version 1.72, 2014/10/02 14:34:45 |
version 1.73, 2015/02/14 04:36:51 |
|
|
<hr> |
<hr> |
|
|
<ul> |
<ul> |
<li><a name="resolver"></a> |
<li id="resolver"> |
<font color="#009000"><strong>027: SECURITY FIX: June 25, 2002</strong></font> |
<font color="#009000"><strong>027: SECURITY FIX: June 25, 2002</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A potential buffer overflow in the DNS resolver has been found.<br> |
A potential buffer overflow in the DNS resolver has been found.<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/027_resolver.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/027_resolver.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="fdalloc2"></a> |
<li id="fdalloc2"> |
<font color="#009000"><strong>026: SECURITY FIX: May 8, 2002</strong></font> |
<font color="#009000"><strong>026: SECURITY FIX: May 8, 2002</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A race condition exists where an attacker could fill the file descriptor |
A race condition exists where an attacker could fill the file descriptor |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/026_fdalloc2.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/026_fdalloc2.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="sudo2"></a> |
<li id="sudo2"> |
<font color="#009000"><strong>025: SECURITY FIX: April 25, 2002</strong></font> |
<font color="#009000"><strong>025: SECURITY FIX: April 25, 2002</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.<br> |
A bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/025_sudo.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/025_sudo.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="sshafs"></a> |
<li id="sshafs"> |
<font color="#009000"><strong>024: SECURITY FIX: April 22, 2002</strong></font> |
<font color="#009000"><strong>024: SECURITY FIX: April 22, 2002</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A local user can gain super-user privileges due to a buffer overflow |
A local user can gain super-user privileges due to a buffer overflow |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/024_sshafs.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/024_sshafs.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="mail"></a> |
<li id="mail"> |
<font color="#009000"><strong>023: SECURITY FIX: April 11, 2002</strong></font> |
<font color="#009000"><strong>023: SECURITY FIX: April 11, 2002</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mail&sektion=1">mail(1)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mail&sektion=1">mail(1)</a> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/023_mail.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/023_mail.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="zlib"></a> |
<li id="zlib"> |
<font color="#009000"><strong>022: RELIABILITY FIX: March 13, 2002</strong></font> |
<font color="#009000"><strong>022: RELIABILITY FIX: March 13, 2002</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Under some circumstances the zlib compression library can free dynamically |
Under some circumstances the zlib compression library can free dynamically |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/022_zlib.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/022_zlib.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="openssh"></a> |
<li id="openssh"> |
<font color="#009000"><strong>021: SECURITY FIX: March 8, 2002</strong></font> |
<font color="#009000"><strong>021: SECURITY FIX: March 8, 2002</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A local user can gain super-user privileges due to an off-by-one check |
A local user can gain super-user privileges due to an off-by-one check |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/021_openssh.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/021_openssh.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="ptrace"></a> |
<li id="ptrace"> |
<font color="#009000"><strong>020: SECURITY FIX: February 20, 2002</strong></font> |
<font color="#009000"><strong>020: SECURITY FIX: February 20, 2002</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A race condition between the ptrace(2) and execve(2) system calls allows |
A race condition between the ptrace(2) and execve(2) system calls allows |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/020_ptrace.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/020_ptrace.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="sudo"></a> |
<li id="sudo"> |
<font color="#009000"><strong>019: SECURITY FIX: January 17, 2002</strong></font> |
<font color="#009000"><strong>019: SECURITY FIX: January 17, 2002</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
If the Postfix sendmail replacement is installed on a system an |
If the Postfix sendmail replacement is installed on a system an |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/019_sudo.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/019_sudo.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="missing"></a> |
<li id="missing"> |
<font color="#00900"><strong>018: INSTALL PROBLEM: Dec 11, 2001</strong></font><br> |
<font color="#00900"><strong>018: INSTALL PROBLEM: Dec 11, 2001</strong></font><br> |
The X binary sets shipped with OpenBSD 2.9 do not contain several files. These |
The X binary sets shipped with OpenBSD 2.9 do not contain several files. These |
missing files can be added manually from the sparc tarballs after the |
missing files can be added manually from the sparc tarballs after the |
|
|
# cd /usr/X11R6/bin/; ln -fs Xmac68k X |
# cd /usr/X11R6/bin/; ln -fs Xmac68k X |
</pre> |
</pre> |
<p> |
<p> |
<li><a name="lpd2"></a> |
<li id="lpd2"> |
<font color="#009000"><strong>017: SECURITY FIX: November 28, 2001</strong></font> |
<font color="#009000"><strong>017: SECURITY FIX: November 28, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A security issue exists in the lpd daemon that may allow an attacker |
A security issue exists in the lpd daemon that may allow an attacker |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/017_lpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/017_lpd.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="vi.recover"></a> |
<li id="vi.recover"> |
<font color="#009000"><strong>016: SECURITY FIX: November 13, 2001</strong></font> |
<font color="#009000"><strong>016: SECURITY FIX: November 13, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A security issue exists in the vi.recover script that may allow an attacker |
A security issue exists in the vi.recover script that may allow an attacker |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="uucp"></a> |
<li id="uucp"> |
<font color="#009000"><strong>015: SECURITY FIX: September 11, 2001</strong></font> |
<font color="#009000"><strong>015: SECURITY FIX: September 11, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uuxqt&sektion=8">uuxqt(8)</a> |
A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uuxqt&sektion=8">uuxqt(8)</a> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/015_uucp.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/015_uucp.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="lpd"></a> |
<li id="lpd"> |
<font color="#009000"><strong>014: SECURITY FIX: August 29, 2001</strong></font> |
<font color="#009000"><strong>014: SECURITY FIX: August 29, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a> |
A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/014_lpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/014_lpd.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="sendmail2"></a> |
<li id="sendmail2"> |
<font color="#009000"><strong>013: SECURITY FIX: August 21, 2001</strong></font> |
<font color="#009000"><strong>013: SECURITY FIX: August 21, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/013_sendmail.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/013_sendmail.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="nfs"></a> |
<li id="nfs"> |
<font color="#009000"><strong>012: SECURITY FIX: July 30, 2001</strong></font> |
<font color="#009000"><strong>012: SECURITY FIX: July 30, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A kernel buffer overflow exists in the NFS mount code. An attacker may |
A kernel buffer overflow exists in the NFS mount code. An attacker may |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/012_nfs.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/012_nfs.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="pkg"></a> |
<li id="pkg"> |
<font color="#009000"><strong>011: RELIABILITY FIX: July 15, 2001</strong></font> |
<font color="#009000"><strong>011: RELIABILITY FIX: July 15, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The |
The |
|
|
by forcing <code>/usr/sbin/pkg</code> to be more careful in checking |
by forcing <code>/usr/sbin/pkg</code> to be more careful in checking |
version numbers. |
version numbers. |
<p> |
<p> |
<li><a name="nvidia"></a> |
<li id="nvidia"> |
<font color="#009000"><strong>010: RELIABILITY FIX: Jul 9, 2001</strong></font><br> |
<font color="#009000"><strong>010: RELIABILITY FIX: Jul 9, 2001</strong></font><br> |
The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text |
The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text |
mode palette upon exit of the X server. <a |
mode palette upon exit of the X server. <a |
|
|
Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and |
Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and |
restart your X server. |
restart your X server. |
<p> |
<p> |
<li><a name="XF86Setup"></a> |
<li id="XF86Setup"> |
<font color="#009000"><strong>009: RELIABILITY FIX: Jun 23, 2001</strong></font><br> |
<font color="#009000"><strong>009: RELIABILITY FIX: Jun 23, 2001</strong></font><br> |
The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing |
The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing |
corrupted /etc/XF86Config files. |
corrupted /etc/XF86Config files. |
|
|
"USB Mouse Support" options in the BIOS. Otherwise, the i8042 |
"USB Mouse Support" options in the BIOS. Otherwise, the i8042 |
keyboard controller doesn't acknowledge commands, confusing OpenBSD. |
keyboard controller doesn't acknowledge commands, confusing OpenBSD. |
<p> |
<p> |
<li><a name="twe"></a> |
<li id="twe"> |
<font color="#009000"><strong>008: RELIABILITY FIX: June 15, 2001</strong></font> |
<font color="#009000"><strong>008: RELIABILITY FIX: June 15, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=twe&sektion=4&format=html">twe(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=twe&sektion=4&format=html">twe(4)</a> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
This is the second version of the patch. |
This is the second version of the patch. |
<p> |
<p> |
<li><a name="kernexec"></a> |
<li id="kernexec"> |
<font color="#009000"><strong>007: SECURITY FIX: June 15, 2001</strong></font> |
<font color="#009000"><strong>007: SECURITY FIX: June 15, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A race condition exists in the kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execve&sektion=2&format=html">execve(2)</a> implementation that opens a small window of vulnerability for a non-privileged user to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ptrace&sektion=2&format=html">ptrace(2)</a> attach to a suid/sgid process. |
A race condition exists in the kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execve&sektion=2&format=html">execve(2)</a> implementation that opens a small window of vulnerability for a non-privileged user to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ptrace&sektion=2&format=html">ptrace(2)</a> attach to a suid/sgid process. |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="sshcookie"></a> |
<li id="sshcookie"> |
<font color="#009000"><strong>006: SECURITY FIX: June 12, 2001</strong></font> |
<font color="#009000"><strong>006: SECURITY FIX: June 12, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8&format=html">sshd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8&format=html">sshd(8)</a> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="pwd_mkdb"></a> |
<li id="pwd_mkdb"> |
<font color="#009000"><strong>005: RELIABILITY FIX: June 7, 2001</strong></font> |
<font color="#009000"><strong>005: RELIABILITY FIX: June 7, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pwd_mkdb&sektion=8&format=html">pwd_mkdb(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pwd_mkdb&sektion=8&format=html">pwd_mkdb(8)</a> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/005_pwd_mkdb.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/005_pwd_mkdb.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="isakmpd"></a> |
<li id="isakmpd"> |
<font color="#009000"><strong>004: RELIABILITY FIX: June 5, 2001</strong></font> |
<font color="#009000"><strong>004: RELIABILITY FIX: June 5, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8&format=html">isakmpd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8&format=html">isakmpd(8)</a> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/004_isakmpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/004_isakmpd.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><a name="cd_cover"></a> |
<li id="cd_cover"> |
<font color="#009000"><strong>003: DOCUMENTATION FIX: June 1, 2001</strong></font> |
<font color="#009000"><strong>003: DOCUMENTATION FIX: June 1, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The 2.9 CD cover states that XFree86 3.3.6-current is included. This is only half-true. |
The 2.9 CD cover states that XFree86 3.3.6-current is included. This is only half-true. |
|
|
3.3.6 Xservers have also been included, because 4.0.3 still has weak support for |
3.3.6 Xservers have also been included, because 4.0.3 still has weak support for |
some devices which 3.3.6 supported better. |
some devices which 3.3.6 supported better. |
<p> |
<p> |
<li><a name="fts"></a> |
<li id="fts"> |
<font color="#009000"><strong>002: SECURITY FIX: May 30, 2001</strong></font> |
<font color="#009000"><strong>002: SECURITY FIX: May 30, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Programs using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fts&sektion=3&format=html">fts(3)</a> |
Programs using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fts&sektion=3&format=html">fts(3)</a> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
This is the second version of the patch. |
This is the second version of the patch. |
<p> |
<p> |
<li><a name="sendmail"></a> |
<li id="sendmail"> |
<font color="#009000"><strong>001: SECURITY FIX: May 29, 2001</strong></font> |
<font color="#009000"><strong>001: SECURITY FIX: May 29, 2001</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The signal handlers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8&format=html">sendmail(8)</a> contain code that is unsafe in the |
The signal handlers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8&format=html">sendmail(8)</a> contain code that is unsafe in the |