OpenBSD 3.0 Errata

=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata30.html,v retrieving revision 1.104 retrieving revision 1.105 diff -c -r1.104 -r1.105 *** www/errata30.html 2019/04/02 12:46:56 1.104 --- www/errata30.html 2019/05/27 22:55:19 1.105 *************** *** 1,25 **** ! ! ! OpenBSD 3.0 Errata - - - !

! OpenBSD ! 3.0 Errata

--- 1,23 ---- ! ! ! ! OpenBSD 3.0 Errata !

! OpenBSD ! 3.0 Errata

*************** *** 87,93 ****

! 036: SECURITY FIX: November 14, 2002 All architectures
A buffer overflow in named(8) --- 85,91 ----
- ! 036: SECURITY FIX: November 14, 2002 All architectures
  A buffer overflow in named(8) *************** *** 98,104 **** A source code patch exists which remedies this problem.
- ! 035: SECURITY FIX: November 6, 2002 All architectures
  Incorrect argument checking in the getrlimit(2) --- 96,102 ---- A source code patch exists which remedies this problem.
- ! 035: SECURITY FIX: November 6, 2002 All architectures
  Incorrect argument checking in the getrlimit(2) *************** *** 107,113 **** A source code patch exists which remedies this problem.
- ! 034: SECURITY FIX: November 6, 2002 All architectures
  An attacker can bypass the restrictions imposed by sendmail's restricted shell, smrsh(8), --- 105,111 ---- A source code patch exists which remedies this problem.
- ! 034: SECURITY FIX: November 6, 2002 All architectures
  An attacker can bypass the restrictions imposed by sendmail's restricted shell, smrsh(8), *************** *** 116,122 **** A source code patch exists which remedies this problem.
- ! 033: SECURITY FIX: October 21, 2002 All architectures
  A buffer overflow can occur in the kadmind(8) --- 114,120 ---- A source code patch exists which remedies this problem.
- ! 033: SECURITY FIX: October 21, 2002 All architectures
  A buffer overflow can occur in the kadmind(8) *************** *** 125,131 **** A source code patch exists which remedies this problem.
- ! 032: SECURITY FIX: October 7, 2002 All architectures
  Incorrect argument checking in the setitimer(2) system call may allow an attacker to write to kernel memory.
  --- 123,129 ---- A source code patch exists which remedies this problem.
- ! 032: SECURITY FIX: October 7, 2002 All architectures
  Incorrect argument checking in the setitimer(2) system call may allow an attacker to write to kernel memory.
  *************** *** 133,139 **** A source code patch exists which remedies this problem.
- ! 031: SECURITY FIX: August 11, 2002 All architectures
  An insufficient boundary check in the select(2) --- 131,137 ---- A source code patch exists which remedies this problem.
- ! 031: SECURITY FIX: August 11, 2002 All architectures
  An insufficient boundary check in the select(2) *************** *** 143,149 **** A source code patch exists which remedies this problem.
- ! 030: SECURITY FIX: July 30, 2002 All architectures
  Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the ssl(8) --- 141,147 ---- A source code patch exists which remedies this problem.
- ! 030: SECURITY FIX: July 30, 2002 All architectures
  Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the ssl(8) *************** *** 156,162 **** This is the second version of the patch.
- ! 029: SECURITY FIX: July 29, 2002 All architectures
  A buffer overflow can occur in the xdr_array(3) --- 154,160 ---- This is the second version of the patch.
- ! 029: SECURITY FIX: July 29, 2002 All architectures
  A buffer overflow can occur in the xdr_array(3) *************** *** 167,173 **** This is the second version of the patch.
- ! 028: SECURITY FIX: July 29, 2002 All architectures
  A race condition exists in the pppd(8) --- 165,171 ---- This is the second version of the patch.
- ! 028: SECURITY FIX: July 29, 2002 All architectures
  A race condition exists in the pppd(8) *************** *** 176,182 **** A source code patch exists which remedies this problem.
- ! 027: RELIABILITY FIX: July 5, 2002 All architectures
  Receiving IKE payloads out of sequence can cause isakmpd(8) to crash.
  --- 174,180 ---- A source code patch exists which remedies this problem.
- ! 027: RELIABILITY FIX: July 5, 2002 All architectures
  Receiving IKE payloads out of sequence can cause isakmpd(8) to crash.
  *************** *** 186,206 **** This is the second version of the patch.
- ! 026: SECURITY FIX: June 27, 2002 All architectures
  The kernel would let any user ktrace(2) set[ug]id processes.
  A source code patch exists which remedies this problem.
- ! 025: SECURITY FIX: June 25, 2002 All architectures
  A potential buffer overflow in the DNS resolver has been found.
  A source code patch exists which remedies this problem.
- ! 024: SECURITY FIX: June 24, 2002 All architectures
  All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. --- 184,204 ---- This is the second version of the patch.
- ! 026: SECURITY FIX: June 27, 2002 All architectures
  The kernel would let any user ktrace(2) set[ug]id processes.
  A source code patch exists which remedies this problem.
- ! 025: SECURITY FIX: June 25, 2002 All architectures
  A potential buffer overflow in the DNS resolver has been found.
  A source code patch exists which remedies this problem.
- ! 024: SECURITY FIX: June 24, 2002 All architectures
  All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. *************** *** 209,215 **** security advisory.
- ! 023: SECURITY FIX: June 24, 2002 All architectures
  A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd module, leading to possible remote crash or exploit.
  --- 207,213 ---- security advisory.
- ! 023: SECURITY FIX: June 24, 2002 All architectures
  A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd module, leading to possible remote crash or exploit.
  *************** *** 217,223 **** A source code patch exists which remedies this problem.
- ! 022: SECURITY FIX: June 19, 2002 All architectures
  A buffer overflow can occur during the interpretation of chunked encoding in the http daemon, leading to possible remote crash or exploit.
  --- 215,221 ---- A source code patch exists which remedies this problem.
- ! 022: SECURITY FIX: June 19, 2002 All architectures
  A buffer overflow can occur during the interpretation of chunked encoding in the http daemon, leading to possible remote crash or exploit.
  *************** *** 225,231 **** A source code patch exists which remedies this problem.
- ! 021: SECURITY FIX: May 8, 2002 All architectures
  A race condition exists where an attacker could fill the file descriptor table and defeat the kernel's protection of fd slots 0, 1, and 2 for a --- 223,229 ---- A source code patch exists which remedies this problem.
- ! 021: SECURITY FIX: May 8, 2002 All architectures
  A race condition exists where an attacker could fill the file descriptor table and defeat the kernel's protection of fd slots 0, 1, and 2 for a *************** *** 234,247 **** A source code patch exists which remedies this problem.
- ! 020: SECURITY FIX: April 25, 2002 All architectures
  A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
  A source code patch exists which remedies this problem.
- ! 019: SECURITY FIX: April 22, 2002 All architectures
  A local user can gain super-user privileges due to a buffer overflow in sshd(8) --- 232,245 ---- A source code patch exists which remedies this problem.
- ! 020: SECURITY FIX: April 25, 2002 All architectures
  A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
  A source code patch exists which remedies this problem.
- ! 019: SECURITY FIX: April 22, 2002 All architectures
  A local user can gain super-user privileges due to a buffer overflow in sshd(8) *************** *** 253,259 **** A source code patch exists which remedies this problem.
- ! 018: SECURITY FIX: April 11, 2002 All architectures
  mail(1) will process tilde escapes even in non-interactive mode. --- 251,257 ---- A source code patch exists which remedies this problem.
- ! 018: SECURITY FIX: April 11, 2002 All architectures
  mail(1) will process tilde escapes even in non-interactive mode. *************** *** 263,269 **** A source code patch exists which remedies this problem.
- ! 017: RELIABILITY FIX: March 26, 2002 All architectures
  isakmpd(8) will crash when receiving a zero length IKE packet due to a too-late length check. --- 261,267 ---- A source code patch exists which remedies this problem.
- ! 017: RELIABILITY FIX: March 26, 2002 All architectures
  isakmpd(8) will crash when receiving a zero length IKE packet due to a too-late length check. *************** *** 272,278 **** A source code patch exists which remedies this problem.
- ! 016: SECURITY FIX: March 19, 2002 All architectures
  Under certain conditions, on systems using YP with netgroups in the password database, it is possible for the --- 270,276 ---- A source code patch exists which remedies this problem.
- ! 016: SECURITY FIX: March 19, 2002 All architectures
  Under certain conditions, on systems using YP with netgroups in the password database, it is possible for the *************** *** 289,295 **** A source code patch exists which remedies this problem.
- ! 015: RELIABILITY FIX: March 13, 2002 All architectures
  Under some circumstances the zlib compression library can free dynamically allocated memory twice. This is not a security issue on OpenBSD since the BSD --- 287,293 ---- A source code patch exists which remedies this problem.
- ! 015: RELIABILITY FIX: March 13, 2002 All architectures
  Under some circumstances the zlib compression library can free dynamically allocated memory twice. This is not a security issue on OpenBSD since the BSD *************** *** 301,307 **** A source code patch exists which remedies this problem.
- ! 014: SECURITY FIX: March 8, 2002 All architectures
  A local user can gain super-user privileges due to an off-by-one check in the channel forwarding code of OpenSSH.
  --- 299,305 ---- A source code patch exists which remedies this problem.
- ! 014: SECURITY FIX: March 8, 2002 All architectures
  A local user can gain super-user privileges due to an off-by-one check in the channel forwarding code of OpenSSH.
  *************** *** 309,322 **** A source code patch exists which remedies this problem.
- ! 013: RELIABILITY FIX: February 4, 2002 All architectures
  The wrong filedescriptors are released when pipe(2) failed.
  A source code patch exists which remedies this problem.
- ! 012: SECURITY FIX: January 21, 2002 All architectures
  A race condition between the ptrace(2) and execve(2) system calls allows an attacker to modify the memory contents of suid/sgid processes which --- 307,320 ---- A source code patch exists which remedies this problem.
- ! 013: RELIABILITY FIX: February 4, 2002 All architectures
  The wrong filedescriptors are released when pipe(2) failed.
  A source code patch exists which remedies this problem.
- ! 012: SECURITY FIX: January 21, 2002 All architectures
  A race condition between the ptrace(2) and execve(2) system calls allows an attacker to modify the memory contents of suid/sgid processes which *************** *** 325,331 **** A source code patch exists which remedies this problem.
- ! 011: SECURITY FIX: January 17, 2002 All architectures
  If the Postfix sendmail replacement is installed on a system an attacker may be able to gain root privileges on the local host via --- 323,329 ---- A source code patch exists which remedies this problem.
- ! 011: SECURITY FIX: January 17, 2002 All architectures
  If the Postfix sendmail replacement is installed on a system an attacker may be able to gain root privileges on the local host via *************** *** 339,345 **** A source code patch exists which remedies this problem.
- ! 010: RELIABILITY FIX: December 13, 2001 All architectures
  Systems running with IP-in-IP encapsulation can be made to crash by malformed packets.
  --- 337,343 ---- A source code patch exists which remedies this problem.
- ! 010: RELIABILITY FIX: December 13, 2001 All architectures
  Systems running with IP-in-IP encapsulation can be made to crash by malformed packets.
  *************** *** 347,353 **** A source code patch exists which remedies this problem.
- ! 009: INSTALLATION FIX: December 11, 2001
  The 3.0 CD2 was created with an error which means that the instructions for booting this architecture will not work. Instead, to boot the --- 345,351 ---- A source code patch exists which remedies this problem.
- ! 009: INSTALLATION FIX: December 11, 2001
  The 3.0 CD2 was created with an error which means that the instructions for booting this architecture will not work. Instead, to boot the *************** *** 357,363 **** boot cd:,OFWBOOT /3.0/macppc/bsd.rd
- ! 008: SECURITY FIX: November 28, 2001 All architectures
  A security issue exists in the lpd daemon that may allow an attacker to create arbitrary new files in the root directory. Only machines --- 355,361 ---- boot cd:,OFWBOOT /3.0/macppc/bsd.rd
- ! 008: SECURITY FIX: November 28, 2001 All architectures
  A security issue exists in the lpd daemon that may allow an attacker to create arbitrary new files in the root directory. Only machines *************** *** 369,375 **** A source code patch exists which remedies this problem.
- ! 007: SECURITY FIX: November 13, 2001 All architectures
  A security issue exists in the vi.recover script that may allow an attacker to remove arbitrary zero-length files, regardless of ownership. --- 367,373 ---- A source code patch exists which remedies this problem.
- ! 007: SECURITY FIX: November 13, 2001 All architectures
  A security issue exists in the vi.recover script that may allow an attacker to remove arbitrary zero-length files, regardless of ownership. *************** *** 378,384 **** A source code patch exists which remedies this problem.
- ! 006: SECURITY FIX: November 13, 2001 All architectures
  pf(4) was incapable of dealing with certain ipv6 icmp packets, resulting in a crash. --- 376,382 ---- A source code patch exists which remedies this problem.
- ! 006: SECURITY FIX: November 13, 2001 All architectures
  pf(4) was incapable of dealing with certain ipv6 icmp packets, resulting in a crash. *************** *** 387,393 **** A source code patch exists which remedies this problem.
- ! 005: RELIABILITY FIX: November 12, 2001
  Execution of Altivec instructions will crash the kernel.
  --- 385,391 ---- A source code patch exists which remedies this problem.
- ! 005: RELIABILITY FIX: November 12, 2001
  Execution of Altivec instructions will crash the kernel.
  *************** *** 395,401 **** A source code patch exists which remedies this problem.
- ! 004: RELIABILITY FIX: November 12, 2001
  Hifn7751 based cards may stop working on certain motherboards due to DMA errors. --- 393,399 ---- A source code patch exists which remedies this problem.
- ! 004: RELIABILITY FIX: November 12, 2001
  Hifn7751 based cards may stop working on certain motherboards due to DMA errors. *************** *** 404,410 **** A source code patch exists which remedies this problem.
- ! 003: RELIABILITY FIX: November 12, 2001
  Access to a CD drive on the PCI ultrasparc machines results in a continuous stream of bogus interrupt messages, causing great user anguish. --- 402,408 ---- A source code patch exists which remedies this problem.
- ! 003: RELIABILITY FIX: November 12, 2001
  Access to a CD drive on the PCI ultrasparc machines results in a continuous stream of bogus interrupt messages, causing great user anguish. *************** *** 413,419 **** A source code patch exists which remedies this problem.
- ! 002: SECURITY FIX: November 12, 2001 All architectures
  sshd(8) is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems: --- 411,417 ---- A source code patch exists which remedies this problem.
- ! 002: SECURITY FIX: November 12, 2001 All architectures
  sshd(8) is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems: *************** *** 441,455 **** This is the second version of this patch.
- ! 001: INSTALL ISSUE: November 12, 2001 All architectures
  ! A small bug in the installation script causes the /etc/hosts file to be incorrectly formed.
  The resulting file contains a line which reads like:
  ! #.#.#.# hostname. hostname
  This line should actually read something like:
  ! #.#.#.# hostname.domainname.com hostname
  To correct this problem, simply edit the file and insert the domainname in the required place. --- 439,453 ---- This is the second version of this patch.
- ! 001: INSTALL ISSUE: November 12, 2001 All architectures
  ! A small bug in the installation script causes the /etc/hosts file to be incorrectly formed.
  The resulting file contains a line which reads like:
  ! #.#.#.# hostname. hostname
  This line should actually read something like:
  ! #.#.#.# hostname.domainname.com hostname
  To correct this problem, simply edit the file and insert the domainname in the required place. *************** *** 458,463 ****
- - - --- 456,458 ----