Annotation of www/errata32.html, Revision 1.44
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 3.2 errata</title>
5: <meta name="resource-type" content="document">
6: <meta name="description" content="the OpenBSD CD errata page">
7: <meta name="keywords" content="openbsd,cd,errata">
8: <meta name="distribution" content="global">
9: <meta name="copyright" content="This document copyright 1997-2002 by OpenBSD.">
1.17 henning 10: <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1.1 deraadt 11: </head>
12:
1.18 david 13: <body bgcolor="#ffffff" text="#000000" link="#23238E">
1.1 deraadt 14:
15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
16: <h2><font color="#0000e0">
17: This is the OpenBSD 3.2 release errata & patch list:
18:
19: </font></h2>
20:
21: <hr>
22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.2 margarid 23: <a href=pkg-stable32.html>For important packages updates, please refer here.</a><br>
1.1 deraadt 24: <br>
25: For errata on a certain release, click below:<br>
26: <a href="errata21.html">2.1</a>,
27: <a href="errata22.html">2.2</a>,
28: <a href="errata23.html">2.3</a>,
29: <a href="errata24.html">2.4</a>,
30: <a href="errata25.html">2.5</a>,
31: <a href="errata26.html">2.6</a>,
32: <a href="errata27.html">2.7</a>,
33: <a href="errata28.html">2.8</a>,
34: <a href="errata29.html">2.9</a>,
35: <a href="errata30.html">3.0</a>,
36: <a href="errata31.html">3.1</a>,
1.16 david 37: <a href="errata33.html">3.3</a>,
1.20 david 38: <a href="errata34.html">3.4</a>,
1.21 miod 39: <a href="errata35.html">3.5</a>,
1.22 deraadt 40: <a href="errata36.html">3.6</a>,
1.30 deraadt 41: <br>
1.23 deraadt 42: <a href="errata37.html">3.7</a>,
1.24 deraadt 43: <a href="errata38.html">3.8</a>,
1.25 deraadt 44: <a href="errata39.html">3.9</a>,
1.26 deraadt 45: <a href="errata40.html">4.0</a>,
1.28 merdely 46: <a href="errata41.html">4.1</a>,
1.29 deraadt 47: <a href="errata42.html">4.2</a>,
1.30 deraadt 48: <a href="errata43.html">4.3</a>,
1.32 deraadt 49: <a href="errata44.html">4.4</a>,
1.33 deraadt 50: <a href="errata45.html">4.5</a>,
1.34 deraadt 51: <a href="errata46.html">4.6</a>,
1.36 deraadt 52: <a href="errata47.html">4.7</a>,
1.37 miod 53: <a href="errata48.html">4.8</a>,
1.38 nick 54: <a href="errata49.html">4.9</a>,
1.39 sthen 55: <a href="errata50.html">5.0</a>,
1.40 deraadt 56: <a href="errata51.html">5.1</a>,
1.41 deraadt 57: <a href="errata52.html">5.2</a>,
1.42 deraadt 58: <a href="errata53.html">5.3</a>,
1.43 deraadt 59: <a href="errata54.html">5.4</a>,
60: <a href="errata55.html">5.5</a>.
1.1 deraadt 61: <br>
62: <hr>
63:
1.35 sthen 64: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2.tar.gz">
1.1 deraadt 65: You can also fetch a tar.gz file containing all the following patches</a>.
66: This file is updated once a day.
67:
68: <p> The patches below are available in CVS via the
69: <code>OPENBSD_3_2</code> <a href="stable.html">patch branch</a>.
70:
71: <p>
72: For more detailed information on how to install patches to OpenBSD, please
73: consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
74: <hr>
75:
1.17 henning 76: <a name="all"></a>
77: <h3><font color="#e00000">All architectures</font></h3>
1.1 deraadt 78: <ul>
1.17 henning 79: <li><a name="arp"></a>
80: <font color="#009000"><strong>021: RELIABILITY FIX: October 1, 2003</strong></font><br>
1.15 margarid 81: It is possible for a local user to cause a system panic by flooding it with spoofed ARP
82: requests.<br>
1.35 sthen 83: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/021_arp.patch">A source code patch exists which remedies the problem</a>.<br>
1.15 margarid 84: <p>
1.17 henning 85: <li><a name="asn1"></a>
86: <font color="#009000"><strong>020: SECURITY FIX: October 1, 2003</strong></font><br>
1.11 millert 87: The use of certain ASN.1 encodings or malformed public keys may allow an
88: attacker to mount a denial of service attack against applications linked with
89: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>.
1.14 margarid 90: This does not affect OpenSSH.<br>
1.35 sthen 91: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/020_asn1.patch">A source code patch exists which remedies the problem</a>.<br>
1.14 margarid 92: <p>
1.17 henning 93: <li><a name="pfnorm"></a>
94: <font color="#009000"><strong>019: SECURITY FIX: September 24, 2003</strong></font><br>
1.43 deraadt 95: Three cases of potential access to freed memory have been found in
1.14 margarid 96: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
97: At least one of them could be used to panic pf with active scrub rules remotely.<br>
1.35 sthen 98: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/019_pfnorm.patch">A source code patch exists which remedies the problem</a>.<br>
1.14 margarid 99: <p>
1.17 henning 100: <li><a name="sendmail4"></a>
101: <font color="#009000"><strong>018: SECURITY FIX: September 17, 2003</strong></font><br>
1.9 millert 102: A buffer overflow in the address parsing in
103: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
104: may allow an attacker to gain root privileges.<br>
1.35 sthen 105: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/018_sendmail.patch">A source code patch exists which remedies the problem</a>.<br>
1.10 millert 106: NOTE: this is the <em>second</em> revision of the patch that fixes an additional
1.9 millert 107: <p>
1.17 henning 108: <li><a name="sshbuffer"></a>
109: <font color="#009000"><strong>017: SECURITY FIX: September 16, 2003</strong></font><br>
1.7 millert 110: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.
1.9 millert 111: It is unclear whether or not this bug is exploitable.<br>
1.35 sthen 112: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/017_sshbuffer.patch">A
1.9 millert 113: source code patch exists which remedies the problem</a>.<br>
1.8 millert 114: NOTE: this is the <em>second</em> revision of the patch that fixes an additional
115: problem.
1.7 millert 116: <p>
1.17 henning 117: <li><a name="sendmail3"></a>
118: <font color="#009000"><strong>016: SECURITY FIX: August 25, 2003</strong></font><br>
1.6 brad 119: Fix for a potential security issue in
120: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
121: with respect to DNS maps. This only affects
122: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
123: configurations that use the "enhdnsbl"
124: feature. The default OpenBSD
125: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
126: config does not use this.<br>
1.35 sthen 127: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/016_sendmail.patch">A
1.6 brad 128: source code patch exists which remedies the problem</a>.
129: <p>
1.17 henning 130: <li><a name="realpath"></a>
131: <font color="#009000"><strong>015: SECURITY FIX: August 4, 2003</strong></font><br>
1.5 millert 132: An off-by-one error exists in the C library function
133: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realpath&sektion=3">realpath(3)</a>.
134: Since this same bug resulted in a root compromise in the wu-ftpd ftp server
135: it is possible that this bug may allow an attacker to gain escalated privileges
136: on OpenBSD.<br>
1.35 sthen 137: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/015_realpath.patch">A
1.5 millert 138: source code patch exists which remedies the problem</a>.
139: <p>
1.17 henning 140: <li><a name="sendmail2"></a>
141: <font color="#009000"><strong>014: SECURITY FIX: March 31, 2003</strong></font><br>
1.3 miod 142: A buffer overflow in the address parsing in
143: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
144: may allow an attacker to gain root privileges.<br>
1.35 sthen 145: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/014_sendmail.patch">A
1.3 miod 146: source code patch exists which remedies the problem</a>.
147: <p>
1.17 henning 148: <li><a name="kerberos"></a>
149: <font color="#009000"><strong>013: SECURITY FIX: March 24, 2003</strong></font><br>
1.4 margarid 150: The cryptographic weaknesses in the Kerberos v4 protocol can be exploited
1.1 deraadt 151: on Kerberos v5 as well.
152: <br>
1.35 sthen 153: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/013_kerberos.patch">A
1.1 deraadt 154: source code patch exists which remedies the problem</a>.
155: <p>
1.17 henning 156: <li><a name="kpr"></a>
157: <font color="#009000"><strong>012: SECURITY FIX: March 19, 2003</strong></font><br>
1.1 deraadt 158: OpenSSL is vulnerable to an extension of the ``Bleichenbacher'' attack designed
159: by Czech researchers Klima, Pokorny and Rosa.
160: <br>
1.35 sthen 161: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/012_kpr.patch">A
1.1 deraadt 162: source code patch exists which remedies the problem</a>.
163: <p>
1.17 henning 164: <li><a name="blinding"></a>
165: <font color="#009000"><strong>011: SECURITY FIX: March 18, 2003</strong></font><br>
1.1 deraadt 166: Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.
167: <br>
1.35 sthen 168: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/011_blinding.patch">An
1.1 deraadt 169: ``RSA blinding'' source code patch exists which remedies the problem</a>.
170: <p>
1.17 henning 171: <li><a name="lprm"></a>
172: <font color="#009000"><strong>010: SECURITY FIX: March 5, 2003</strong></font><br>
1.1 deraadt 173: A fix for an
174: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a>
175: bug made in 1996 contains an error that could lead to privilege escalation.
176: For OpenBSD 3.2 the impact is limited since
177: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a>
178: is setuid daemon, not setuid root.
179: <br>
1.35 sthen 180: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch">A
1.1 deraadt 181: source code patch exists which remedies the problem</a>.
182: <p>
1.17 henning 183: <li><a name="sendmail"></a>
184: <font color="#009000"><strong>009: SECURITY FIX: March 3, 2003</strong></font><br>
1.1 deraadt 185: A buffer overflow in the envelope comments processing in
186: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>
187: may allow an attacker to gain root privileges.<br>
1.35 sthen 188: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/009_sendmail.patch">A
1.1 deraadt 189: source code patch exists which remedies the problem</a>.
190: <p>
1.17 henning 191: <li><a name="httpd"></a>
192: <font color="#009000"><strong>008: SECURITY FIX: February 25, 2003</strong></font><br>
1.1 deraadt 193: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.<br>
1.35 sthen 194: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">A source code patch exists which fixes these two issues</a>.
1.1 deraadt 195: <p>
1.17 henning 196: <li><a name="ssl"></a>
197: <font color="#009000"><strong>007: SECURITY FIX: February 22, 2003</strong></font><br>
1.43 deraadt 198: In
1.1 deraadt 199: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation
200: even if incorrect block cipher padding has been found, this is a
201: countermeasure. Also, check for negative sizes in memory allocation routines.<br>
1.35 sthen 202: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/007_ssl.patch">A
1.1 deraadt 203: source code patch exists which fixes these two issues</a>.
204: <p>
1.17 henning 205: <li><a name="cvs"></a>
206: <font color="#009000"><strong>006: SECURITY FIX: January 20, 2003</strong></font><br>
1.1 deraadt 207: A double free in
208: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a>
209: could allow an attacker to execute code with the privileges of the
210: user running cvs. This is only an issue when the cvs command is
211: being run on a user's behalf as a different user. This means that,
212: in most cases, the issue only exists for cvs configurations that use
213: the <em>pserver</em> client/server connection method.<br>
1.35 sthen 214: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/006_cvs.patch">A
1.1 deraadt 215: source code patch exists which remedies the problem</a>.
216: <p>
1.17 henning 217: <li><a name="named"></a>
218: <font color="#009000"><strong>005: SECURITY FIX: November 14, 2002</strong></font><br>
1.43 deraadt 219: A buffer overflow in
1.1 deraadt 220: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>
221: could allow an attacker to execute code with the privileges of named.
222: On OpenBSD, named runs as a non-root user in a chrooted environment
223: which mitigates the effects of this bug.<br>
1.35 sthen 224: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/005_named.patch">A
1.1 deraadt 225: source code patch exists which remedies the problem</a>.
226: <p>
1.17 henning 227: <li><a name="pool"></a>
228: <font color="#009000"><strong>004: RELIABILITY FIX: November 6, 2002</strong></font><br>
1.1 deraadt 229: A logic error in the
230: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool</a>
231: kernel memory allocator could cause memory corruption in low-memory situations,
232: causing the system to crash.<br>
1.35 sthen 233: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/004_pool.patch">A
1.1 deraadt 234: source code patch exists which remedies the problem</a>.
235: <p>
1.17 henning 236: <li><a name="smrsh"></a>
237: <font color="#009000"><strong>003: SECURITY FIX: November 6, 2002</strong></font><br>
1.1 deraadt 238: An attacker can bypass the restrictions imposed by sendmail's restricted shell,
239: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>,
240: and execute arbitrary commands with the privileges of his own account.<br>
1.35 sthen 241: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/003_smrsh.patch">A
1.1 deraadt 242: source code patch exists which remedies the problem</a>.
243: <p>
1.17 henning 244: <li><a name="pfbridge"></a>
245: <font color="#009000"><strong>002: RELIABILITY FIX: November 6, 2002</strong></font><br>
1.1 deraadt 246: Network
247: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridges</a>
248: running
249: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf</a>
250: with scrubbing enabled could cause mbuf corruption,
251: causing the system to crash.<br>
1.35 sthen 252: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/002_pfbridge.patch">A
1.1 deraadt 253: source code patch exists which remedies the problem</a>.
254: <p>
1.17 henning 255: <li><a name="kadmin"></a>
256: <font color="#009000"><strong>001: SECURITY FIX: October 21, 2002</strong></font><br>
1.1 deraadt 257: A buffer overflow can occur in the
258: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a>
259: daemon, leading to possible remote crash or exploit.<br>
1.35 sthen 260: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch">A source code patch exists which remedies the problem</a>.
1.1 deraadt 261: <p>
262: </ul>
263: <p>
1.17 henning 264: <a name="i386"></a>
265: <h3><font color="#e00000">i386</font></h3>
1.1 deraadt 266: <ul>
267: <li>No problems identified yet.
268: </ul>
269: <p>
1.17 henning 270: <a name="alpha"></a>
271: <h3><font color="#e00000">alpha</font></h3>
1.1 deraadt 272: <ul>
273: <li>No problems identified yet.
274: </ul>
275: <p>
1.17 henning 276: <a name="mac68k"></a>
277: <h3><font color="#e00000">mac68k</font></h3>
1.1 deraadt 278: <ul>
279: <li>No problems identified yet.
280: </ul>
281: <p>
1.17 henning 282: <a name="sparc"></a>
283: <h3><font color="#e00000">sparc</font></h3>
1.1 deraadt 284: <ul>
285: <li>No problems identified yet.
286: </ul>
287: <p>
1.17 henning 288: <a name="sparc64"></a>
289: <h3><font color="#e00000">sparc64</font></h3>
1.1 deraadt 290: <ul>
291: <li>No problems identified yet.
292: </ul>
293: <p>
1.17 henning 294: <a name="amiga"></a>
295: <h3><font color="#e00000">amiga</font></h3>
1.1 deraadt 296: <ul>
297: <li>No problems identified yet.
298: </ul>
299: <p>
1.17 henning 300: <a name="hp300"></a>
301: <h3><font color="#e00000">hp300</font></h3>
1.1 deraadt 302: <ul>
303: <li>No problems identified yet.
304: </ul>
305: <p>
1.17 henning 306: <a name="mvme68k"></a>
307: <h3><font color="#e00000">mvme68k</font></h3>
1.1 deraadt 308: <ul>
309: <li>No problems identified yet.
310: </ul>
311: <p>
1.17 henning 312: <a name="macppc"></a>
313: <h3><font color="#e00000">macppc</font></h3>
1.1 deraadt 314: <ul>
315: <li>No problems identified yet.
316: </ul>
317: <p>
1.17 henning 318: <a name="vax"></a>
319: <h3><font color="#e00000">vax</font></h3>
1.1 deraadt 320: <ul>
321: <li>No problems identified yet.
1.44 ! deraadt 322:
1.1 deraadt 323: </ul>
324:
325: </body>
326: </html>