Annotation of www/errata32.html, Revision 1.40
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 3.2 errata</title>
5: <link rev=made href="mailto:www@openbsd.org">
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1997-2002 by OpenBSD.">
1.17 henning 11: <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1.1 deraadt 12: </head>
13:
1.18 david 14: <body bgcolor="#ffffff" text="#000000" link="#23238E">
1.1 deraadt 15:
16: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
17: <h2><font color="#0000e0">
18: This is the OpenBSD 3.2 release errata & patch list:
19:
20: </font></h2>
21:
22: <hr>
23: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.2 margarid 24: <a href=pkg-stable32.html>For important packages updates, please refer here.</a><br>
1.1 deraadt 25: <br>
26: For errata on a certain release, click below:<br>
27: <a href="errata21.html">2.1</a>,
28: <a href="errata22.html">2.2</a>,
29: <a href="errata23.html">2.3</a>,
30: <a href="errata24.html">2.4</a>,
31: <a href="errata25.html">2.5</a>,
32: <a href="errata26.html">2.6</a>,
33: <a href="errata27.html">2.7</a>,
34: <a href="errata28.html">2.8</a>,
35: <a href="errata29.html">2.9</a>,
36: <a href="errata30.html">3.0</a>,
37: <a href="errata31.html">3.1</a>,
1.16 david 38: <a href="errata33.html">3.3</a>,
1.20 david 39: <a href="errata34.html">3.4</a>,
1.21 miod 40: <a href="errata35.html">3.5</a>,
1.22 deraadt 41: <a href="errata36.html">3.6</a>,
1.30 deraadt 42: <br>
1.23 deraadt 43: <a href="errata37.html">3.7</a>,
1.24 deraadt 44: <a href="errata38.html">3.8</a>,
1.25 deraadt 45: <a href="errata39.html">3.9</a>,
1.26 deraadt 46: <a href="errata40.html">4.0</a>,
1.28 merdely 47: <a href="errata41.html">4.1</a>,
1.29 deraadt 48: <a href="errata42.html">4.2</a>,
1.30 deraadt 49: <a href="errata43.html">4.3</a>,
1.32 deraadt 50: <a href="errata44.html">4.4</a>,
1.33 deraadt 51: <a href="errata45.html">4.5</a>,
1.34 deraadt 52: <a href="errata46.html">4.6</a>,
1.36 deraadt 53: <a href="errata47.html">4.7</a>,
1.37 miod 54: <a href="errata48.html">4.8</a>,
1.38 nick 55: <a href="errata49.html">4.9</a>,
1.39 sthen 56: <a href="errata50.html">5.0</a>,
1.40 ! deraadt 57: <a href="errata51.html">5.1</a>,
! 58: <a href="errata52.html">5.2</a>.
1.1 deraadt 59: <br>
60: <hr>
61:
1.35 sthen 62: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2.tar.gz">
1.1 deraadt 63: You can also fetch a tar.gz file containing all the following patches</a>.
64: This file is updated once a day.
65:
66: <p> The patches below are available in CVS via the
67: <code>OPENBSD_3_2</code> <a href="stable.html">patch branch</a>.
68:
69: <p>
70: For more detailed information on how to install patches to OpenBSD, please
71: consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
72: <hr>
73:
1.17 henning 74: <a name="all"></a>
75: <h3><font color="#e00000">All architectures</font></h3>
1.1 deraadt 76: <ul>
1.17 henning 77: <li><a name="arp"></a>
78: <font color="#009000"><strong>021: RELIABILITY FIX: October 1, 2003</strong></font><br>
1.15 margarid 79: It is possible for a local user to cause a system panic by flooding it with spoofed ARP
80: requests.<br>
1.35 sthen 81: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/021_arp.patch">A source code patch exists which remedies the problem</a>.<br>
1.15 margarid 82: <p>
1.17 henning 83: <li><a name="asn1"></a>
84: <font color="#009000"><strong>020: SECURITY FIX: October 1, 2003</strong></font><br>
1.11 millert 85: The use of certain ASN.1 encodings or malformed public keys may allow an
86: attacker to mount a denial of service attack against applications linked with
87: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>.
1.14 margarid 88: This does not affect OpenSSH.<br>
1.35 sthen 89: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/020_asn1.patch">A source code patch exists which remedies the problem</a>.<br>
1.14 margarid 90: <p>
1.17 henning 91: <li><a name="pfnorm"></a>
92: <font color="#009000"><strong>019: SECURITY FIX: September 24, 2003</strong></font><br>
1.12 mcbride 93: Three cases of potential access to freed memory have been found in
1.14 margarid 94: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
95: At least one of them could be used to panic pf with active scrub rules remotely.<br>
1.35 sthen 96: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/019_pfnorm.patch">A source code patch exists which remedies the problem</a>.<br>
1.14 margarid 97: <p>
1.17 henning 98: <li><a name="sendmail4"></a>
99: <font color="#009000"><strong>018: SECURITY FIX: September 17, 2003</strong></font><br>
1.9 millert 100: A buffer overflow in the address parsing in
101: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
102: may allow an attacker to gain root privileges.<br>
1.35 sthen 103: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/018_sendmail.patch">A source code patch exists which remedies the problem</a>.<br>
1.10 millert 104: NOTE: this is the <em>second</em> revision of the patch that fixes an additional
1.9 millert 105: <p>
1.17 henning 106: <li><a name="sshbuffer"></a>
107: <font color="#009000"><strong>017: SECURITY FIX: September 16, 2003</strong></font><br>
1.7 millert 108: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.
1.9 millert 109: It is unclear whether or not this bug is exploitable.<br>
1.35 sthen 110: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/017_sshbuffer.patch">A
1.9 millert 111: source code patch exists which remedies the problem</a>.<br>
1.8 millert 112: NOTE: this is the <em>second</em> revision of the patch that fixes an additional
113: problem.
1.7 millert 114: <p>
1.17 henning 115: <li><a name="sendmail3"></a>
116: <font color="#009000"><strong>016: SECURITY FIX: August 25, 2003</strong></font><br>
1.6 brad 117: Fix for a potential security issue in
118: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
119: with respect to DNS maps. This only affects
120: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
121: configurations that use the "enhdnsbl"
122: feature. The default OpenBSD
123: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
124: config does not use this.<br>
1.35 sthen 125: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/016_sendmail.patch">A
1.6 brad 126: source code patch exists which remedies the problem</a>.
127: <p>
1.17 henning 128: <li><a name="realpath"></a>
129: <font color="#009000"><strong>015: SECURITY FIX: August 4, 2003</strong></font><br>
1.5 millert 130: An off-by-one error exists in the C library function
131: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realpath&sektion=3">realpath(3)</a>.
132: Since this same bug resulted in a root compromise in the wu-ftpd ftp server
133: it is possible that this bug may allow an attacker to gain escalated privileges
134: on OpenBSD.<br>
1.35 sthen 135: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/015_realpath.patch">A
1.5 millert 136: source code patch exists which remedies the problem</a>.
137: <p>
1.17 henning 138: <li><a name="sendmail2"></a>
139: <font color="#009000"><strong>014: SECURITY FIX: March 31, 2003</strong></font><br>
1.3 miod 140: A buffer overflow in the address parsing in
141: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
142: may allow an attacker to gain root privileges.<br>
1.35 sthen 143: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/014_sendmail.patch">A
1.3 miod 144: source code patch exists which remedies the problem</a>.
145: <p>
1.17 henning 146: <li><a name="kerberos"></a>
147: <font color="#009000"><strong>013: SECURITY FIX: March 24, 2003</strong></font><br>
1.4 margarid 148: The cryptographic weaknesses in the Kerberos v4 protocol can be exploited
1.1 deraadt 149: on Kerberos v5 as well.
150: <br>
1.35 sthen 151: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/013_kerberos.patch">A
1.1 deraadt 152: source code patch exists which remedies the problem</a>.
153: <p>
1.17 henning 154: <li><a name="kpr"></a>
155: <font color="#009000"><strong>012: SECURITY FIX: March 19, 2003</strong></font><br>
1.1 deraadt 156: OpenSSL is vulnerable to an extension of the ``Bleichenbacher'' attack designed
157: by Czech researchers Klima, Pokorny and Rosa.
158: <br>
1.35 sthen 159: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/012_kpr.patch">A
1.1 deraadt 160: source code patch exists which remedies the problem</a>.
161: <p>
1.17 henning 162: <li><a name="blinding"></a>
163: <font color="#009000"><strong>011: SECURITY FIX: March 18, 2003</strong></font><br>
1.1 deraadt 164: Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.
165: <br>
1.35 sthen 166: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/011_blinding.patch">An
1.1 deraadt 167: ``RSA blinding'' source code patch exists which remedies the problem</a>.
168: <p>
1.17 henning 169: <li><a name="lprm"></a>
170: <font color="#009000"><strong>010: SECURITY FIX: March 5, 2003</strong></font><br>
1.1 deraadt 171: A fix for an
172: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a>
173: bug made in 1996 contains an error that could lead to privilege escalation.
174: For OpenBSD 3.2 the impact is limited since
175: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a>
176: is setuid daemon, not setuid root.
177: <br>
1.35 sthen 178: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch">A
1.1 deraadt 179: source code patch exists which remedies the problem</a>.
180: <p>
1.17 henning 181: <li><a name="sendmail"></a>
182: <font color="#009000"><strong>009: SECURITY FIX: March 3, 2003</strong></font><br>
1.1 deraadt 183: A buffer overflow in the envelope comments processing in
184: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
185: may allow an attacker to gain root privileges.<br>
1.35 sthen 186: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/009_sendmail.patch">A
1.1 deraadt 187: source code patch exists which remedies the problem</a>.
188: <p>
1.17 henning 189: <li><a name="httpd"></a>
190: <font color="#009000"><strong>008: SECURITY FIX: February 25, 2003</strong></font><br>
1.1 deraadt 191: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.<br>
1.35 sthen 192: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">A source code patch exists which fixes these two issues</a>.
1.1 deraadt 193: <p>
1.17 henning 194: <li><a name="ssl"></a>
195: <font color="#009000"><strong>007: SECURITY FIX: February 22, 2003</strong></font><br>
1.1 deraadt 196: In
197: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation
198: even if incorrect block cipher padding has been found, this is a
199: countermeasure. Also, check for negative sizes in memory allocation routines.<br>
1.35 sthen 200: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/007_ssl.patch">A
1.1 deraadt 201: source code patch exists which fixes these two issues</a>.
202: <p>
1.17 henning 203: <li><a name="cvs"></a>
204: <font color="#009000"><strong>006: SECURITY FIX: January 20, 2003</strong></font><br>
1.1 deraadt 205: A double free in
206: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a>
207: could allow an attacker to execute code with the privileges of the
208: user running cvs. This is only an issue when the cvs command is
209: being run on a user's behalf as a different user. This means that,
210: in most cases, the issue only exists for cvs configurations that use
211: the <em>pserver</em> client/server connection method.<br>
1.35 sthen 212: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/006_cvs.patch">A
1.1 deraadt 213: source code patch exists which remedies the problem</a>.
214: <p>
1.17 henning 215: <li><a name="named"></a>
216: <font color="#009000"><strong>005: SECURITY FIX: November 14, 2002</strong></font><br>
1.1 deraadt 217: A buffer overflow in
218: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>
219: could allow an attacker to execute code with the privileges of named.
220: On OpenBSD, named runs as a non-root user in a chrooted environment
221: which mitigates the effects of this bug.<br>
1.35 sthen 222: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/005_named.patch">A
1.1 deraadt 223: source code patch exists which remedies the problem</a>.
224: <p>
1.17 henning 225: <li><a name="pool"></a>
226: <font color="#009000"><strong>004: RELIABILITY FIX: November 6, 2002</strong></font><br>
1.1 deraadt 227: A logic error in the
228: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool</a>
229: kernel memory allocator could cause memory corruption in low-memory situations,
230: causing the system to crash.<br>
1.35 sthen 231: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/004_pool.patch">A
1.1 deraadt 232: source code patch exists which remedies the problem</a>.
233: <p>
1.17 henning 234: <li><a name="smrsh"></a>
235: <font color="#009000"><strong>003: SECURITY FIX: November 6, 2002</strong></font><br>
1.1 deraadt 236: An attacker can bypass the restrictions imposed by sendmail's restricted shell,
237: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>,
238: and execute arbitrary commands with the privileges of his own account.<br>
1.35 sthen 239: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/003_smrsh.patch">A
1.1 deraadt 240: source code patch exists which remedies the problem</a>.
241: <p>
1.17 henning 242: <li><a name="pfbridge"></a>
243: <font color="#009000"><strong>002: RELIABILITY FIX: November 6, 2002</strong></font><br>
1.1 deraadt 244: Network
245: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridges</a>
246: running
247: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf</a>
248: with scrubbing enabled could cause mbuf corruption,
249: causing the system to crash.<br>
1.35 sthen 250: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/002_pfbridge.patch">A
1.1 deraadt 251: source code patch exists which remedies the problem</a>.
252: <p>
1.17 henning 253: <li><a name="kadmin"></a>
254: <font color="#009000"><strong>001: SECURITY FIX: October 21, 2002</strong></font><br>
1.1 deraadt 255: A buffer overflow can occur in the
256: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a>
257: daemon, leading to possible remote crash or exploit.<br>
1.35 sthen 258: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch">A source code patch exists which remedies the problem</a>.
1.1 deraadt 259: <p>
260: </ul>
261: <p>
1.17 henning 262: <a name="i386"></a>
263: <h3><font color="#e00000">i386</font></h3>
1.1 deraadt 264: <ul>
265: <li>No problems identified yet.
266: </ul>
267: <p>
1.17 henning 268: <a name="alpha"></a>
269: <h3><font color="#e00000">alpha</font></h3>
1.1 deraadt 270: <ul>
271: <li>No problems identified yet.
272: </ul>
273: <p>
1.17 henning 274: <a name="mac68k"></a>
275: <h3><font color="#e00000">mac68k</font></h3>
1.1 deraadt 276: <ul>
277: <li>No problems identified yet.
278: </ul>
279: <p>
1.17 henning 280: <a name="sparc"></a>
281: <h3><font color="#e00000">sparc</font></h3>
1.1 deraadt 282: <ul>
283: <li>No problems identified yet.
284: </ul>
285: <p>
1.17 henning 286: <a name="sparc64"></a>
287: <h3><font color="#e00000">sparc64</font></h3>
1.1 deraadt 288: <ul>
289: <li>No problems identified yet.
290: </ul>
291: <p>
1.17 henning 292: <a name="amiga"></a>
293: <h3><font color="#e00000">amiga</font></h3>
1.1 deraadt 294: <ul>
295: <li>No problems identified yet.
296: </ul>
297: <p>
1.17 henning 298: <a name="hp300"></a>
299: <h3><font color="#e00000">hp300</font></h3>
1.1 deraadt 300: <ul>
301: <li>No problems identified yet.
302: </ul>
303: <p>
1.17 henning 304: <a name="mvme68k"></a>
305: <h3><font color="#e00000">mvme68k</font></h3>
1.1 deraadt 306: <ul>
307: <li>No problems identified yet.
308: </ul>
309: <p>
1.17 henning 310: <a name="macppc"></a>
311: <h3><font color="#e00000">macppc</font></h3>
1.1 deraadt 312: <ul>
313: <li>No problems identified yet.
314: </ul>
315: <p>
1.17 henning 316: <a name="vax"></a>
317: <h3><font color="#e00000">vax</font></h3>
1.1 deraadt 318: <ul>
319: <li>No problems identified yet.
320: </ul>
321:
322: <br>
323:
324: <hr>
325: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
326: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.40 ! deraadt 327: <br><small>$OpenBSD: errata32.html,v 1.39 2012/05/01 19:16:22 sthen Exp $</small>
1.1 deraadt 328:
329: </body>
330: </html>