===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata29.html,v
retrieving revision 1.65
retrieving revision 1.66
diff -c -r1.65 -r1.66
*** www/errata29.html 2014/03/28 03:04:30 1.65
--- www/errata29.html 2014/03/31 03:12:47 1.66
***************
*** 6,12 ****
-
--- 6,11 ----
***************
*** 64,76 ****
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
!
The patches below are available in CVS via the
OPENBSD_2_9
patch branch.
-
For more detailed information on how to install patches to OpenBSD, please
! consult the OpenBSD FAQ.
--- 63,78 ----
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
+
! The patches below are available in CVS via the
OPENBSD_2_9
patch branch.
+
For more detailed information on how to install patches to OpenBSD, please
! consult the OpenBSD FAQ.
!
!
***************
*** 79,97 ****
027: SECURITY FIX: June 25, 2002
A potential buffer overflow in the DNS resolver has been found.
! A source code patch exists which remedies the problem.
026: SECURITY FIX: May 8, 2002
A race condition exists where an attacker could fill the file descriptor
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
setuid or setgid process.
! A source code patch exists which remedies the problem.
025: SECURITY FIX: April 25, 2002
A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
! A source code patch exists which remedies the problem.
024: SECURITY FIX: April 22, 2002
--- 81,102 ----
027: SECURITY FIX: June 25, 2002
A potential buffer overflow in the DNS resolver has been found.
!
! A source code patch exists which remedies this problem.
026: SECURITY FIX: May 8, 2002
A race condition exists where an attacker could fill the file descriptor
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
setuid or setgid process.
!
! A source code patch exists which remedies this problem.
025: SECURITY FIX: April 25, 2002
A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
!
! A source code patch exists which remedies this problem.
024: SECURITY FIX: April 22, 2002
***************
*** 101,107 ****
KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
! A source code patch exists which remedies the problem.
023: SECURITY FIX: April 11, 2002
--- 106,113 ----
KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
!
! A source code patch exists which remedies this problem.
023: SECURITY FIX: April 11, 2002
***************
*** 109,115 ****
will process tilde escapes even in non-interactive mode.
This can lead to a local root compromise.
! A source code patch exists which remedies the problem.
022: RELIABILITY FIX: March 13, 2002
--- 115,122 ----
will process tilde escapes even in non-interactive mode.
This can lead to a local root compromise.
!
! A source code patch exists which remedies this problem.
022: RELIABILITY FIX: March 13, 2002
***************
*** 119,140 ****
function detects this.
There is also a kernel zlib component that may be used by pppd and IPsec.
The feasibility of attacking the kernel this way is currently unknown.
! A source code patch exists which remedies the problem.
021: SECURITY FIX: March 8, 2002
A local user can gain super-user privileges due to an off-by-one check
in the channel forwarding code of OpenSSH.
! A source code patch exists which remedies the problem.
020: SECURITY FIX: February 20, 2002
A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
could lead to compromise of the super-user account.
! A source code patch exists which remedies the problem.
019: SECURITY FIX: January 17, 2002
--- 126,149 ----
function detects this.
There is also a kernel zlib component that may be used by pppd and IPsec.
The feasibility of attacking the kernel this way is currently unknown.
!
! A source code patch exists which remedies this problem.
021: SECURITY FIX: March 8, 2002
A local user can gain super-user privileges due to an off-by-one check
in the channel forwarding code of OpenSSH.
!
! A source code patch exists which remedies this problem.
020: SECURITY FIX: February 20, 2002
A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
could lead to compromise of the super-user account.
!
! A source code patch exists which remedies this problem.
019: SECURITY FIX: January 17, 2002
***************
*** 146,153 ****
ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes
the mailer an environment that is not subject to influence from the
invoking user.
! A
! source code patch exists which remedies the problem.
017: SECURITY FIX: November 28, 2001
--- 155,162 ----
ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes
the mailer an environment that is not subject to influence from the
invoking user.
!
! A source code patch exists which remedies this problem.
017: SECURITY FIX: November 28, 2001
***************
*** 157,170 ****
/etc/hosts.equiv) may be used to mount an attack and the attacker
must have root access on the machine. OpenBSD does not start lpd
in the default installation.
! A source code patch exists which remedies the problem.
016: SECURITY FIX: November 13, 2001
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
! A source code patch exists which remedies the problem.
015: SECURITY FIX: September 11, 2001
--- 166,181 ----
/etc/hosts.equiv) may be used to mount an attack and the attacker
must have root access on the machine. OpenBSD does not start lpd
in the default installation.
!
! A source code patch exists which remedies this problem.
016: SECURITY FIX: November 13, 2001
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
!
! A source code patch exists which remedies this problem.
015: SECURITY FIX: September 11, 2001
***************
*** 176,182 ****
some UUCP commands are run as root (and daemon) from cron it is possible
to leverage compromise of the UUCP user to gain root.
! A source code patch exists which remedies the problem.
014: SECURITY FIX: August 29, 2001
--- 187,194 ----
some UUCP commands are run as root (and daemon) from cron it is possible
to leverage compromise of the UUCP user to gain root.
!
! A source code patch exists which remedies this problem.
014: SECURITY FIX: August 29, 2001
***************
*** 187,193 ****
access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
may be used to mount an attack.
! A source code patch exists which remedies the problem.
013: SECURITY FIX: August 21, 2001
--- 199,206 ----
access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
may be used to mount an attack.
!
! A source code patch exists which remedies this problem.
013: SECURITY FIX: August 21, 2001
***************
*** 195,201 ****
that may allow an attacker on the local host to gain root privileges by
specifying out-of-bounds debug parameters.
! A source code patch exists which remedies the problem.
012: SECURITY FIX: July 30, 2001
--- 208,215 ----
that may allow an attacker on the local host to gain root privileges by
specifying out-of-bounds debug parameters.
!
! A source code patch exists which remedies this problem.
012: SECURITY FIX: July 30, 2001
***************
*** 205,211 ****
privileges can initiate this attack. In default installs, only super-user has
mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges.
! A source code patch exists which remedies the problem.
011: RELIABILITY FIX: July 15, 2001
--- 219,226 ----
privileges can initiate this attack. In default installs, only super-user has
mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges.
!
! A source code patch exists which remedies this problem.
011: RELIABILITY FIX: July 15, 2001
***************
*** 216,222 ****
packages-specs(7)
for details).
! A source code patch exists which remedies the problem,
by forcing /usr/sbin/pkg
to be more careful in checking
version numbers.
--- 231,238 ----
packages-specs(7)
for details).
!
! A source code patch exists which remedies this problem.
by forcing /usr/sbin/pkg
to be more careful in checking
version numbers.
***************
*** 230,243 ****
and
dump(8).
! A source code patch exists which remedies the problem.
This is the second version of the patch.
007: SECURITY FIX: June 15, 2001
A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
! A source code patch exists which remedies the problem.
006: SECURITY FIX: June 12, 2001
--- 246,261 ----
and
dump(8).
!
! A source code patch exists which remedies this problem.
This is the second version of the patch.
007: SECURITY FIX: June 15, 2001
A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
!
! A source code patch exists which remedies this problem.
006: SECURITY FIX: June 12, 2001
***************
*** 245,258 ****
allows users to delete arbitrary files named "cookies" if X11
forwarding is enabled. X11 forwarding is disabled by default.
! A source code patch exists which remedies the problem.
005: RELIABILITY FIX: June 7, 2001
pwd_mkdb(8)
corrupts /etc/pwd.db when modifying an existing user.
! A source code patch exists which remedies the problem.
004: RELIABILITY FIX: June 5, 2001
--- 263,278 ----
allows users to delete arbitrary files named "cookies" if X11
forwarding is enabled. X11 forwarding is disabled by default.
!
! A source code patch exists which remedies this problem.
005: RELIABILITY FIX: June 7, 2001
pwd_mkdb(8)
corrupts /etc/pwd.db when modifying an existing user.
!
! A source code patch exists which remedies this problem.
004: RELIABILITY FIX: June 5, 2001
***************
*** 260,266 ****
will fail to use a certificate with an identity string that is
exactly N * 8 bytes long.
! A source code patch exists which remedies the problem.
003: DOCUMENTATION FIX: June 1, 2001
--- 280,287 ----
will fail to use a certificate with an identity string that is
exactly N * 8 bytes long.
!
! A source code patch exists which remedies this problem.
003: DOCUMENTATION FIX: June 1, 2001
***************
*** 278,284 ****
the old fts bug but happens when popping out of directories, as
opposed to descending into them.
! A source code patch exists which remedies the problem.
This is the second version of the patch.
--- 299,306 ----
the old fts bug but happens when popping out of directories, as
opposed to descending into them.
!
! A source code patch exists which remedies this problem.
This is the second version of the patch.
***************
*** 287,293 ****
context of a signal handler. This leads to potentially serious
race conditions. At the moment this is a theoretical attack only
and can only be exploited on the local host (if at all).
! A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.
--- 309,316 ----
context of a signal handler. This leads to potentially serious
race conditions. At the moment this is a theoretical attack only
and can only be exploited on the local host (if at all).
!
! A source code patch exists which remedies this problem.
***************
*** 299,310 ****
The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text
mode palette upon exit of the X server.
! A source code patch exists which remedies the problem.
To avoid rebuilding the whole XFree86 tree, an updated binary driver
is also available
! here
! . Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and
restart your X server.
--- 322,332 ----
The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text
mode palette upon exit of the X server.
! A source code patch exists which remedies this problem.
To avoid rebuilding the whole XFree86 tree, an updated binary driver
is also available
! here.
! Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and
restart your X server.
***************
*** 313,320 ****
The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing
corrupted /etc/XF86Config files.
! A source code patch exists which remedies the problem by linking
! XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a.
When using a PS/2 keyboard with an MSI K7T Pro2A motherboard, it may be
necessary to disable the "USB Keyboard Support" and
--- 335,342 ----
The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing
corrupted /etc/XF86Config files.
! A source code patch exists which remedies this problem.
! It does so by linking XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a.
When using a PS/2 keyboard with an MSI K7T Pro2A motherboard, it may be
necessary to disable the "USB Keyboard Support" and
***************
*** 322,333 ****
keyboard controller doesn't acknowledge commands, confusing OpenBSD.
-
-
alpha
-
- - No problems identified yet.
-
-
mac68k
--- 344,349 ----
***************
*** 349,400 ****
-
-
sparc
-
- - No problems identified yet.
-
-
-
-
amiga
-
- - No problems identified yet.
-
-
-
-
pmax
-
- - No problems identified yet.
-
-
-
-
hp300
-
- - No problems identified yet.
-
-
-
-
mvme68k
-
- - No problems identified yet.
-
-
-
-
powerpc
-
- - No problems identified yet.
-
-
-
-
vax
-
- - No problems identified yet.
-
-
-
-
sun3
-
- - No problems identified yet.
--- 365,370 ----