===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata29.html,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- www/errata29.html 2014/03/28 03:04:30 1.65
+++ www/errata29.html 2014/03/31 03:12:47 1.66
@@ -6,7 +6,6 @@
-
@@ -64,13 +63,16 @@
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
+
-
The patches below are available in CVS via the
+The patches below are available in CVS via the
OPENBSD_2_9
patch branch.
-
+
For more detailed information on how to install patches to OpenBSD, please
-consult the OpenBSD FAQ.
+consult the OpenBSD FAQ.
+
+
@@ -79,19 +81,22 @@
027: SECURITY FIX: June 25, 2002
A potential buffer overflow in the DNS resolver has been found.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
026: SECURITY FIX: May 8, 2002
A race condition exists where an attacker could fill the file descriptor
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
setuid or setgid process.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
025: SECURITY FIX: April 25, 2002
A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
024: SECURITY FIX: April 22, 2002
@@ -101,7 +106,8 @@
KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
023: SECURITY FIX: April 11, 2002
@@ -109,7 +115,8 @@
will process tilde escapes even in non-interactive mode.
This can lead to a local root compromise.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
022: RELIABILITY FIX: March 13, 2002
@@ -119,22 +126,24 @@
function detects this.
There is also a kernel zlib component that may be used by pppd and IPsec.
The feasibility of attacking the kernel this way is currently unknown.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
021: SECURITY FIX: March 8, 2002
A local user can gain super-user privileges due to an off-by-one check
in the channel forwarding code of OpenSSH.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
020: SECURITY FIX: February 20, 2002
A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
could lead to compromise of the super-user account.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
019: SECURITY FIX: January 17, 2002
@@ -146,8 +155,8 @@
ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes
the mailer an environment that is not subject to influence from the
invoking user.
-A
-source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
017: SECURITY FIX: November 28, 2001
@@ -157,14 +166,16 @@
/etc/hosts.equiv) may be used to mount an attack and the attacker
must have root access on the machine. OpenBSD does not start lpd
in the default installation.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
016: SECURITY FIX: November 13, 2001
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
015: SECURITY FIX: September 11, 2001
@@ -176,7 +187,8 @@
some UUCP commands are run as root (and daemon) from cron it is possible
to leverage compromise of the UUCP user to gain root.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
014: SECURITY FIX: August 29, 2001
@@ -187,7 +199,8 @@
access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
may be used to mount an attack.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
013: SECURITY FIX: August 21, 2001
@@ -195,7 +208,8 @@
that may allow an attacker on the local host to gain root privileges by
specifying out-of-bounds debug parameters.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
012: SECURITY FIX: July 30, 2001
@@ -205,7 +219,8 @@
privileges can initiate this attack. In default installs, only super-user has
mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
011: RELIABILITY FIX: July 15, 2001
@@ -216,7 +231,8 @@
packages-specs(7)
for details).
-A source code patch exists which remedies the problem,
+
+A source code patch exists which remedies this problem.
by forcing /usr/sbin/pkg
to be more careful in checking
version numbers.
@@ -230,14 +246,16 @@
and
dump(8).
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
This is the second version of the patch.
007: SECURITY FIX: June 15, 2001
A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
006: SECURITY FIX: June 12, 2001
@@ -245,14 +263,16 @@
allows users to delete arbitrary files named "cookies" if X11
forwarding is enabled. X11 forwarding is disabled by default.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
005: RELIABILITY FIX: June 7, 2001
pwd_mkdb(8)
corrupts /etc/pwd.db when modifying an existing user.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
004: RELIABILITY FIX: June 5, 2001
@@ -260,7 +280,8 @@
will fail to use a certificate with an identity string that is
exactly N * 8 bytes long.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
003: DOCUMENTATION FIX: June 1, 2001
@@ -278,7 +299,8 @@
the old fts bug but happens when popping out of directories, as
opposed to descending into them.
-A source code patch exists which remedies the problem.
+
+A source code patch exists which remedies this problem.
This is the second version of the patch.
@@ -287,7 +309,8 @@
context of a signal handler. This leads to potentially serious
race conditions. At the moment this is a theoretical attack only
and can only be exploited on the local host (if at all).
-A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.
+
+A source code patch exists which remedies this problem.
@@ -299,12 +322,11 @@
The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text
mode palette upon exit of the X server.
-A source code patch exists which remedies the problem.
+A source code patch exists which remedies this problem.
To avoid rebuilding the whole XFree86 tree, an updated binary driver
is also available
-here
-. Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and
+here.
+Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and
restart your X server.
@@ -313,8 +335,8 @@
The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing
corrupted /etc/XF86Config files.
-A source code patch exists which remedies the problem by linking
-XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a.
+A source code patch exists which remedies this problem.
+It does so by linking XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a.
When using a PS/2 keyboard with an MSI K7T Pro2A motherboard, it may be
necessary to disable the "USB Keyboard Support" and
@@ -322,12 +344,6 @@
keyboard controller doesn't acknowledge commands, confusing OpenBSD.
-
-
alpha
-
-- No problems identified yet.
-
-
mac68k
-
-
sparc
-
-- No problems identified yet.
-
-
-
-
amiga
-
-- No problems identified yet.
-
-
-
-
pmax
-
-- No problems identified yet.
-
-
-
-
hp300
-
-- No problems identified yet.
-
-
-
-
mvme68k
-
-- No problems identified yet.
-
-
-
-
powerpc
-
-- No problems identified yet.
-
-
-
-
vax
-
-- No problems identified yet.
-
-
-
-
sun3
-
-- No problems identified yet.