www/errata30.html - diff

Return to errata30.html CVS log

Up to [local] / www

Diff for /www/errata30.html between version 1.73 and 1.74

version 1.73, 2014/03/28 03:04:30

version 1.74, 2014/03/31 03:12:47

Line 6

</head>

Line 65

Line 64

You can also fetch a tar.gz file containing all the following patches</a>.

This file is updated once a day.

The patches below are available in CVS via the

The patches below are available in CVS via the

<code>OPENBSD_3_0</code> <a href="stable.html">patch branch</a>.

For more detailed information on how to install patches to OpenBSD, please

consult the <a href="./faq/faq10.html#10.14">OpenBSD FAQ</a>.

consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.

<hr>

Line 84

Line 86

could allow an attacker to execute code with the privileges of named.

On OpenBSD, named runs as a non-root user in a chrooted environment

which mitigates the effects of this bug.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/036_named.patch">A

source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

035: SECURITY FIX: November 6, 2002

Incorrect argument checking in the

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getrlimit&sektion=2">getrlimit(2)</a>

system call may allow an attacker to crash the kernel.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/035_kernresource.patch">A

source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

034: SECURITY FIX: November 6, 2002

An attacker can bypass the restrictions imposed by sendmail's restricted shell,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>,

and execute arbitrary commands with the privileges of his own account.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/034_smrsh.patch">A

source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

033: SECURITY FIX: October 21, 2002

A buffer overflow can occur in the

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a>

daemon, leading to possible remote crash or exploit.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/033_kadmin.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

032: SECURITY FIX: October 7, 2002

Incorrect argument checking in the

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setitimer&sektion=2">setitimer(2)</a> system call may allow an attacker to write to kernel memory.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/032_kerntime.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

031: SECURITY FIX: August 11, 2002

Line 122

Line 126

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a>

system call allows an attacker to overwrite kernel memory and execute arbitrary

code in kernel context.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/031_scarg.patch">A

source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

030: SECURITY FIX: July 30, 2002

Line 132

Line 136

library, as in the ASN.1 parser code in the

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a>

library, all of them being potentially remotely exploitable.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/030_ssl.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

This is the second version of the patch.

Line 141

Line 146

A buffer overflow can occur in the

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&sektion=3">xdr_array(3)</a>

RPC code, leading to possible remote crash.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/029_xdr.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

This is the second version of the patch.

Line 150

Line 156

A race condition exists in the

daemon which may cause it to alter the file permissions of an arbitrary file.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/028_pppd.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

027: RELIABILITY FIX: July 5, 2002

Receiving IKE payloads out of sequence can cause

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> to crash.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/027_isakmpd.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

This is the second version of the patch.

026: SECURITY FIX: June 27, 2002

The kernel would let any user <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace&sektion=2">ktrace(2)</a> set[ug]id processes.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/026_ktrace.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

025: SECURITY FIX: June 25, 2002

A potential buffer overflow in the DNS resolver has been found.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/025_resolver.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

024: SECURITY FIX: June 24, 2002

Line 182

Line 192

023: SECURITY FIX: June 24, 2002

A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd

module, leading to possible remote crash or exploit.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/023_mod_ssl.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

022: SECURITY FIX: June 19, 2002

A buffer overflow can occur during the interpretation of chunked

encoding in the http daemon, leading to possible remote crash or exploit.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/022_httpd.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

021: SECURITY FIX: May 8, 2002

A race condition exists where an attacker could fill the file descriptor

table and defeat the kernel's protection of fd slots 0, 1, and 2 for a

setuid or setgid process.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/021_fdalloc2.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

020: SECURITY FIX: April 25, 2002

A bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/020_sudo.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

019: SECURITY FIX: April 22, 2002

Line 210

Line 224

KerberosTgtPassing or AFSTokenPassing has been enabled

in the sshd_config file. Ticket and token passing is not enabled

by default.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/019_sshafs.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

018: SECURITY FIX: April 11, 2002

Line 218

Line 233

will process tilde escapes even in non-interactive mode.

This can lead to a local root compromise.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/018_mail.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

017: RELIABILITY FIX: March 26, 2002

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>

will crash when receiving a zero length IKE packet due to a too-late length check.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/017_isakmpd.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

016: SECURITY FIX: March 19, 2002

Line 240

Line 257

may change to the wrong home directory when running

jobs.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

015: RELIABILITY FIX: March 13, 2002

Line 250

Line 268

function detects this.

There is also a kernel zlib component that may be used by pppd and IPsec.

The feasibility of attacking the kernel this way is currently unknown.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/015_zlib.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

014: SECURITY FIX: March 8, 2002

A local user can gain super-user privileges due to an off-by-one check

in the channel forwarding code of OpenSSH.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/014_openssh.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

013: RELIABILITY FIX: February 4, 2002

The wrong filedescriptors are released when pipe(2) failed.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/013_syspipe.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

012: SECURITY FIX: January 21, 2002

A race condition between the ptrace(2) and execve(2) system calls allows

an attacker to modify the memory contents of suid/sgid processes which

could lead to compromise of the super-user account.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/012_ptrace.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

011: SECURITY FIX: January 17, 2002

Line 280

Line 302

ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes

the mailer an environment that is not subject to influence from the

invoking user.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/011_sudo.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

010: RELIABILITY FIX: December 13, 2001

Systems running with IP-in-IP encapsulation can be made to crash by

malformed packets.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/010_ipip.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

008: SECURITY FIX: November 28, 2001

Line 296

Line 320

/etc/hosts.equiv) may be used to mount an attack and the attacker

must have root access on the machine. OpenBSD does not start lpd

in the default installation.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/008_lpd.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

007: SECURITY FIX: November 13, 2001

A security issue exists in the vi.recover script that may allow an attacker

to remove arbitrary zero-length files, regardless of ownership.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/007_recover.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

006: SECURITY FIX: November 13, 2001

Line 311

Line 337

was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/006_pf.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

002: SECURITY FIX: November 12, 2001

Line 335

Line 362

<li>Various other non-critical fixes.

</ul>

Effectively an upgrade of OpenSSH 3.0 to OpenSSH 3.0.2,

Effectively an upgrade of OpenSSH 3.0 to OpenSSH 3.0.2.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/002_ssh2.patch">a source code patch exists which remedies these problems</a>.

A source code patch exists which remedies this problem.</a>

This is the second version of this patch.

Line 367

Line 395

Hifn7751 based cards may stop working on certain motherboards due to

DMA errors.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/i386/004_hifn.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

</ul>

<h3>alpha</h3>

<ul>

<li>No problems identified yet.

</ul>

<ul>

<li>No problems identified yet.

</ul>

<h3>sparc</h3>

<ul>

<li>No problems identified yet.

</ul>

<h3>sparc64</h3>

<ul>

Line 398

Line 409

Access to a CD drive on the PCI ultrasparc machines results in a continuous stream

of bogus interrupt messages, causing great user anguish.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/sparc64/003_sparc64cd.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

</ul>

<h3>amiga</h3>

<ul>

<li>No problems identified yet.

</ul>

<ul>

<li>No problems identified yet.

</ul>

<ul>

<li>No problems identified yet.

</ul>

<h3>macppc</h3>

<ul>

Line 438

Line 431

Execution of Altivec instructions will crash the kernel.

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.0/macppc/005_altivec.patch">A source code patch exists which remedies the problem</a>.

A source code patch exists which remedies this problem.</a>

</ul>

<ul>

<li>No problems identified yet.

</ul>