Annotation of www/errata30.html, Revision 1.1
1.1 ! deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
! 2: <html>
! 3: <head>
! 4: <title>OpenBSD 3.0 errata</title>
! 5: <link rev=made href=mailto:www@openbsd.org>
! 6: <meta name="resource-type" content="document">
! 7: <meta name="description" content="the OpenBSD CD errata page">
! 8: <meta name="keywords" content="openbsd,cd,errata">
! 9: <meta name="distribution" content="global">
! 10: <meta name="copyright" content="This document copyright 1997-2002 by OpenBSD.">
! 11: </head>
! 12:
! 13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
! 14:
! 15: <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
! 16: <h2><font color=#0000e0>
! 17: This is the OpenBSD 3.0 release errata & patch list:
! 18:
! 19: </font></h2>
! 20:
! 21: <hr>
! 22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
! 23: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
! 24: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
! 25: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
! 26: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
! 27: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
! 28: <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
! 29: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
! 30: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
! 31: <a href=errata28.html>For 2.8 errata, please refer here</a>.<br>
! 32: <a href=errata29.html>For 2.9 errata, please refer here</a>.<br>
! 33: <a href=errata.html>For 3.0 errata, please refer here</a>.<br>
! 34: <hr>
! 35:
! 36: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0.tar.gz>
! 37: You can also fetch a tar.gz file containing all the following patches</a>.
! 38: This file is updated once a day.
! 39:
! 40: <p> The patches below are available in CVS via the
! 41: <code>OPENBSD_3_0</code> <a href="stable.html">patch branch</a>.
! 42:
! 43: <p>
! 44: For more detailed information on install patches to OpenBSD, please
! 45: consult the <a href="./faq/faq10.html#10.14">OpenBSD FAQ</a>.
! 46: <hr>
! 47:
! 48: <dl>
! 49: <a name=all></a>
! 50: <li><h3><font color=#e00000>All architectures</font></h3>
! 51: <ul>
! 52: <a name=mail></a>
! 53: <li><font color=#009000><strong>018: SECURITY FIX: April 11, 2002</strong></font><br>
! 54: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mail&sektion=1">mail(1)</a>
! 55: will process tilde escapes even in non-interactive mode.
! 56: This can lead to a local root compromise.
! 57: <br>
! 58: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/018_mail.patch">A source code patch exists which remedies the problem</a>.
! 59: <p>
! 60: <a name=isakmpd></a>
! 61: <li><font color=#009000><strong>017: RELIABILITY FIX: March 26, 2002</strong></font><br>
! 62: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>
! 63: will crash when receiving a zero length IKE packet due to a too-late length check.
! 64: <br>
! 65: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/017_isakmpd.patch">A source code patch exists which remedies the problem</a>.
! 66: <p>
! 67: <a name=approval></a>
! 68: <li><font color=#009000><strong>016: SECURITY FIX: March 19, 2002</strong></font><br>
! 69: Under certain conditions, on systems using YP with netgroups in the password
! 70: database, it is possible for the
! 71: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rexecd&sektion=8">rexecd(8)</a>
! 72: and
! 73: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rshd&sektion=8">rshd(8)</a>
! 74: daemons to execute the shell from a different user's password entry.
! 75: Due to a similar problem,
! 76: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atrun&sektion=8">atrun(8)</a>
! 77: may change to the wrong home directory when running
! 78: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a>
! 79: jobs.<br>
! 80: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch">A source code patch exists which remedies the problem</a>.
! 81: <p>
! 82: <a name=zlib></a>
! 83: <li><font color=#009000><strong>015: RELIABILITY FIX: March 13, 2002</strong></font><br>
! 84: Under some circumstances the zlib compression library can free dynamically
! 85: allocated memory twice. This is not a security issue on OpenBSD since the BSD
! 86: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=free&sektion=3">free(3)</a>
! 87: function detects this.
! 88: There is also a kernel zlib component that may be used by pppd and IPSec.
! 89: The feasibility of attacking the kernel this way is currently unknown.<br>
! 90: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/015_zlib.patch">A source code patch exists which remedies the problem</a>.
! 91: <p>
! 92: <a name=openssh></a>
! 93: <li><font color=#009000><strong>014: SECURITY FIX: March 8, 2002</strong></font><br>
! 94: A local user can gain super-user privileges due to an off-by-one check
! 95: in the channel forwarding code of OpenSSH.<br>
! 96: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/014_openssh.patch">A source code patch exists which remedies the problem</a>.
! 97: <p>
! 98: <a name=syspipe></a>
! 99: <li><font color=#009000><strong>013: RELIABILITY FIX: February 4, 2002</strong></font><br>
! 100: The wrong filedescriptors are released when pipe(2) failed.<br>
! 101: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/013_syspipe.patch">A source code patch exists which remedies the problem</a>.
! 102: <p>
! 103: <a name=ptrace></a>
! 104: <li><font color=#009000><strong>012: SECURITY FIX: January 21, 2002</strong></font><br>
! 105: A race condition between the ptrace(2) and execve(2) system calls allows
! 106: an attacker to modify the memory contents of suid/sgid processes which
! 107: could lead to compromise of the super-user account.<br>
! 108: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/012_ptrace.patch">A source code patch exists which remedies the problem</a>.
! 109: <p>
! 110: <a name=sudo>
! 111: <li><font color=#009000><strong>011: SECURITY FIX: January 17, 2002</strong></font><br>
! 112: If the Postfix sendmail replacement is installed on a system an
! 113: attacker may be able to gain root privileges on the local host via
! 114: sudo(8) which runs the mailer as root with an environment inherited
! 115: from the invoking user. While this is a bug in sudo it is not
! 116: believed to be possible to exploit when sendmail (the mailer that
! 117: ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes
! 118: the mailer an environment that is not subject to influence from the
! 119: invoking user.<br>
! 120: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/011_sudo.patch">A source code patch exists which remedies the problem</a>.
! 121: <p>
! 122: <a name=ipip>
! 123: <li><font color=#009000><strong>010: RELIABILITY FIX: December 13, 2001</strong></font><br>
! 124: Systems running with IP-in-IP encapulation can be made to crash by
! 125: malformed packets.<br>
! 126: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/010_ipip.patch">A source code patch exists which remedies the problem</a>.
! 127: <p>
! 128: <a name=lpd>
! 129: <li><font color=#009000><strong>008: SECURITY FIX: November 28, 2001</strong></font><br>
! 130: A security issue exists in the lpd daemon that may allow an attacker
! 131: to create arbitrary new files in the root directory. Only machines
! 132: with line printer access (ie: listed in either /etc/hosts.lpd or
! 133: /etc/hosts.equiv) may be used to mount an attack and the attacker
! 134: must have root access on the machine. OpenBSD does not start lpd
! 135: in the default installation.<br>
! 136: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/008_lpd.patch">A source code patch exists which remedies the problem</a>.
! 137: <p>
! 138: <a name=vi.recover>
! 139: <li><font color=#009000><strong>007: SECURITY FIX: November 13, 2001</strong></font><br>
! 140: A security issue exists in the vi.recover script that may allow an attacker
! 141: to remove arbitrary zero-length files, regardless of ownership.
! 142: <br>
! 143: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/007_recover.patch">A source code patch exists which remedies the problem</a>.
! 144: <p>
! 145: <a name=pf>
! 146: <li><font color=#009000><strong>006: SECURITY FIX: November 13, 2001</strong></font>
! 147: <br>
! 148: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>
! 149: was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
! 150: <br>
! 151: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/006_pf.patch">A source code patch exists which remedies the problem</a>.
! 152: <p>
! 153: <a name=sshd>
! 154: <li><font color=#009000><strong>002: SECURITY FIX: November 12, 2001</strong></font><br>
! 155: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
! 156: is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems:
! 157: <p>
! 158: <ul>
! 159: <li>A security hole that may allow an attacker to partially authenticate
! 160: if -- and only if -- the administrator has enabled KerberosV.
! 161: <br>
! 162: By default, OpenSSH KerberosV support only becomes active after KerberosV
! 163: has been properly configured.
! 164: <p>
! 165: <li>An excessive memory clearing bug (which we believe to be unexploitable)
! 166: also exists, but since this may cause daemon crashes, we are providing a
! 167: patch as well.
! 168: <p>
! 169: <li>A vulnerability in environment passing in the <code>UseLogin</code>
! 170: <i>sshd</i> option
! 171: <p>
! 172: <li>Various other non-critical fixes.
! 173: </ul>
! 174: <p>
! 175: Effectively an upgrade of OpenSSH 3.0 to OpenSSH 3.0.2,
! 176: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/002_ssh2.patch">a source code patch exists which remedies these problems</a>.
! 177: This is the second version of this patch.
! 178: <p>
! 179: <a name=hosts>
! 180: <li><font color=#009000><strong>001: INSTALL ISSUE: November 12, 2001</strong></font><br>
! 181: A small bug in the installation script causes the <tt>/etc/hosts</tt> file to
! 182: be incorrectly formed.<br>
! 183: The resulting file contains a line which reads like:<p>
! 184: <tt>
! 185: #.#.#.# hostname. hostname
! 186: </tt>
! 187: <p>
! 188: This line should actually read something like:<p>
! 189: <tt>
! 190: #.#.#.# hostname.domainname.com hostname
! 191: </tt>
! 192: <p>
! 193: To correct this problem, simply edit the file and insert the domainname in
! 194: the required place.
! 195: <p>
! 196: </ul>
! 197: <p>
! 198: <a name=i386></a>
! 199: <li><h3><font color=#e00000>i386</font></h3>
! 200: <ul>
! 201: <a name=hifn>
! 202: <li><font color=#009000><strong>004: RELIABILITY FIX: November 12, 2001</strong></font>
! 203: <br>
! 204: Hifn7751 based cards may stop working on certain motherboards due to
! 205: DMA errors.
! 206: <br>
! 207: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/i386/004_hifn.patch">A source code patch exists which remedies the problem</a>.
! 208: <p>
! 209: </ul>
! 210: <p>
! 211: <a name=alpha></a>
! 212: <li><h3><font color=#e00000>alpha</font></h3>
! 213: <ul>
! 214: <li>No problems identified yet.
! 215: </ul>
! 216: <p>
! 217: <a name=mac68k></a>
! 218: <li><h3><font color=#e00000>mac68k</font></h3>
! 219: <ul>
! 220: <li>No problems identified yet.
! 221: </ul>
! 222: <p>
! 223: <a name=sparc></a>
! 224: <li><h3><font color=#e00000>sparc</font></h3>
! 225: <ul>
! 226: <li>No problems identified yet.
! 227: </ul>
! 228: <p>
! 229: <a name=sparc64></a>
! 230: <li><h3><font color=#e00000>sparc64</font></h3>
! 231: <ul>
! 232: <a name=sparc64cd></a>
! 233: <li><font color=#009000><strong>003: RELIABILITY FIX: November 12, 2001</strong></font>
! 234: <br>
! 235: Access to a CD drive on the PCI ultrasparc machines results in a continuous stream
! 236: of bogus interrupt messages, causing great user anguish.
! 237: <br>
! 238: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/sparc64/003_sparc64cd.patch">A source code patch exists which remedies the problem</a>.
! 239: <p>
! 240: </ul>
! 241: <p>
! 242: <a name=amiga></a>
! 243: <li><h3><font color=#e00000>amiga</font></h3>
! 244: <ul>
! 245: <li>No problems identified yet.
! 246: </ul>
! 247: <p>
! 248: <a name=hp300></a>
! 249: <li><h3><font color=#e00000>hp300</font></h3>
! 250: <ul>
! 251: <li>No problems identified yet.
! 252: </ul>
! 253: <p>
! 254: <a name=mvme68k></a>
! 255: <li><h3><font color=#e00000>mvme68k</font></h3>
! 256: <ul>
! 257: <li>No problems identified yet.
! 258: </ul>
! 259: <p>
! 260: <a name=macppc></a>
! 261: <li><h3><font color=#e00000>macppc</font></h3>
! 262: <ul>
! 263: <a name=macppcinstall></a>
! 264: <li><font color=#009000><strong>009: INSTALLATION FIX: December 11, 2001</strong></font>
! 265: <br>
! 266: The 3.0 CD2 was created with an error which means that the instructions
! 267: for booting this architecture will not work. Instead, to boot the
! 268: CD, press Option-Command-O-F during power up to get into OpenFirmware
! 269: and then type:
! 270: <br>
! 271: <code>boot cd:,OFWBOOT /3.0/macppc/bsd.rd</code>
! 272: <p>
! 273: <a name=altivec></a>
! 274: <li><font color=#009000><strong>005: RELIABILITY FIX: November 12, 2001</strong></font>
! 275: <br>
! 276: Execution of Altivec instructions will crash the kernel.
! 277: <br>
! 278: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/macppc/005_altivec.patch">A source code patch exists which remedies the problem</a>.
! 279: <p>
! 280: </ul>
! 281: <p>
! 282: <a name=vax></a>
! 283: <li><h3><font color=#e00000>vax</font></h3>
! 284: <ul>
! 285: <li>No problems identified yet.
! 286: </ul>
! 287:
! 288: </dl>
! 289: <br>
! 290:
! 291: <hr>
! 292: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
! 293: <a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
! 294: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
! 295: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
! 296: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
! 297: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
! 298: <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
! 299: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
! 300: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
! 301: <a href=errata28.html>For 2.8 errata, please refer here</a>.<br>
! 302: <a href=errata29.html>For 2.9 errata, please refer here</a>.<br>
! 303: <a href=errata.html>For 3.0 errata, please refer here</a>.<br>
! 304: <hr>
! 305:
! 306: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
! 307: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
! 308: <br><small>$OpenBSD: errata.html,v 1.383 2002/04/11 18:48:31 millert Exp $</small>
! 309:
! 310: </body>
! 311: </html>