Annotation of www/errata32.html, Revision 1.76
1.74 bentley 1: <!doctype html>
2: <html lang=en id=errata>
3: <meta charset=utf-8>
4:
1.62 tj 5: <title>OpenBSD 3.2 Errata</title>
1.1 deraadt 6: <meta name="description" content="the OpenBSD CD errata page">
1.60 deraadt 7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.64 tb 9: <link rel="canonical" href="https://www.openbsd.org/errata32.html">
1.1 deraadt 10:
1.50 deraadt 11: <!--
12: IMPORTANT REMINDER
13: IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE
14: -->
15:
1.1 deraadt 16:
1.74 bentley 17: <h2 id=OpenBSD>
1.60 deraadt 18: <a href="index.html">
1.74 bentley 19: <i>Open</i><b>BSD</b></a>
20: 3.2 Errata
1.62 tj 21: </h2>
1.60 deraadt 22: <hr>
1.1 deraadt 23:
24: For errata on a certain release, click below:<br>
25: <a href="errata21.html">2.1</a>,
26: <a href="errata22.html">2.2</a>,
27: <a href="errata23.html">2.3</a>,
28: <a href="errata24.html">2.4</a>,
29: <a href="errata25.html">2.5</a>,
30: <a href="errata26.html">2.6</a>,
31: <a href="errata27.html">2.7</a>,
32: <a href="errata28.html">2.8</a>,
33: <a href="errata29.html">2.9</a>,
34: <a href="errata30.html">3.0</a>,
35: <a href="errata31.html">3.1</a>,
1.16 david 36: <a href="errata33.html">3.3</a>,
1.20 david 37: <a href="errata34.html">3.4</a>,
1.21 miod 38: <a href="errata35.html">3.5</a>,
1.22 deraadt 39: <a href="errata36.html">3.6</a>,
1.45 deraadt 40: <a href="errata37.html">3.7</a>,
1.30 deraadt 41: <br>
1.24 deraadt 42: <a href="errata38.html">3.8</a>,
1.25 deraadt 43: <a href="errata39.html">3.9</a>,
1.26 deraadt 44: <a href="errata40.html">4.0</a>,
1.28 merdely 45: <a href="errata41.html">4.1</a>,
1.29 deraadt 46: <a href="errata42.html">4.2</a>,
1.30 deraadt 47: <a href="errata43.html">4.3</a>,
1.32 deraadt 48: <a href="errata44.html">4.4</a>,
1.33 deraadt 49: <a href="errata45.html">4.5</a>,
1.34 deraadt 50: <a href="errata46.html">4.6</a>,
1.36 deraadt 51: <a href="errata47.html">4.7</a>,
1.37 miod 52: <a href="errata48.html">4.8</a>,
1.38 nick 53: <a href="errata49.html">4.9</a>,
1.39 sthen 54: <a href="errata50.html">5.0</a>,
1.40 deraadt 55: <a href="errata51.html">5.1</a>,
1.41 deraadt 56: <a href="errata52.html">5.2</a>,
1.42 deraadt 57: <a href="errata53.html">5.3</a>,
1.45 deraadt 58: <br>
1.43 deraadt 59: <a href="errata54.html">5.4</a>,
1.49 jsg 60: <a href="errata55.html">5.5</a>,
1.53 deraadt 61: <a href="errata56.html">5.6</a>,
1.56 deraadt 62: <a href="errata57.html">5.7</a>,
1.57 deraadt 63: <a href="errata58.html">5.8</a>,
1.63 deraadt 64: <a href="errata59.html">5.9</a>,
1.66 tj 65: <a href="errata60.html">6.0</a>,
1.70 deraadt 66: <a href="errata61.html">6.1</a>,
1.71 deraadt 67: <a href="errata62.html">6.2</a>,
1.72 deraadt 68: <a href="errata63.html">6.3</a>,
1.73 deraadt 69: <a href="errata64.html">6.4</a>,
1.76 ! deraadt 70: <a href="errata65.html">6.5</a>,
! 71: <a href="errata66.html">6.6</a>.
1.1 deraadt 72: <hr>
73:
1.46 deraadt 74: <p>
1.66 tj 75: Patches for the OpenBSD base system are distributed as unified diffs.
76: Each patch contains usage instructions.
77: All the following patches are also available in one
78: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2.tar.gz">tar.gz file</a>
79: for convenience.
1.1 deraadt 80:
1.46 deraadt 81: <p>
1.66 tj 82: Patches for supported releases are also incorporated into the
1.67 tj 83: <a href="stable.html">-stable branch</a>.
1.46 deraadt 84:
1.1 deraadt 85: <hr>
86:
87: <ul>
1.75 deraadt 88:
89: <li id="kadmin">
90: <strong>001: SECURITY FIX: October 21, 2002</strong>
1.48 deraadt 91: <i>All architectures</i><br>
1.75 deraadt 92: A buffer overflow can occur in the
93: <a href="https://man.openbsd.org/OpenBSD-3.2/kadmind.8">kadmind(8)</a>
94: daemon, leading to possible remote crash or exploit.<br>
95: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch">
1.46 deraadt 96: A source code patch exists which remedies this problem.</a>
1.15 margarid 97: <p>
1.75 deraadt 98:
99: <li id="pfbridge">
100: <strong>002: RELIABILITY FIX: November 6, 2002</strong>
1.48 deraadt 101: <i>All architectures</i><br>
1.75 deraadt 102: Network
103: <a href="https://man.openbsd.org/OpenBSD-3.2/bridge.4">bridges</a>
104: running
105: <a href="https://man.openbsd.org/OpenBSD-3.2/pf.4">pf</a>
106: with scrubbing enabled could cause mbuf corruption,
107: causing the system to crash.<br>
108: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/002_pfbridge.patch">
1.46 deraadt 109: A source code patch exists which remedies this problem.</a>
1.14 margarid 110: <p>
1.75 deraadt 111:
112: <li id="smrsh">
113: <strong>003: SECURITY FIX: November 6, 2002</strong>
1.48 deraadt 114: <i>All architectures</i><br>
1.75 deraadt 115: An attacker can bypass the restrictions imposed by sendmail's restricted shell,
116: <a href="https://man.openbsd.org/OpenBSD-3.2/smrsh.8">smrsh(8)</a>,
117: and execute arbitrary commands with the privileges of his own account.<br>
118: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/003_smrsh.patch">
1.46 deraadt 119: A source code patch exists which remedies this problem.</a>
1.14 margarid 120: <p>
1.75 deraadt 121:
122: <li id="pool">
123: <strong>004: RELIABILITY FIX: November 6, 2002</strong>
1.48 deraadt 124: <i>All architectures</i><br>
1.75 deraadt 125: A logic error in the
126: <a href="https://man.openbsd.org/OpenBSD-3.2/pool.9">pool</a>
127: kernel memory allocator could cause memory corruption in low-memory situations,
128: causing the system to crash.<br>
129: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/004_pool.patch">
1.46 deraadt 130: A source code patch exists which remedies this problem.</a>
1.9 millert 131: <p>
1.75 deraadt 132:
133: <li id="named">
134: <strong>005: SECURITY FIX: November 14, 2002</strong>
1.48 deraadt 135: <i>All architectures</i><br>
1.75 deraadt 136: A buffer overflow in
137: <a href="https://man.openbsd.org/OpenBSD-3.2/named.8">named(8)</a>
138: could allow an attacker to execute code with the privileges of named.
139: On OpenBSD, named runs as a non-root user in a chrooted environment
140: which mitigates the effects of this bug.<br>
141: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/005_named.patch">
1.46 deraadt 142: A source code patch exists which remedies this problem.</a>
1.7 millert 143: <p>
1.75 deraadt 144:
145: <li id="cvs">
146: <strong>006: SECURITY FIX: January 20, 2003</strong>
1.48 deraadt 147: <i>All architectures</i><br>
1.75 deraadt 148: A double free in
149: <a href="https://man.openbsd.org/OpenBSD-3.2/cvs.1">cvs(1)</a>
150: could allow an attacker to execute code with the privileges of the
151: user running cvs. This is only an issue when the cvs command is
152: being run on a user's behalf as a different user. This means that,
153: in most cases, the issue only exists for cvs configurations that use
154: the <em>pserver</em> client/server connection method.<br>
155: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/006_cvs.patch">
1.46 deraadt 156: A source code patch exists which remedies this problem.</a>
1.6 brad 157: <p>
1.75 deraadt 158:
159: <li id="ssl">
160: <strong>007: SECURITY FIX: February 22, 2003</strong>
161: <i>All architectures</i><br>
162: In
163: <a href="https://man.openbsd.org/OpenBSD-3.2/ssl.8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation
164: even if incorrect block cipher padding has been found, this is a
165: countermeasure. Also, check for negative sizes in memory allocation routines.<br>
166: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/007_ssl.patch">A
167: source code patch exists which fixes these two issues</a>.
168: <p>
169:
170: <li id="httpd">
171: <strong>008: SECURITY FIX: February 25, 2003</strong>
1.48 deraadt 172: <i>All architectures</i><br>
1.75 deraadt 173: <a href="https://man.openbsd.org/OpenBSD-3.2/httpd.8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.<br>
174: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">
175: A source code patch exists which fixes these two issues</a>.
1.5 millert 176: <p>
1.75 deraadt 177:
178: <li id="sendmail">
179: <strong>009: SECURITY FIX: March 3, 2003</strong>
1.48 deraadt 180: <i>All architectures</i><br>
1.75 deraadt 181: A buffer overflow in the envelope comments processing in
1.69 tb 182: <a href="https://man.openbsd.org/OpenBSD-3.2/sendmail.8">sendmail(8)</a>
1.3 miod 183: may allow an attacker to gain root privileges.<br>
1.75 deraadt 184: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/009_sendmail.patch">
185: A source code patch exists which remedies this problem.</a>
186: <p>
187:
188: <li id="lprm">
189: <strong>010: SECURITY FIX: March 5, 2003</strong>
190: <i>All architectures</i><br>
191: A fix for an
192: <a href="https://man.openbsd.org/OpenBSD-3.2/lprm.1">lprm(1)</a>
193: bug made in 1996 contains an error that could lead to privilege escalation.
194: For OpenBSD 3.2 the impact is limited since
195: <a href="https://man.openbsd.org/OpenBSD-3.2/lprm.1">lprm(1)</a>
196: is setuid daemon, not setuid root.
197: <br>
198: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch">
1.46 deraadt 199: A source code patch exists which remedies this problem.</a>
1.3 miod 200: <p>
1.75 deraadt 201:
202: <li id="blinding">
203: <strong>011: SECURITY FIX: March 18, 2003</strong>
1.48 deraadt 204: <i>All architectures</i><br>
1.75 deraadt 205: Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.
1.1 deraadt 206: <br>
1.75 deraadt 207: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/011_blinding.patch">
1.46 deraadt 208: A source code patch exists which remedies this problem.</a>
1.1 deraadt 209: <p>
1.75 deraadt 210:
1.51 bentley 211: <li id="kpr">
1.74 bentley 212: <strong>012: SECURITY FIX: March 19, 2003</strong>
1.48 deraadt 213: <i>All architectures</i><br>
1.74 bentley 214: OpenSSL is vulnerable to an extension of the "Bleichenbacher" attack designed
1.1 deraadt 215: by Czech researchers Klima, Pokorny and Rosa.
216: <br>
1.65 tb 217: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/012_kpr.patch">
1.46 deraadt 218: A source code patch exists which remedies this problem.</a>
1.1 deraadt 219: <p>
1.75 deraadt 220:
221: <li id="kerberos">
222: <strong>013: SECURITY FIX: March 24, 2003</strong>
1.48 deraadt 223: <i>All architectures</i><br>
1.75 deraadt 224: The cryptographic weaknesses in the Kerberos v4 protocol can be exploited
225: on Kerberos v5 as well.
1.1 deraadt 226: <br>
1.75 deraadt 227: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/013_kerberos.patch">
1.46 deraadt 228: A source code patch exists which remedies this problem.</a>
1.1 deraadt 229: <p>
1.75 deraadt 230:
231: <li id="sendmail2">
232: <strong>014: SECURITY FIX: March 31, 2003</strong>
1.48 deraadt 233: <i>All architectures</i><br>
1.75 deraadt 234: A buffer overflow in the address parsing in
1.69 tb 235: <a href="https://man.openbsd.org/OpenBSD-3.2/sendmail.8">sendmail(8)</a>
1.1 deraadt 236: may allow an attacker to gain root privileges.<br>
1.75 deraadt 237: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/014_sendmail.patch">
1.46 deraadt 238: A source code patch exists which remedies this problem.</a>
1.1 deraadt 239: <p>
1.75 deraadt 240:
241: <li id="realpath">
242: <strong>015: SECURITY FIX: August 4, 2003</strong>
1.48 deraadt 243: <i>All architectures</i><br>
1.75 deraadt 244: An off-by-one error exists in the C library function
245: <a href="https://man.openbsd.org/OpenBSD-3.2/realpath.3">realpath(3)</a>.
246: Since this same bug resulted in a root compromise in the wu-ftpd ftp server
247: it is possible that this bug may allow an attacker to gain escalated privileges
248: on OpenBSD.<br>
249: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/015_realpath.patch">
250: A source code patch exists which remedies this problem.</a>
1.1 deraadt 251: <p>
1.75 deraadt 252:
253: <li id="sendmail3">
254: <strong>016: SECURITY FIX: August 25, 2003</strong>
1.48 deraadt 255: <i>All architectures</i><br>
1.75 deraadt 256: Fix for a potential security issue in
257: <a href="https://man.openbsd.org/OpenBSD-3.2/sendmail.8">sendmail(8)</a>
258: with respect to DNS maps. This only affects
259: <a href="https://man.openbsd.org/OpenBSD-3.2/sendmail.8">sendmail(8)</a>
260: configurations that use the "enhdnsbl"
261: feature. The default OpenBSD
262: <a href="https://man.openbsd.org/OpenBSD-3.2/sendmail.8">sendmail(8)</a>
263: config does not use this.<br>
264: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/016_sendmail.patch">
1.46 deraadt 265: A source code patch exists which remedies this problem.</a>
1.1 deraadt 266: <p>
1.75 deraadt 267:
268: <li id="sshbuffer">
269: <strong>017: SECURITY FIX: September 16, 2003</strong>
1.48 deraadt 270: <i>All architectures</i><br>
1.75 deraadt 271: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.
272: It is unclear whether or not this bug is exploitable.<br>
273: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/017_sshbuffer.patch">
1.46 deraadt 274: A source code patch exists which remedies this problem.</a>
1.75 deraadt 275: NOTE: this is the <em>second</em> revision of the patch that fixes an additional
276: problem.
1.1 deraadt 277: <p>
1.75 deraadt 278:
279: <li id="sendmail4">
280: <strong>018: SECURITY FIX: September 17, 2003</strong>
1.48 deraadt 281: <i>All architectures</i><br>
1.75 deraadt 282: A buffer overflow in the address parsing in
283: <a href="https://man.openbsd.org/OpenBSD-3.2/sendmail.8">sendmail(8)</a>
284: may allow an attacker to gain root privileges.<br>
285: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/018_sendmail.patch">
1.46 deraadt 286: A source code patch exists which remedies this problem.</a>
1.75 deraadt 287: NOTE: this is the <em>second</em> revision of the patch that fixes an additional
1.1 deraadt 288: <p>
1.75 deraadt 289:
290: <li id="pfnorm">
291: <strong>019: SECURITY FIX: September 24, 2003</strong>
1.48 deraadt 292: <i>All architectures</i><br>
1.75 deraadt 293: Three cases of potential access to freed memory have been found in
294: <a href="https://man.openbsd.org/OpenBSD-3.2/pf.4">pf(4)</a>.
295: At least one of them could be used to panic pf with active scrub rules remotely.<br>
296: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/019_pfnorm.patch">
1.46 deraadt 297: A source code patch exists which remedies this problem.</a>
1.1 deraadt 298: <p>
1.75 deraadt 299:
300: <li id="asn1">
301: <strong>020: SECURITY FIX: October 1, 2003</strong>
1.48 deraadt 302: <i>All architectures</i><br>
1.75 deraadt 303: The use of certain ASN.1 encodings or malformed public keys may allow an
304: attacker to mount a denial of service attack against applications linked with
305: <a href="https://man.openbsd.org/OpenBSD-3.2/ssl.3">ssl(3)</a>.
306: This does not affect OpenSSH.<br>
307: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/020_asn1.patch">
1.46 deraadt 308: A source code patch exists which remedies this problem.</a>
1.1 deraadt 309: <p>
1.75 deraadt 310:
311: <li id="arp">
312: <strong>021: RELIABILITY FIX: October 1, 2003</strong>
1.48 deraadt 313: <i>All architectures</i><br>
1.75 deraadt 314: It is possible for a local user to cause a system panic by flooding it with spoofed ARP
315: requests.<br>
316: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/021_arp.patch">
1.46 deraadt 317: A source code patch exists which remedies this problem.</a>
1.1 deraadt 318: <p>
1.44 deraadt 319:
1.1 deraadt 320: </ul>
321:
1.52 tedu 322: <hr>