=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata29.html,v retrieving revision 1.85 retrieving revision 1.86 diff -u -r1.85 -r1.86 --- www/errata29.html 2016/08/15 02:22:06 1.85 +++ www/errata29.html 2016/10/16 19:11:29 1.86 @@ -70,7 +70,7 @@
- + You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

@@ -90,7 +90,7 @@ 027: SECURITY FIX: June 25, 2002   All architectures
A potential buffer overflow in the DNS resolver has been found.
- + A source code patch exists which remedies this problem.

  • @@ -99,14 +99,14 @@ A race condition exists where an attacker could fill the file descriptor table and defeat the kernel's protection of fd slots 0, 1, and 2 for a setuid or setgid process.
    - + A source code patch exists which remedies this problem.

  • 025: SECURITY FIX: April 25, 2002   All architectures
    A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
    - + A source code patch exists which remedies this problem.

  • @@ -118,7 +118,7 @@ KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default.
    - + A source code patch exists which remedies this problem.

  • @@ -128,7 +128,7 @@ will process tilde escapes even in non-interactive mode. This can lead to a local root compromise.
    - + A source code patch exists which remedies this problem.

  • @@ -140,7 +140,7 @@ function detects this. There is also a kernel zlib component that may be used by pppd and IPsec. The feasibility of attacking the kernel this way is currently unknown.
    - + A source code patch exists which remedies this problem.

  • @@ -148,7 +148,7 @@   All architectures
    A local user can gain super-user privileges due to an off-by-one check in the channel forwarding code of OpenSSH.
    - + A source code patch exists which remedies this problem.

  • @@ -157,7 +157,7 @@ A race condition between the ptrace(2) and execve(2) system calls allows an attacker to modify the memory contents of suid/sgid processes which could lead to compromise of the super-user account.
    - + A source code patch exists which remedies this problem.

  • @@ -171,7 +171,7 @@ ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes the mailer an environment that is not subject to influence from the invoking user.
    - + A source code patch exists which remedies this problem.

  • @@ -180,9 +180,9 @@ missing files can be added manually from the sparc tarballs after the installation:
    Grab the -xbase29.tgz +xbase29.tgz and -xshare29.tgz +xshare29.tgz files found in the 2.9/sparc directory on the CD, or any FTP site. The missing files can be installed by using the following commands: 
    @@ -200,7 +200,7 @@
 /etc/hosts.equiv) may be used to mount an attack and the attacker
 must have root access on the machine.  OpenBSD does not start lpd
 in the default installation.
-
+
 A source code patch exists which remedies this problem.
 
    
 
  • 
@@ -209,7 +209,7 @@
 A security issue exists in the vi.recover script that may allow an attacker
 to remove arbitrary zero-length files, regardless of ownership.
 
    
-
+
 A source code patch exists which remedies this problem.
 
    
 
  • 
@@ -223,7 +223,7 @@
 some UUCP commands are run as root (and daemon) from cron it is possible
 to leverage compromise of the UUCP user to gain root.
 
    
-
+
 A source code patch exists which remedies this problem.
 
    
 
  • 
@@ -236,7 +236,7 @@
 access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
 may be used to mount an attack.
 
    
-
+
 A source code patch exists which remedies this problem.
 
    
 
  • 
@@ -246,7 +246,7 @@
 that may allow an attacker on the local host to gain root privileges by
 specifying out-of-bounds debug parameters.
 
    
-
+
 A source code patch exists which remedies this problem.
 
    
 
  • 
@@ -258,7 +258,7 @@
 privileges can initiate this attack.  In default installs, only super-user has
 mount privileges.  The kern.usermount sysctl(3) controls whether other users have mount privileges.
 
    
-
+
 A source code patch exists which remedies this problem.
 
    
 
  • 
@@ -270,7 +270,7 @@
 packages-specs(7)
 for details).
 
    
-
+
 A source code patch exists which remedies this problem.
 by forcing /usr/sbin/pkg to be more careful in checking
 version numbers.
@@ -279,11 +279,11 @@
 010: RELIABILITY FIX: Jul 9, 2001
    
 The NVIDIA driver for XFree86 4.0.3 is incorrectly restoring the text
 mode palette upon exit of the X server. 
+href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/010_nvidia.patch">
 A source code patch exists which remedies this problem.
 To avoid rebuilding the whole XFree86 tree, an updated binary driver
 is also available
-here.
+here.
 Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and
 restart your X server.
 
    
@@ -291,7 +291,7 @@
 009: RELIABILITY FIX: Jun 23, 2001
    
 The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing
 corrupted /etc/XF86Config files.
-
+
 A source code patch exists which remedies this problem.
 It does so by linking XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a.
 
    
@@ -310,7 +310,7 @@
 and
 dump(8).
 
    
-
+
 A source code patch exists which remedies this problem.
 This is the second version of the patch.
 
    
@@ -319,7 +319,7 @@
   All architectures
    
 A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
 
    
-
+
 A source code patch exists which remedies this problem.
 
    
 
  • 
@@ -329,7 +329,7 @@
 allows users to delete arbitrary files named "cookies" if X11
 forwarding is enabled. X11 forwarding is disabled by default.
 
    
-
+
 A source code patch exists which remedies this problem.
 
    
 
  • 
@@ -338,7 +338,7 @@
 pwd_mkdb(8)
 corrupts /etc/pwd.db when modifying an existing user.
 
    
-
+
 A source code patch exists which remedies this problem.
 
    
 
  • 
@@ -348,7 +348,7 @@
 will fail to use a certificate with an identity string that is
 exactly N * 8 bytes long.
 
    
-
+
 A source code patch exists which remedies this problem.
 
    
 
  • 
@@ -369,7 +369,7 @@
 the old fts bug but happens when popping out of directories, as
 opposed to descending into them.
 
    
-
+
 A source code patch exists which remedies this problem.
 This is the second version of the patch.
 
    
@@ -380,7 +380,7 @@
 context of a signal handler.  This leads to potentially serious
 race conditions.  At the moment this is a theoretical attack only
 and can only be exploited on the local host (if at all).
    
-
+
 A source code patch exists which remedies this problem.