File: [local] / www / errata30.html (download) (as text)
Revision 1.6, Thu Apr 25 16:39:30 2002 UTC (22 years, 1 month ago) by millert
Branch: MAIN
Changes since 1.5: +2 -2 lines
missing <br> in sudo entry
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
<html>
<head>
<title>OpenBSD 3.0 errata</title>
<link rev=made href=mailto:www@openbsd.org>
<meta name="resource-type" content="document">
<meta name="description" content="the OpenBSD CD errata page">
<meta name="keywords" content="openbsd,cd,errata">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1997-2002 by OpenBSD.">
</head>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
<img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
<h2><font color=#0000e0>
This is the OpenBSD 3.0 release errata & patch list:
</font></h2>
<hr>
<a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
<a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
<a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
<a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
<a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
<a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
<a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
<a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
<a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
<a href=errata28.html>For 2.8 errata, please refer here</a>.<br>
<a href=errata29.html>For 2.9 errata, please refer here</a>.<br>
<a href=errata.html>For 3.1 errata, please refer here</a>.<br>
<hr>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0.tar.gz>
You can also fetch a tar.gz file containing all the following patches</a>.
This file is updated once a day.
<p> The patches below are available in CVS via the
<code>OPENBSD_3_0</code> <a href="stable.html">patch branch</a>.
<p>
For more detailed information on install patches to OpenBSD, please
consult the <a href="./faq/faq10.html#10.14">OpenBSD FAQ</a>.
<hr>
<dl>
<a name=all></a>
<li><h3><font color=#e00000>All architectures</font></h3>
<ul>
<a name=sudo2></a>
<li><font color=#009000><strong>020: SECURITY FIX: April 25, 2002</strong></font><br>
A bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/020_sudo.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=sshafs></a>
<li><font color=#009000><strong>019: SECURITY FIX: April 22, 2002</strong></font><br>
A local user can gain super-user privileges due to a buffer overflow
in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
if AFS has been configured on the system or if
KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/019_sshafs.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=mail></a>
<li><font color=#009000><strong>018: SECURITY FIX: April 11, 2002</strong></font><br>
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mail&sektion=1">mail(1)</a>
will process tilde escapes even in non-interactive mode.
This can lead to a local root compromise.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/018_mail.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=isakmpd></a>
<li><font color=#009000><strong>017: RELIABILITY FIX: March 26, 2002</strong></font><br>
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>
will crash when receiving a zero length IKE packet due to a too-late length check.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/017_isakmpd.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=approval></a>
<li><font color=#009000><strong>016: SECURITY FIX: March 19, 2002</strong></font><br>
Under certain conditions, on systems using YP with netgroups in the password
database, it is possible for the
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rexecd&sektion=8">rexecd(8)</a>
and
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rshd&sektion=8">rshd(8)</a>
daemons to execute the shell from a different user's password entry.
Due to a similar problem,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atrun&sektion=8">atrun(8)</a>
may change to the wrong home directory when running
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a>
jobs.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=zlib></a>
<li><font color=#009000><strong>015: RELIABILITY FIX: March 13, 2002</strong></font><br>
Under some circumstances the zlib compression library can free dynamically
allocated memory twice. This is not a security issue on OpenBSD since the BSD
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=free&sektion=3">free(3)</a>
function detects this.
There is also a kernel zlib component that may be used by pppd and IPSec.
The feasibility of attacking the kernel this way is currently unknown.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/015_zlib.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=openssh></a>
<li><font color=#009000><strong>014: SECURITY FIX: March 8, 2002</strong></font><br>
A local user can gain super-user privileges due to an off-by-one check
in the channel forwarding code of OpenSSH.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/014_openssh.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=syspipe></a>
<li><font color=#009000><strong>013: RELIABILITY FIX: February 4, 2002</strong></font><br>
The wrong filedescriptors are released when pipe(2) failed.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/013_syspipe.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=ptrace></a>
<li><font color=#009000><strong>012: SECURITY FIX: January 21, 2002</strong></font><br>
A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
could lead to compromise of the super-user account.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/012_ptrace.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=sudo>
<li><font color=#009000><strong>011: SECURITY FIX: January 17, 2002</strong></font><br>
If the Postfix sendmail replacement is installed on a system an
attacker may be able to gain root privileges on the local host via
sudo(8) which runs the mailer as root with an environment inherited
from the invoking user. While this is a bug in sudo it is not
believed to be possible to exploit when sendmail (the mailer that
ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes
the mailer an environment that is not subject to influence from the
invoking user.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/011_sudo.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=ipip>
<li><font color=#009000><strong>010: RELIABILITY FIX: December 13, 2001</strong></font><br>
Systems running with IP-in-IP encapsulation can be made to crash by
malformed packets.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/010_ipip.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=lpd>
<li><font color=#009000><strong>008: SECURITY FIX: November 28, 2001</strong></font><br>
A security issue exists in the lpd daemon that may allow an attacker
to create arbitrary new files in the root directory. Only machines
with line printer access (ie: listed in either /etc/hosts.lpd or
/etc/hosts.equiv) may be used to mount an attack and the attacker
must have root access on the machine. OpenBSD does not start lpd
in the default installation.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/008_lpd.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=vi.recover>
<li><font color=#009000><strong>007: SECURITY FIX: November 13, 2001</strong></font><br>
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/007_recover.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=pf>
<li><font color=#009000><strong>006: SECURITY FIX: November 13, 2001</strong></font>
<br>
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>
was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/006_pf.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=sshd>
<li><font color=#009000><strong>002: SECURITY FIX: November 12, 2001</strong></font><br>
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems:
<p>
<ul>
<li>A security hole that may allow an attacker to partially authenticate
if -- and only if -- the administrator has enabled KerberosV.
<br>
By default, OpenSSH KerberosV support only becomes active after KerberosV
has been properly configured.
<p>
<li>An excessive memory clearing bug (which we believe to be unexploitable)
also exists, but since this may cause daemon crashes, we are providing a
patch as well.
<p>
<li>A vulnerability in environment passing in the <code>UseLogin</code>
<i>sshd</i> option
<p>
<li>Various other non-critical fixes.
</ul>
<p>
Effectively an upgrade of OpenSSH 3.0 to OpenSSH 3.0.2,
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/002_ssh2.patch">a source code patch exists which remedies these problems</a>.
This is the second version of this patch.
<p>
<a name=hosts>
<li><font color=#009000><strong>001: INSTALL ISSUE: November 12, 2001</strong></font><br>
A small bug in the installation script causes the <tt>/etc/hosts</tt> file to
be incorrectly formed.<br>
The resulting file contains a line which reads like:<p>
<tt>
#.#.#.# hostname. hostname
</tt>
<p>
This line should actually read something like:<p>
<tt>
#.#.#.# hostname.domainname.com hostname
</tt>
<p>
To correct this problem, simply edit the file and insert the domainname in
the required place.
<p>
</ul>
<p>
<a name=i386></a>
<li><h3><font color=#e00000>i386</font></h3>
<ul>
<a name=hifn>
<li><font color=#009000><strong>004: RELIABILITY FIX: November 12, 2001</strong></font>
<br>
Hifn7751 based cards may stop working on certain motherboards due to
DMA errors.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/i386/004_hifn.patch">A source code patch exists which remedies the problem</a>.
<p>
</ul>
<p>
<a name=alpha></a>
<li><h3><font color=#e00000>alpha</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=mac68k></a>
<li><h3><font color=#e00000>mac68k</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=sparc></a>
<li><h3><font color=#e00000>sparc</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=sparc64></a>
<li><h3><font color=#e00000>sparc64</font></h3>
<ul>
<a name=sparc64cd></a>
<li><font color=#009000><strong>003: RELIABILITY FIX: November 12, 2001</strong></font>
<br>
Access to a CD drive on the PCI ultrasparc machines results in a continuous stream
of bogus interrupt messages, causing great user anguish.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/sparc64/003_sparc64cd.patch">A source code patch exists which remedies the problem</a>.
<p>
</ul>
<p>
<a name=amiga></a>
<li><h3><font color=#e00000>amiga</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=hp300></a>
<li><h3><font color=#e00000>hp300</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=mvme68k></a>
<li><h3><font color=#e00000>mvme68k</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=macppc></a>
<li><h3><font color=#e00000>macppc</font></h3>
<ul>
<a name=macppcinstall></a>
<li><font color=#009000><strong>009: INSTALLATION FIX: December 11, 2001</strong></font>
<br>
The 3.0 CD2 was created with an error which means that the instructions
for booting this architecture will not work. Instead, to boot the
CD, press Option-Command-O-F during power up to get into OpenFirmware
and then type:
<br>
<code>boot cd:,OFWBOOT /3.0/macppc/bsd.rd</code>
<p>
<a name=altivec></a>
<li><font color=#009000><strong>005: RELIABILITY FIX: November 12, 2001</strong></font>
<br>
Execution of Altivec instructions will crash the kernel.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/macppc/005_altivec.patch">A source code patch exists which remedies the problem</a>.
<p>
</ul>
<p>
<a name=vax></a>
<li><h3><font color=#e00000>vax</font></h3>
<ul>
<li>No problems identified yet.
</ul>
</dl>
<br>
<hr>
<a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
<a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
<a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
<a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
<a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
<a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
<a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
<a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
<a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
<a href=errata28.html>For 2.8 errata, please refer here</a>.<br>
<a href=errata29.html>For 2.9 errata, please refer here</a>.<br>
<a href=errata.html>For 3.1 errata, please refer here</a>.<br>
<hr>
<a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
<a href=mailto:www@openbsd.org>www@openbsd.org</a>
<br><small>$OpenBSD: errata30.html,v 1.6 2002/04/25 16:39:30 millert Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to errata30.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www