Annotation of www/errata29.html, Revision 1.2
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
4: <title>OpenBSD 2.9 errata</title>
5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1997-2001 by OpenBSD.">
11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
15: <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
16: <h2><font color=#0000e0>
17: This is the OpenBSD 2.9 release errata & patch list:
18:
19: </font></h2>
20:
21: <hr>
22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
23: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
24: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
25: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
26: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
27: <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
28: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
29: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
30: <a href=errata28.html>For 2.8 errata, please refer here</a>.<br>
31: <a href=errata.html>For 3.0 errata, please refer here</a>.<br>
32: <hr>
33:
34: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9.tar.gz>
35: You can also fetch a tar.gz file containing all the following patches</a>.
36: This file is updated once a day.
37:
38: <p> The patches below are available in CVS via the
39: <code>OPENBSD_2_9</code> <a href="stable.html">patch branch</a>.
40:
41: <p>
42: For more detailed information on install patches to OpenBSD, please
43: consult the <a href="./faq/faq10.html#10.14">OpenBSD FAQ</a>.
44: <hr>
45:
46: <dl>
47: <a name=all></a>
48: <li><h3><font color=#e00000>All architectures</font></h3>
49: <ul>
1.2 ! millert 50: <a name=vi.recover>
! 51: <li><font color=#009000><strong>016: SECURITY FIX: November 13, 2001</strong></font><br>
! 52: A security issue exists in the vi.recover script that may allow an attacker
! 53: to remove arbitrary zero-length files, regardless of ownership.
! 54: <br>
! 55: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch">A source code patch exists which remedies the problem</a>
! 56: <p>
1.1 deraadt 57: <a name=uucp>
58: <li><font color=#009000><strong>015: SECURITY FIX: September 11, 2001</strong></font><br>
59: A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uuxqt&sektion=8">uuxqt(8)</a>
60: that may allow an attacker to run arbitrary commands as user uucp and
61: use this to gain root access.
62: The UUCP execution daemon, uuxqt(8), has a bug in its command line
63: parsing routine that may allow arbitrary commands to be run. Because
64: some UUCP commands are run as root (and daemon) from cron it is possible
65: to leverage compromise of the UUCP user to gain root.
66: <br>
67: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/015_uucp.patch">A source code patch exists which remedies the problem</a>
68: <p>
69: <a name=lpd>
70: <li><font color=#009000><strong>014: SECURITY FIX: August 29, 2001</strong></font><br>
71: A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a>
72: that may allow an attacker with line printer access to gain root
73: privileges. A machine must be running lpd to be vulnerable (OpenBSD
74: does not start lpd by default). Only machines with line printer
75: access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
76: may be used to mount an attack.
77: <br>
78: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/014_lpd.patch">A source code patch exists which remedies the problem</a>
79: <p>
80: <a name=sendmail2>
81: <li><font color=#009000><strong>013: SECURITY FIX: August 21, 2001</strong></font><br>
82: A security hole exists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
83: that may allow an attacker on the local host to gain root privileges by
84: specifying out-of-bounds debug parameters.
85: <br>
86: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/013_sendmail.patch">A source code patch exists which remedies the problem</a>
87: <p>
88: <a name=nfs>
89: <li><font color=#009000><strong>012: SECURITY FIX: July 30, 2001</strong></font><br>
90: A kernel buffer overflow exists in the NFS mount code. An attacker may
91: use this overflow to execute arbitrary code in kernel mode. However,
92: only users with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount&sektion=2">mount(2)</a>
93: privileges can initiate this attack. In default installs, only super-user has
94: mount privileges. The kern.usermount <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> controls whether other users have mount privileges.
95: <br>
96: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/012_nfs.patch">A source code patch exists which remedies the problem</a>
97: <p>
98: <a name=pkg></a>
99: <li><font color=#009000><strong>011: RELIABILITY FIX: July 15, 2001</strong></font>
100: <br>
101: The
102: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=packages&sektion=7&format=html">packages(7)</a>
103: subsystem incorrectly accepts some package dependencies as okay (see
104: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=packages-specs&sektion=7&format=html">packages-specs(7)</a>
105: for details).
106: <br>
107: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/011_pkg.patch">A source code patch exists which remedies the problem</a>,
108: by forcing <code>/usr/sbin/pkg</code> to be more careful in checking
109: version numbers.
110: <p>
111: <a name=twe></a>
112: <li><font color=#009000><strong>008: RELIABILITY FIX: June 15, 2001</strong></font>
113: <br>
114: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=twe&sektion=4&format=html">twe(4)</a>
115: mishandles the DMA mapping resulting in a kernel panic on unaligned data
116: transfers, induced by programs such as
117: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8&format=html">disklabel(8)</a>
118: and
119: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dump&sektion=8&format=html">dump(8)</a>.
120: <br>
121: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/008_twe.patch">A source code patch exists which remedies the problem</a>.
122: This is the second version of the patch.
123: <p>
124: <a name=kernexec></a>
125: <li><font color=#009000><strong>007: SECURITY FIX: June 15, 2001</strong></font><br>
126: A race condition exists in the kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execve&sektion=2&format=html">execve(2)</a> implementation that opens a small window of vulnerability for a non-privileged user to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ptrace&sektion=2&format=html">ptrace(2)</a> attach to a suid/sgid process.
127: <br>
128: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch">A source code patch exists which remedies the problem</a>.
129: <p>
130: <a name=sshcookie></a>
131: <li><font color=#009000><strong>006: SECURITY FIX: June 12, 2001</strong></font><br>
132: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8&format=html">sshd(8)</a>
133: allows users to delete arbitrary files named "cookies" if X11
134: forwarding is enabled. X11 forwarding is disabled by default.
135: <br>
136: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch">A source code patch exists which remedies the problem</a>.
137: <p>
138: <a name=pwd_mkdb></a>
139: <li><font color=#009000><strong>005: RELIABILITY FIX: June 7, 2001</strong></font><br>
140: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pwd_mkdb&sektion=8&format=html">pwd_mkdb(8)</a>
141: corrupts /etc/pwd.db when modifying an existing user.
142: <br>
143: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/005_pwd_mkdb.patch">A source code patch exists which remedies the problem</a>.
144: <p>
145: <a name=isakmpd></a>
146: <li><font color=#009000><strong>004: RELIABILITY FIX: June 5, 2001</strong></font><br>
147: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8&format=html">isakmpd(8)</a>
148: will fail to use a certificate with an identity string that is
149: exactly N * 8 bytes long.
150: <br>
151: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/004_isakmpd.patch">A source code patch exists which remedies the problem</a>.
152: <p>
153: <li><font color=#009000><strong>003: DOCUMENTATION FIX: June 1, 2001</strong></font><br>
154: The 2.9 CD cover states that XFree86 3.3.6-current is included. This is only half-true.
155: In fact, the XFree86 included for all architectures is 4.0.3. On the i386, the
156: 3.3.6 Xservers have also been included, because 4.0.3 still has weak support for
157: some devices which 3.3.6 supported better.
158: <p>
159: <a name=fts></a>
160: <li><font color=#009000><strong>002: SECURITY FIX: May 30, 2001</strong></font><br>
161: Programs using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fts&sektion=3&format=html">fts(3)</a>
162: routines (such as rm, find, and most programs that take a <b>-R</b>
163: flag) can be tricked into changing into the wrong directory if the
164: parent dir is changed out from underneath it. This is similar to
165: the old fts bug but happens when popping out of directories, as
166: opposed to descending into them.
167: <br>
168: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/002_fts.patch">A source code patch exists which remedies the problem</a>.
169: This is the second version of the patch.
170: <p>
171: <a name=sendmail></a>
172: <li><font color=#009000><strong>001: SECURITY FIX: May 29, 2001</strong></font><br>
173: The signal handlers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8&format=html">sendmail(8)</a> contain code that is unsafe in the
174: context of a signal handler. This leads to potentially serious
175: race conditions. At the moment this is a theoretical attack only
176: and can only be exploited on the local host (if at all).<br>
177: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/001_sendmail.patch">A source code patch exists</a> which remedies the problem by updating sendmail to version 8.11.4.
178: </ul>
179: <p>
180: <a name=i386></a>
181: <li><h3><font color=#e00000>i386</font></h3>
182: <ul>
183: <a name=nvidia></a>
184: <li><font color=#009000><strong>010: RELIABILITY FIX: Jul 9,
185: 2001</strong></font></br>
186: The nVidia driver for XFree86 4.0.3 is incorrectly restoring the text
187: mode palette upon exit of the X server. <a
188: href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/010_nvidia.patch">
189: A source code patch exists</a> which remedies the problem.
190: To avoid rebuilding the whole XFree86 tree, an updated binary driver
191: is also available
192: <a
193: href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/nv_drv.o">here
194: </a>. Just grab it, copy it to /usr/X11R6/lib/modules/drivers/ and
195: restart your X server.
196: <p>
197: <a name=XF86Setup></a>
198: <li><font color=#009000><strong>009: RELIABILITY FIX: Jun 23,
199: 2001</strong></font><br>
200: The XF86Setup(1) configuration tool for XFree86 3.3.6 is producing
201: corrupted /etc/XF86Config files.
202: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/i386/009_XF86Setup.patch">
203: A source code patch exists</a> which remedies the problem by linking
204: XF86Setup against the XFree86 3.3.6 version of libXxf86vm.a.
205: <p>
206: <li>When using a PS/2 keyboard with an MSI K7T Pro2A motherboard, it may be
207: necessary to disable the "USB Keyboard Support" and
208: "USB Mouse Support" options in the BIOS. Otherwise, the i8042
209: keyboard controller doesn't acknowledge commands, confusing OpenBSD.
210: </ul>
211: <p>
212: <a name=alpha></a>
213: <li><h3><font color=#e00000>alpha</font></h3>
214: <ul>
215: <li>No problems identified yet.
216: </ul>
217: <p>
218: <a name=mac68k></a>
219: <li><h3><font color=#e00000>mac68k</font></h3>
220: <ul>
221: <li>No problems identified yet.
222: </ul>
223: <p>
224: <a name=sparc></a>
225: <li><h3><font color=#e00000>sparc</font></h3>
226: <ul>
227: <li>No problems identified yet.
228: </ul>
229: <p>
230: <a name=amiga></a>
231: <li><h3><font color=#e00000>amiga</font></h3>
232: <ul>
233: <li>No problems identified yet.
234: </ul>
235: <p>
236: <a name=pmax></a>
237: <li><h3><font color=#e00000>pmax</font></h3>
238: <ul>
239: <li>No problems identified yet.
240: </ul>
241: <p>
242: <a name=hp300></a>
243: <li><h3><font color=#e00000>hp300</font></h3>
244: <ul>
245: <li>No problems identified yet.
246: </ul>
247: <p>
248: <a name=mvme68k></a>
249: <li><h3><font color=#e00000>mvme68k</font></h3>
250: <ul>
251: <li>No problems identified yet.
252: </ul>
253: <p>
254: <a name=powerpc></a>
255: <li><h3><font color=#e00000>powerpc</font></h3>
256: <ul>
257: <li>No problems identified yet.
258: </ul>
259: <p>
260: <a name=vax></a>
261: <li><h3><font color=#e00000>vax</font></h3>
262: <ul>
263: <li>No problems identified yet.
264: </ul>
265: <p>
266: <a name=sun3></a>
267: <li><h3><font color=#e00000>sun3</font></h3>
268: <ul>
269: <li>No problems identified yet.
270: </ul>
271:
272: </dl>
273: <br>
274:
275: <hr>
276: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
277: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
278: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
279: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
280: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
281: <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
282: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
283: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
284: <a href=errata28.html>For 2.8 errata, please refer here</a>.<br>
285: <a href=errata.html>For 3.0 errata, please refer here</a>.<br>
286: <hr>
287:
288: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
289: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.2 ! millert 290: <br><small>$OpenBSD: errata29.html,v 1.1 2001/10/22 22:09:53 deraadt Exp $</small>
1.1 deraadt 291:
292: </body>
293: </html>