===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata30.html,v
retrieving revision 1.105
retrieving revision 1.106
diff -u -r1.105 -r1.106
--- www/errata30.html	2019/05/27 22:55:19	1.105
+++ www/errata30.html	2019/05/28 16:32:41	1.106
@@ -84,160 +84,227 @@
 <hr>
 
 <ul>
-<li id="named">
-<strong>036: SECURITY FIX: November 14, 2002</strong>
+
+<li id="hosts">
+<strong>001: INSTALL ISSUE: November 12, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-A buffer overflow in
-<a href="https://man.openbsd.org/OpenBSD-3.0/named.8">named(8)</a>
-could allow an attacker to execute code with the privileges of named.
-On OpenBSD, named runs as a non-root user in a chrooted environment
-which mitigates the effects of this bug.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/036_named.patch">
-A source code patch exists which remedies this problem.</a>
+A small bug in the installation script causes the <code>/etc/hosts</code> file to
+be incorrectly formed.<br>
+The resulting file contains a line which reads like:<p>
+<code>&nbsp;&nbsp;&nbsp;#.#.#.# hostname. hostname</code>
 <p>
-<li id="kernresource">
-<strong>035: SECURITY FIX: November 6, 2002</strong>
+This line should actually read something like:<p>
+<code>&nbsp;&nbsp;&nbsp;#.#.#.# hostname.domainname.com hostname</code>
+<p>
+To correct this problem, simply edit the file and insert the domainname in
+the required place.
+<p>
+
+<li id="sshd">
+<strong>002: SECURITY FIX: November 12, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-Incorrect argument checking in the
-<a href="https://man.openbsd.org/OpenBSD-3.0/getrlimit.2">getrlimit(2)</a>
-system call may allow an attacker to crash the kernel.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/035_kernresource.patch">
+<a href="https://man.openbsd.org/OpenBSD-3.0/sshd.8">sshd(8)</a>
+is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems:
+<p>
+<ul>
+<li>A security hole that may allow an attacker to partially authenticate
+if -- and only if -- the administrator has enabled KerberosV.
+<br>
+By default, OpenSSH KerberosV support only becomes active after KerberosV
+has been properly configured.
+<p>
+<li>An excessive memory clearing bug (which we believe to be unexploitable)
+also exists, but since this may cause daemon crashes, we are providing a
+patch as well.
+<p>
+<li>A vulnerability in environment passing in the <code>UseLogin</code>
+<i>sshd</i> option
+<p>
+<li>Various other non-critical fixes.
+</ul>
+<p>
+Effectively an upgrade of OpenSSH 3.0 to OpenSSH 3.0.2.
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/002_ssh2.patch">
 A source code patch exists which remedies this problem.</a>
+This is the second version of this patch.
 <p>
-<li id="smrsh">
-<strong>034: SECURITY FIX: November 6, 2002</strong>
-&nbsp; <i>All architectures</i><br>
-An attacker can bypass the restrictions imposed by sendmail's restricted shell,
-<a href="https://man.openbsd.org/OpenBSD-3.0/smrsh.8">smrsh(8)</a>,
-and execute arbitrary commands with the privileges of his own account.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/034_smrsh.patch">
+
+<li id="sparc64cd">
+<strong>003: RELIABILITY FIX: November 12, 2001</strong>
+<br>
+Access to a CD drive on the PCI ultrasparc machines results in a continuous stream
+of bogus interrupt messages, causing great user anguish.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/sparc64/003_sparc64cd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="kadmin">
-<strong>033: SECURITY FIX: October 21, 2002</strong>
-&nbsp; <i>All architectures</i><br>
-A buffer overflow can occur in the
-<a href="https://man.openbsd.org/OpenBSD-3.0/kadmind.8">kadmind(8)</a>
-daemon, leading to possible remote crash or exploit.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/033_kadmin.patch">
+
+<li id="hifn">
+<strong>004: RELIABILITY FIX: November 12, 2001</strong>
+<br>
+Hifn7751 based cards may stop working on certain motherboards due to
+DMA errors.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/i386/004_hifn.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="kerntime">
-<strong>032: SECURITY FIX: October 7, 2002</strong>
-&nbsp; <i>All architectures</i><br>
-Incorrect argument checking in the
-<a href="https://man.openbsd.org/OpenBSD-3.0/setitimer.2">setitimer(2)</a> system call may allow an attacker to write to kernel memory.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/032_kerntime.patch">
+
+<li id="altivec">
+<strong>005: RELIABILITY FIX: November 12, 2001</strong>
+<br>
+Execution of Altivec instructions will crash the kernel.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/macppc/005_altivec.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="scarg">
-<strong>031: SECURITY FIX: August 11, 2002</strong>
+
+<li id="pf">
+<strong>006: SECURITY FIX: November 13, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-An insufficient boundary check in the
-<a href="https://man.openbsd.org/OpenBSD-3.0/select.2">select(2)</a>
-system call allows an attacker to overwrite kernel memory and execute arbitrary
-code in kernel context.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/031_scarg.patch">
+<a href="https://man.openbsd.org/OpenBSD-3.0/pf.4">pf(4)</a>
+was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/006_pf.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="ssl">
-<strong>030: SECURITY FIX: July 30, 2002</strong>
+
+<li id="vi.recover">
+<strong>007: SECURITY FIX: November 13, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the
-<a href="https://man.openbsd.org/OpenBSD-3.0/ssl.8">ssl(8)</a>
-library, as in the ASN.1 parser code in the
-<a href="https://man.openbsd.org/OpenBSD-3.0/crypto.3">crypto(3)</a>
-library, all of them being potentially remotely exploitable.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/030_ssl.patch">
-A source code patch exists which remedies this problem.</a>
+A security issue exists in the vi.recover script that may allow an attacker
+to remove arbitrary zero-length files, regardless of ownership.
 <br>
-This is the second version of the patch.
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/007_recover.patch">
+A source code patch exists which remedies this problem.</a>
 <p>
-<li id="xdr">
-<strong>029: SECURITY FIX: July 29, 2002</strong>
+
+<li id="lpd">
+<strong>008: SECURITY FIX: November 28, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-A buffer overflow can occur in the
-<a href="https://man.openbsd.org/OpenBSD-3.0/xdr_array.3">xdr_array(3)</a>
-RPC code, leading to possible remote crash.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/029_xdr.patch">
+A security issue exists in the lpd daemon that may allow an attacker
+to create arbitrary new files in the root directory.  Only machines
+with line printer access (ie: listed in either /etc/hosts.lpd or
+/etc/hosts.equiv) may be used to mount an attack and the attacker
+must have root access on the machine.  OpenBSD does not start lpd
+in the default installation.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/008_lpd.patch">
 A source code patch exists which remedies this problem.</a>
+<p>
+
+<li id="macppcinstall">
+<strong>009: INSTALLATION FIX: December 11, 2001</strong>
 <br>
-This is the second version of the patch.
+The 3.0 CD2 was created with an error which means that the instructions
+for booting this architecture will not work.  Instead, to boot the
+CD, press Option-Command-O-F during power up to get into OpenFirmware
+and then type:
+<br>
+<code>boot cd:,OFWBOOT /3.0/macppc/bsd.rd</code>
 <p>
-<li id="pppd">
-<strong>028: SECURITY FIX: July 29, 2002</strong>
+
+<li id="ipip">
+<strong>010: RELIABILITY FIX: December 13, 2001</strong>
 &nbsp; <i>All architectures</i><br>
-A race condition exists in the
-<a href="https://man.openbsd.org/OpenBSD-3.0/pppd.8">pppd(8)</a>
-daemon which may cause it to alter the file permissions of an arbitrary file.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/028_pppd.patch">
+Systems running with IP-in-IP encapsulation can be made to crash by
+malformed packets.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/010_ipip.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="isakmpd2">
-<strong>027: RELIABILITY FIX: July 5, 2002</strong>
+
+<li id="sudo">
+<strong>011: SECURITY FIX: January 17, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-Receiving IKE payloads out of sequence can cause
-<a href="https://man.openbsd.org/OpenBSD-3.0/isakmpd.8">isakmpd(8)</a> to crash.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/027_isakmpd.patch">
+If the Postfix sendmail replacement is installed on a system an
+attacker may be able to gain root privileges on the local host via
+sudo(8) which runs the mailer as root with an environment inherited
+from the invoking user.  While this is a bug in sudo it is not
+believed to be possible to exploit when sendmail (the mailer that
+ships with OpenBSD) is the mailer.  As of version 1.6.5, sudo passes
+the mailer an environment that is not subject to influence from the
+invoking user.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/011_sudo.patch">
 A source code patch exists which remedies this problem.</a>
-<br>
-This is the second version of the patch.
 <p>
-<li id="ktrace">
-<strong>026: SECURITY FIX: June 27, 2002</strong>
+
+<li id="ptrace">
+<strong>012: SECURITY FIX: January 21, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-The kernel would let any user <a href="https://man.openbsd.org/OpenBSD-3.0/ktrace.2">ktrace(2)</a> set[ug]id processes.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/026_ktrace.patch">
+A race condition between the ptrace(2) and execve(2) system calls allows
+an attacker to modify the memory contents of suid/sgid processes which
+could lead to compromise of the super-user account.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/012_ptrace.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="resolver">
-<strong>025: SECURITY FIX: June 25, 2002</strong>
+
+<li id="syspipe">
+<strong>013: RELIABILITY FIX: February 4, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-A potential buffer overflow in the DNS resolver has been found.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/025_resolver.patch">
+The wrong filedescriptors are released when pipe(2) failed.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/013_syspipe.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="sshdauth">
-<strong>024: SECURITY FIX: June 24, 2002</strong>
+
+<li id="openssh">
+<strong>014: SECURITY FIX: March 8, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation
-error that can result in an integer overflow and privilege escalation.
-This problem is fixed in <a href="https://www.openssh.com/openbsd.html">OpenSSH
-3.4</a>, and a patch for the vulnerable releases is available as part of the
-<a href="https://www.openssh.com/txt/preauth.adv">security advisory</a>.
+A local user can gain super-user privileges due to an off-by-one check
+in the channel forwarding code of OpenSSH.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/014_openssh.patch">
+A source code patch exists which remedies this problem.</a>
 <p>
-<li id="modssl">
-<strong>023: SECURITY FIX: June 24, 2002</strong>
+
+<li id="zlib">
+<strong>015: RELIABILITY FIX: March 13, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd
-module, leading to possible remote crash or exploit.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/023_mod_ssl.patch">
+Under some circumstances the zlib compression library can free dynamically
+allocated memory twice.  This is not a security issue on OpenBSD since the BSD
+<a href="https://man.openbsd.org/OpenBSD-3.0/free.3">free(3)</a>
+function detects this.
+There is also a kernel zlib component that may be used by pppd and IPsec.
+The feasibility of attacking the kernel this way is currently unknown.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/015_zlib.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="httpd">
-<strong>022: SECURITY FIX: June 19, 2002</strong>
+
+<li id="approval">
+<strong>016: SECURITY FIX: March 19, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-A buffer overflow can occur during the interpretation of chunked
-encoding in the http daemon, leading to possible remote crash or exploit.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/022_httpd.patch">
+Under certain conditions, on systems using YP with netgroups in the password
+database, it is possible for the
+<a href="https://man.openbsd.org/OpenBSD-3.0/rexecd.8">rexecd(8)</a>
+and
+<a href="https://man.openbsd.org/OpenBSD-3.0/rshd.8">rshd(8)</a>
+daemons to execute the shell from a different user's password entry.
+Due to a similar problem,
+<a href="https://man.openbsd.org/OpenBSD-3.0/atrun.8">atrun(8)</a>
+may change to the wrong home directory when running
+<a href="https://man.openbsd.org/OpenBSD-3.0/at.1">at(1)</a>
+jobs.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="fdalloc2">
-<strong>021: SECURITY FIX: May 8, 2002</strong>
+
+<li id="isakmpd">
+<strong>017: RELIABILITY FIX: March 26, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-A race condition exists where an attacker could fill the file descriptor
-table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
-setuid or setgid process.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/021_fdalloc2.patch">
+<a href="https://man.openbsd.org/OpenBSD-3.0/isakmpd.8">isakmpd(8)</a>
+will crash when receiving a zero length IKE packet due to a too-late length check.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/017_isakmpd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="sudo2">
-<strong>020: SECURITY FIX: April 25, 2002</strong>
+
+<li id="mail">
+<strong>018: SECURITY FIX: April 11, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-A bug in <a href="https://man.openbsd.org/OpenBSD-3.0/sudo.8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/020_sudo.patch">
+<a href="https://man.openbsd.org/OpenBSD-3.0/mail.1">mail(1)</a>
+will process tilde escapes even in non-interactive mode.
+This can lead to a local root compromise.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/018_mail.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
+
 <li id="sshafs">
 <strong>019: SECURITY FIX: April 22, 2002</strong>
 &nbsp; <i>All architectures</i><br>
@@ -250,207 +317,176 @@
 <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/019_sshafs.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="mail">
-<strong>018: SECURITY FIX: April 11, 2002</strong>
+
+<li id="sudo2">
+<strong>020: SECURITY FIX: April 25, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-<a href="https://man.openbsd.org/OpenBSD-3.0/mail.1">mail(1)</a>
-will process tilde escapes even in non-interactive mode.
-This can lead to a local root compromise.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/018_mail.patch">
+A bug in <a href="https://man.openbsd.org/OpenBSD-3.0/sudo.8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/020_sudo.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="isakmpd">
-<strong>017: RELIABILITY FIX: March 26, 2002</strong>
+
+<li id="fdalloc2">
+<strong>021: SECURITY FIX: May 8, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-<a href="https://man.openbsd.org/OpenBSD-3.0/isakmpd.8">isakmpd(8)</a>
-will crash when receiving a zero length IKE packet due to a too-late length check.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/017_isakmpd.patch">
+A race condition exists where an attacker could fill the file descriptor
+table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
+setuid or setgid process.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/021_fdalloc2.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="approval">
-<strong>016: SECURITY FIX: March 19, 2002</strong>
+
+<li id="httpd">
+<strong>022: SECURITY FIX: June 19, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-Under certain conditions, on systems using YP with netgroups in the password
-database, it is possible for the
-<a href="https://man.openbsd.org/OpenBSD-3.0/rexecd.8">rexecd(8)</a>
-and
-<a href="https://man.openbsd.org/OpenBSD-3.0/rshd.8">rshd(8)</a>
-daemons to execute the shell from a different user's password entry.
-Due to a similar problem,
-<a href="https://man.openbsd.org/OpenBSD-3.0/atrun.8">atrun(8)</a>
-may change to the wrong home directory when running
-<a href="https://man.openbsd.org/OpenBSD-3.0/at.1">at(1)</a>
-jobs.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch">
+A buffer overflow can occur during the interpretation of chunked
+encoding in the http daemon, leading to possible remote crash or exploit.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/022_httpd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="zlib">
-<strong>015: RELIABILITY FIX: March 13, 2002</strong>
+
+<li id="modssl">
+<strong>023: SECURITY FIX: June 24, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-Under some circumstances the zlib compression library can free dynamically
-allocated memory twice.  This is not a security issue on OpenBSD since the BSD
-<a href="https://man.openbsd.org/OpenBSD-3.0/free.3">free(3)</a>
-function detects this.
-There is also a kernel zlib component that may be used by pppd and IPsec.
-The feasibility of attacking the kernel this way is currently unknown.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/015_zlib.patch">
+A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd
+module, leading to possible remote crash or exploit.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/023_mod_ssl.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="openssh">
-<strong>014: SECURITY FIX: March 8, 2002</strong>
+
+<li id="sshdauth">
+<strong>024: SECURITY FIX: June 24, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-A local user can gain super-user privileges due to an off-by-one check
-in the channel forwarding code of OpenSSH.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/014_openssh.patch">
-A source code patch exists which remedies this problem.</a>
+All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation
+error that can result in an integer overflow and privilege escalation.
+This problem is fixed in <a href="https://www.openssh.com/openbsd.html">OpenSSH
+3.4</a>, and a patch for the vulnerable releases is available as part of the
+<a href="https://www.openssh.com/txt/preauth.adv">security advisory</a>.
 <p>
-<li id="syspipe">
-<strong>013: RELIABILITY FIX: February 4, 2002</strong>
+
+<li id="resolver">
+<strong>025: SECURITY FIX: June 25, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-The wrong filedescriptors are released when pipe(2) failed.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/013_syspipe.patch">
+A potential buffer overflow in the DNS resolver has been found.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/025_resolver.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="ptrace">
-<strong>012: SECURITY FIX: January 21, 2002</strong>
+
+<li id="ktrace">
+<strong>026: SECURITY FIX: June 27, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-A race condition between the ptrace(2) and execve(2) system calls allows
-an attacker to modify the memory contents of suid/sgid processes which
-could lead to compromise of the super-user account.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/012_ptrace.patch">
+The kernel would let any user <a href="https://man.openbsd.org/OpenBSD-3.0/ktrace.2">ktrace(2)</a> set[ug]id processes.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/026_ktrace.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="sudo">
-<strong>011: SECURITY FIX: January 17, 2002</strong>
+
+<li id="isakmpd2">
+<strong>027: RELIABILITY FIX: July 5, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-If the Postfix sendmail replacement is installed on a system an
-attacker may be able to gain root privileges on the local host via
-sudo(8) which runs the mailer as root with an environment inherited
-from the invoking user.  While this is a bug in sudo it is not
-believed to be possible to exploit when sendmail (the mailer that
-ships with OpenBSD) is the mailer.  As of version 1.6.5, sudo passes
-the mailer an environment that is not subject to influence from the
-invoking user.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/011_sudo.patch">
+Receiving IKE payloads out of sequence can cause
+<a href="https://man.openbsd.org/OpenBSD-3.0/isakmpd.8">isakmpd(8)</a> to crash.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/027_isakmpd.patch">
 A source code patch exists which remedies this problem.</a>
+<br>
+This is the second version of the patch.
 <p>
-<li id="ipip">
-<strong>010: RELIABILITY FIX: December 13, 2001</strong>
+
+<li id="pppd">
+<strong>028: SECURITY FIX: July 29, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-Systems running with IP-in-IP encapsulation can be made to crash by
-malformed packets.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/010_ipip.patch">
+A race condition exists in the
+<a href="https://man.openbsd.org/OpenBSD-3.0/pppd.8">pppd(8)</a>
+daemon which may cause it to alter the file permissions of an arbitrary file.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/028_pppd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="macppcinstall">
-<strong>009: INSTALLATION FIX: December 11, 2001</strong>
+
+<li id="xdr">
+<strong>029: SECURITY FIX: July 29, 2002</strong>
+&nbsp; <i>All architectures</i><br>
+A buffer overflow can occur in the
+<a href="https://man.openbsd.org/OpenBSD-3.0/xdr_array.3">xdr_array(3)</a>
+RPC code, leading to possible remote crash.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/029_xdr.patch">
+A source code patch exists which remedies this problem.</a>
 <br>
-The 3.0 CD2 was created with an error which means that the instructions
-for booting this architecture will not work.  Instead, to boot the
-CD, press Option-Command-O-F during power up to get into OpenFirmware
-and then type:
-<br>
-<code>boot cd:,OFWBOOT /3.0/macppc/bsd.rd</code>
+This is the second version of the patch.
 <p>
-<li id="lpd">
-<strong>008: SECURITY FIX: November 28, 2001</strong>
+
+<li id="ssl">
+<strong>030: SECURITY FIX: July 30, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-A security issue exists in the lpd daemon that may allow an attacker
-to create arbitrary new files in the root directory.  Only machines
-with line printer access (ie: listed in either /etc/hosts.lpd or
-/etc/hosts.equiv) may be used to mount an attack and the attacker
-must have root access on the machine.  OpenBSD does not start lpd
-in the default installation.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/008_lpd.patch">
+Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the
+<a href="https://man.openbsd.org/OpenBSD-3.0/ssl.8">ssl(8)</a>
+library, as in the ASN.1 parser code in the
+<a href="https://man.openbsd.org/OpenBSD-3.0/crypto.3">crypto(3)</a>
+library, all of them being potentially remotely exploitable.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/030_ssl.patch">
 A source code patch exists which remedies this problem.</a>
+<br>
+This is the second version of the patch.
 <p>
-<li id="vi.recover">
-<strong>007: SECURITY FIX: November 13, 2001</strong>
+
+<li id="scarg">
+<strong>031: SECURITY FIX: August 11, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-A security issue exists in the vi.recover script that may allow an attacker
-to remove arbitrary zero-length files, regardless of ownership.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/007_recover.patch">
+An insufficient boundary check in the
+<a href="https://man.openbsd.org/OpenBSD-3.0/select.2">select(2)</a>
+system call allows an attacker to overwrite kernel memory and execute arbitrary
+code in kernel context.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/031_scarg.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="pf">
-<strong>006: SECURITY FIX: November 13, 2001</strong>
+
+<li id="kerntime">
+<strong>032: SECURITY FIX: October 7, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-<a href="https://man.openbsd.org/OpenBSD-3.0/pf.4">pf(4)</a>
-was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/006_pf.patch">
+Incorrect argument checking in the
+<a href="https://man.openbsd.org/OpenBSD-3.0/setitimer.2">setitimer(2)</a> system call may allow an attacker to write to kernel memory.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/032_kerntime.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="altivec">
-<strong>005: RELIABILITY FIX: November 12, 2001</strong>
-<br>
-Execution of Altivec instructions will crash the kernel.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/macppc/005_altivec.patch">
+
+<li id="kadmin">
+<strong>033: SECURITY FIX: October 21, 2002</strong>
+&nbsp; <i>All architectures</i><br>
+A buffer overflow can occur in the
+<a href="https://man.openbsd.org/OpenBSD-3.0/kadmind.8">kadmind(8)</a>
+daemon, leading to possible remote crash or exploit.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/033_kadmin.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="hifn">
-<strong>004: RELIABILITY FIX: November 12, 2001</strong>
-<br>
-Hifn7751 based cards may stop working on certain motherboards due to
-DMA errors.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/i386/004_hifn.patch">
+
+<li id="smrsh">
+<strong>034: SECURITY FIX: November 6, 2002</strong>
+&nbsp; <i>All architectures</i><br>
+An attacker can bypass the restrictions imposed by sendmail's restricted shell,
+<a href="https://man.openbsd.org/OpenBSD-3.0/smrsh.8">smrsh(8)</a>,
+and execute arbitrary commands with the privileges of his own account.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/034_smrsh.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
-<li id="sparc64cd">
-<strong>003: RELIABILITY FIX: November 12, 2001</strong>
-<br>
-Access to a CD drive on the PCI ultrasparc machines results in a continuous stream
-of bogus interrupt messages, causing great user anguish.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/sparc64/003_sparc64cd.patch">
-A source code patch exists which remedies this problem.</a>
-<p>
-<li id="sshd">
-<strong>002: SECURITY FIX: November 12, 2001</strong>
+
+<li id="kernresource">
+<strong>035: SECURITY FIX: November 6, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-<a href="https://man.openbsd.org/OpenBSD-3.0/sshd.8">sshd(8)</a>
-is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems:
-<p>
-<ul>
-<li>A security hole that may allow an attacker to partially authenticate
-if -- and only if -- the administrator has enabled KerberosV.
-<br>
-By default, OpenSSH KerberosV support only becomes active after KerberosV
-has been properly configured.
-<p>
-<li>An excessive memory clearing bug (which we believe to be unexploitable)
-also exists, but since this may cause daemon crashes, we are providing a
-patch as well.
-<p>
-<li>A vulnerability in environment passing in the <code>UseLogin</code>
-<i>sshd</i> option
-<p>
-<li>Various other non-critical fixes.
-</ul>
-<p>
-Effectively an upgrade of OpenSSH 3.0 to OpenSSH 3.0.2.
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/002_ssh2.patch">
+Incorrect argument checking in the
+<a href="https://man.openbsd.org/OpenBSD-3.0/getrlimit.2">getrlimit(2)</a>
+system call may allow an attacker to crash the kernel.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/035_kernresource.patch">
 A source code patch exists which remedies this problem.</a>
-This is the second version of this patch.
 <p>
-<li id="hosts">
-<strong>001: INSTALL ISSUE: November 12, 2001</strong>
+
+<li id="named">
+<strong>036: SECURITY FIX: November 14, 2002</strong>
 &nbsp; <i>All architectures</i><br>
-A small bug in the installation script causes the <code>/etc/hosts</code> file to
-be incorrectly formed.<br>
-The resulting file contains a line which reads like:<p>
-<code>&nbsp;&nbsp;&nbsp;#.#.#.# hostname. hostname</code>
-<p>
-This line should actually read something like:<p>
-<code>&nbsp;&nbsp;&nbsp;#.#.#.# hostname.domainname.com hostname</code>
-<p>
-To correct this problem, simply edit the file and insert the domainname in
-the required place.
+A buffer overflow in
+<a href="https://man.openbsd.org/OpenBSD-3.0/named.8">named(8)</a>
+could allow an attacker to execute code with the privileges of named.
+On OpenBSD, named runs as a non-root user in a chrooted environment
+which mitigates the effects of this bug.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/036_named.patch">
+A source code patch exists which remedies this problem.</a>
 <p>
 
 </ul>
