=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata29.html,v retrieving revision 1.65 retrieving revision 1.66 diff -c -r1.65 -r1.66 *** www/errata29.html 2014/03/28 03:04:30 1.65 --- www/errata29.html 2014/03/31 03:12:47 1.66 *************** *** 6,12 **** - --- 6,11 ---- *************** *** 64,76 **** You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. !

The patches below are available in CVS via the OPENBSD_2_9 patch branch. -

For more detailed information on how to install patches to OpenBSD, please ! consult the OpenBSD FAQ.

--- 63,78 ---- You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. +

! The patches below are available in CVS via the OPENBSD_2_9 patch branch.

+ For more detailed information on how to install patches to OpenBSD, please ! consult the OpenBSD FAQ. !

!

*************** *** 79,97 ****
  • 027: SECURITY FIX: June 25, 2002
    A potential buffer overflow in the DNS resolver has been found.
    ! A source code patch exists which remedies the problem.

  • 026: SECURITY FIX: May 8, 2002
    A race condition exists where an attacker could fill the file descriptor table and defeat the kernel's protection of fd slots 0, 1, and 2 for a setuid or setgid process.
    ! A source code patch exists which remedies the problem.

  • 025: SECURITY FIX: April 25, 2002
    A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
    ! A source code patch exists which remedies the problem.

  • 024: SECURITY FIX: April 22, 2002
    --- 81,102 ----
  • 027: SECURITY FIX: June 25, 2002
    A potential buffer overflow in the DNS resolver has been found.
    ! ! A source code patch exists which remedies this problem.

  • 026: SECURITY FIX: May 8, 2002
    A race condition exists where an attacker could fill the file descriptor table and defeat the kernel's protection of fd slots 0, 1, and 2 for a setuid or setgid process.
    ! ! A source code patch exists which remedies this problem.

  • 025: SECURITY FIX: April 25, 2002
    A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
    ! ! A source code patch exists which remedies this problem.

  • 024: SECURITY FIX: April 22, 2002
    *************** *** 101,107 **** KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default.
    ! A source code patch exists which remedies the problem.

  • 023: SECURITY FIX: April 11, 2002
    --- 106,113 ---- KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default.
    ! ! A source code patch exists which remedies this problem.

  • 023: SECURITY FIX: April 11, 2002
    *************** *** 109,115 **** will process tilde escapes even in non-interactive mode. This can lead to a local root compromise.
    ! A source code patch exists which remedies the problem.

  • 022: RELIABILITY FIX: March 13, 2002
    --- 115,122 ---- will process tilde escapes even in non-interactive mode. This can lead to a local root compromise.
    ! ! A source code patch exists which remedies this problem.

  • 022: RELIABILITY FIX: March 13, 2002
    *************** *** 119,140 **** function detects this. There is also a kernel zlib component that may be used by pppd and IPsec. The feasibility of attacking the kernel this way is currently unknown.
    ! A source code patch exists which remedies the problem.

  • 021: SECURITY FIX: March 8, 2002
    A local user can gain super-user privileges due to an off-by-one check in the channel forwarding code of OpenSSH.
    ! A source code patch exists which remedies the problem.

  • 020: SECURITY FIX: February 20, 2002
    A race condition between the ptrace(2) and execve(2) system calls allows an attacker to modify the memory contents of suid/sgid processes which could lead to compromise of the super-user account.
    ! A source code patch exists which remedies the problem.

  • 019: SECURITY FIX: January 17, 2002
    --- 126,149 ---- function detects this. There is also a kernel zlib component that may be used by pppd and IPsec. The feasibility of attacking the kernel this way is currently unknown.
    ! ! A source code patch exists which remedies this problem.

  • 021: SECURITY FIX: March 8, 2002
    A local user can gain super-user privileges due to an off-by-one check in the channel forwarding code of OpenSSH.
    ! ! A source code patch exists which remedies this problem.

  • 020: SECURITY FIX: February 20, 2002
    A race condition between the ptrace(2) and execve(2) system calls allows an attacker to modify the memory contents of suid/sgid processes which could lead to compromise of the super-user account.
    ! ! A source code patch exists which remedies this problem.

  • 019: SECURITY FIX: January 17, 2002
    *************** *** 146,153 **** ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes the mailer an environment that is not subject to influence from the invoking user.
    ! A ! source code patch exists which remedies the problem.

  • 017: SECURITY FIX: November 28, 2001
    --- 155,162 ---- ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes the mailer an environment that is not subject to influence from the invoking user.
    ! ! A source code patch exists which remedies this problem.

  • 017: SECURITY FIX: November 28, 2001
    *************** *** 157,170 **** /etc/hosts.equiv) may be used to mount an attack and the attacker must have root access on the machine. OpenBSD does not start lpd in the default installation. ! A source code patch exists which remedies the problem.

  • 016: SECURITY FIX: November 13, 2001
    A security issue exists in the vi.recover script that may allow an attacker to remove arbitrary zero-length files, regardless of ownership.
    ! A source code patch exists which remedies the problem.

  • 015: SECURITY FIX: September 11, 2001
    --- 166,181 ---- /etc/hosts.equiv) may be used to mount an attack and the attacker must have root access on the machine. OpenBSD does not start lpd in the default installation. ! ! A source code patch exists which remedies this problem.

  • 016: SECURITY FIX: November 13, 2001
    A security issue exists in the vi.recover script that may allow an attacker to remove arbitrary zero-length files, regardless of ownership.
    ! ! A source code patch exists which remedies this problem.

  • 015: SECURITY FIX: September 11, 2001
    *************** *** 176,182 **** some UUCP commands are run as root (and daemon) from cron it is possible to leverage compromise of the UUCP user to gain root.
    ! A source code patch exists which remedies the problem.

  • 014: SECURITY FIX: August 29, 2001
    --- 187,194 ---- some UUCP commands are run as root (and daemon) from cron it is possible to leverage compromise of the UUCP user to gain root.
    ! ! A source code patch exists which remedies this problem.

  • 014: SECURITY FIX: August 29, 2001
    *************** *** 187,193 **** access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv) may be used to mount an attack.
    ! A source code patch exists which remedies the problem.

  • 013: SECURITY FIX: August 21, 2001
    --- 199,206 ---- access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv) may be used to mount an attack.
    ! ! A source code patch exists which remedies this problem.

  • 013: SECURITY FIX: August 21, 2001
    *************** *** 195,201 **** that may allow an attacker on the local host to gain root privileges by specifying out-of-bounds debug parameters.
    ! A source code patch exists which remedies the problem.

  • 012: SECURITY FIX: July 30, 2001
    --- 208,215 ---- that may allow an attacker on the local host to gain root privileges by specifying out-of-bounds debug parameters.
    ! ! A source code patch exists which remedies this problem.

  • 012: SECURITY FIX: July 30, 2001
    *************** *** 205,211 **** privileges can initiate this attack. In default installs, only super-user has mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges.
    ! A source code patch exists which remedies the problem.

  • 011: RELIABILITY FIX: July 15, 2001 --- 219,226 ---- privileges can initiate this attack. In default installs, only super-user has mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges.
    ! ! A source code patch exists which remedies this problem.

  • 011: RELIABILITY FIX: July 15, 2001 *************** *** 216,222 **** packages-specs(7) for details).
    ! A source code patch exists which remedies the problem, by forcing /usr/sbin/pkg to be more careful in checking version numbers.

    --- 231,238 ---- packages-specs(7) for details).
    ! ! A source code patch exists which remedies this problem. by forcing /usr/sbin/pkg to be more careful in checking version numbers.

    *************** *** 230,243 **** and dump(8).
    ! A source code patch exists which remedies the problem. This is the second version of the patch.

  • 007: SECURITY FIX: June 15, 2001
    A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
    ! A source code patch exists which remedies the problem.

  • 006: SECURITY FIX: June 12, 2001
    --- 246,261 ---- and dump(8).
    ! ! A source code patch exists which remedies this problem. This is the second version of the patch.

  • 007: SECURITY FIX: June 15, 2001
    A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
    ! ! A source code patch exists which remedies this problem.

  • 006: SECURITY FIX: June 12, 2001
    *************** *** 245,258 **** allows users to delete arbitrary files named "cookies" if X11 forwarding is enabled. X11 forwarding is disabled by default.
    ! A source code patch exists which remedies the problem.

  • 005: RELIABILITY FIX: June 7, 2001
    pwd_mkdb(8) corrupts /etc/pwd.db when modifying an existing user.
    ! A source code patch exists which remedies the problem.

  • 004: RELIABILITY FIX: June 5, 2001
    --- 263,278 ---- allows users to delete arbitrary files named "cookies" if X11 forwarding is enabled. X11 forwarding is disabled by default.
    ! ! A source code patch exists which remedies this problem.

  • 005: RELIABILITY FIX: June 7, 2001
    pwd_mkdb(8) corrupts /etc/pwd.db when modifying an existing user.
    ! ! A source code patch exists which remedies this problem.

  • 004: RELIABILITY FIX: June 5, 2001
    *************** *** 260,266 **** will fail to use a certificate with an identity string that is exactly N * 8 bytes long.
    ! A source code patch exists which remedies the problem.

  • 003: DOCUMENTATION FIX: June 1, 2001
    --- 280,287 ---- will fail to use a certificate with an identity string that is exactly N * 8 bytes long.
    ! ! A source code patch exists which remedies this problem.

  • 003: DOCUMENTATION FIX: June 1, 2001
    *************** *** 278,284 **** the old fts bug but happens when popping out of directories, as opposed to descending into them.
    ! A source code patch exists which remedies the problem. This is the second version of the patch.

  • --- 299,306 ---- the old fts bug but happens when popping out of directories, as opposed to descending into them.
    ! ! A source code patch exists which remedies this problem. This is the second version of the patch.

  • *************** *** 287,293 **** context of a signal handler. This leads to potentially serious race conditions. At the moment this is a theoretical attack only and can only be exploited on the local host (if at all).
    ! A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.

    --- 309,316 ---- context of a signal handler. This leads to potentially serious race conditions. At the moment this is a theoretical attack only and can only be exploited on the local host (if at all).
    ! ! A source code patch exists which remedies this problem.

    *************** *** 299,310 **** The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text mode palette upon exit of the X server. ! A source code patch exists which remedies the problem. To avoid rebuilding the whole XFree86 tree, an updated binary driver is also available ! here ! . Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and restart your X server.

  • --- 322,332 ---- The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text mode palette upon exit of the X server. ! A source code patch exists which remedies this problem. To avoid rebuilding the whole XFree86 tree, an updated binary driver is also available ! here. ! Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and restart your X server.

  • *************** *** 313,320 **** The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing corrupted /etc/XF86Config files. ! A source code patch exists which remedies the problem by linking ! XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a.

  • When using a PS/2 keyboard with an MSI K7T Pro2A motherboard, it may be necessary to disable the "USB Keyboard Support" and --- 335,342 ---- The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing corrupted /etc/XF86Config files. ! A source code patch exists which remedies this problem. ! It does so by linking XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a.

  • When using a PS/2 keyboard with an MSI K7T Pro2A motherboard, it may be necessary to disable the "USB Keyboard Support" and *************** *** 322,333 **** keyboard controller doesn't acknowledge commands, confusing OpenBSD.

    - -

    alpha

    - -

    mac68k

    - -

    sparc

    - -

    - -

    amiga

    - -

    - -

    pmax

    - -

    - -

    hp300

    - -

    - -

    mvme68k

    - -

    - -

    powerpc

    - -

    - -

    vax

    - -

    - -

    sun3

    - --- 365,370 ----