:07 sthen Exp $