Return to errata33.html CVS log | Up to [local] / www |
version 1.71, 2016/08/15 02:22:06 | version 1.72, 2016/10/16 19:11:29 | ||
---|---|---|---|
|
|
||
<br> | <br> | ||
<hr> | <hr> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3.tar.gz"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3.tar.gz"> | ||
You can also fetch a tar.gz file containing all the following patches</a>. | You can also fetch a tar.gz file containing all the following patches</a>. | ||
This file is updated once a day. | This file is updated once a day. | ||
<p> | <p> | ||
|
|
||
the client and allowing clients to check out files outside the CVS | the client and allowing clients to check out files outside the CVS | ||
repository. | repository. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="openssl"> | <li id="openssl"> | ||
|
|
||
A remote attacker can use the bug to cause an OpenSSL application to crash; | A remote attacker can use the bug to cause an OpenSSL application to crash; | ||
this may lead to a denial of service. | this may lead to a denial of service. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/021_openssl.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/021_openssl.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="isakmpd2"> | <li id="isakmpd2"> | ||
|
|
||
cause isakmpd to crash or to loop endlessly. This patch fixes these problems | cause isakmpd to crash or to loop endlessly. This patch fixes these problems | ||
and removes some memory leaks. | and removes some memory leaks. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/020_isakmpd2.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/020_isakmpd2.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="httpd2"> | <li id="httpd2"> | ||
|
|
||
access module, using IP addresses without a netmask on big endian 64-bit | access module, using IP addresses without a netmask on big endian 64-bit | ||
platforms causes the rules to fail to match. This only affects sparc64. | platforms causes the rules to fail to match. This only affects sparc64. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/019_httpd2.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/019_httpd2.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="tcp"> | <li id="tcp"> | ||
|
|
||
send out-of-order TCP segments and trick the system into using all | send out-of-order TCP segments and trick the system into using all | ||
available memory buffers. | available memory buffers. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/018_tcp.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/018_tcp.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="font"> | <li id="font"> | ||
|
|
||
font.aliases files in XFree86. Thanks to ProPolice, these cannot be | font.aliases files in XFree86. Thanks to ProPolice, these cannot be | ||
exploited to gain privileges, but they can cause the X server to abort. | exploited to gain privileges, but they can cause the X server to abort. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/017_font.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/017_font.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="ip6"> | <li id="ip6"> | ||
|
|
||
to cause a denial of service attack against hosts with reachable IPv6 | to cause a denial of service attack against hosts with reachable IPv6 | ||
TCP ports. | TCP ports. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/016_ip6.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/016_ip6.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="sysvshm"> | <li id="sysvshm"> | ||
|
|
||
system call that could be used by an attacker to write to kernel memory | system call that could be used by an attacker to write to kernel memory | ||
under certain circumstances. | under certain circumstances. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/015_sysvshm.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/015_sysvshm.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="isakmpd"> | <li id="isakmpd"> | ||
|
|
||
<a href="http://man.openbsd.org/?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a> | <a href="http://man.openbsd.org/?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a> | ||
have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs. | have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/014_isakmpd.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/014_isakmpd.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="sem"> | <li id="sem"> | ||
|
|
||
<a href="http://man.openbsd.org/?query=semop&apropos=0&sektion=2&manpath=OpenBSD+Current&arch=i386&format=html">semop(2)</a> functions | <a href="http://man.openbsd.org/?query=semop&apropos=0&sektion=2&manpath=OpenBSD+Current&arch=i386&format=html">semop(2)</a> functions | ||
certain arguments. | certain arguments. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="uvm"> | <li id="uvm"> | ||
|
|
||
<i>All architectures</i><br> | <i>All architectures</i><br> | ||
It is possible for a local user to cause a crash via | It is possible for a local user to cause a crash via | ||
<a href="http://man.openbsd.org/?query=sysctl&apropos=0&sektion=3&manpath=OpenBSD+Current&arch=i386&format=html">sysctl(3)</a> with certain arguments.<br> | <a href="http://man.openbsd.org/?query=sysctl&apropos=0&sektion=3&manpath=OpenBSD+Current&arch=i386&format=html">sysctl(3)</a> with certain arguments.<br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="ibcs2"> | <li id="ibcs2"> | ||
|
|
||
It is possible for a local user to execute arbitrary code resulting in escalation of | It is possible for a local user to execute arbitrary code resulting in escalation of | ||
privileges due to a stack overrun in | privileges due to a stack overrun in | ||
<a href="http://man.openbsd.org/?query=compat_ibcs2&sektion=8&apropos=0&manpath=OpenBSD+Current&arch=i386">compat_ibcs2(8)</a>.<br> | <a href="http://man.openbsd.org/?query=compat_ibcs2&sektion=8&apropos=0&manpath=OpenBSD+Current&arch=i386">compat_ibcs2(8)</a>.<br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="exec"> | <li id="exec"> | ||
|
|
||
<i>All architectures</i><br> | <i>All architectures</i><br> | ||
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. | It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="httpd"> | <li id="httpd"> | ||
|
|
||
or potentially run arbitrary code as the user <tt>www</tt> (although it | or potentially run arbitrary code as the user <tt>www</tt> (although it | ||
is believed that ProPolice will prevent code execution). | is believed that ProPolice will prevent code execution). | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="arp"> | <li id="arp"> | ||
|
|
||
<i>All architectures</i><br> | <i>All architectures</i><br> | ||
It is possible for a local user to cause a system panic by flooding it with spoofed ARP | It is possible for a local user to cause a system panic by flooding it with spoofed ARP | ||
requests.<br> | requests.<br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="asn1"> | <li id="asn1"> | ||
|
|
||
attacker to mount a denial of service attack against applications linked with | attacker to mount a denial of service attack against applications linked with | ||
<a href="http://man.openbsd.org/?query=ssl&sektion=3">ssl(3)</a>. | <a href="http://man.openbsd.org/?query=ssl&sektion=3">ssl(3)</a>. | ||
This does not affect OpenSSH.<br> | This does not affect OpenSSH.<br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="pfnorm"> | <li id="pfnorm"> | ||
|
|
||
Three cases of potential access to freed memory have been found in | Three cases of potential access to freed memory have been found in | ||
<a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>. | <a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>. | ||
At least one of them could be used to panic pf with active scrub rules remotely.<br> | At least one of them could be used to panic pf with active scrub rules remotely.<br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="sendmail"> | <li id="sendmail"> | ||
|
|
||
A buffer overflow in the address parsing in | A buffer overflow in the address parsing in | ||
<a href="http://man.openbsd.org/?query=sendmail&sektion=8">sendmail(8)</a> | <a href="http://man.openbsd.org/?query=sendmail&sektion=8">sendmail(8)</a> | ||
may allow an attacker to gain root privileges.<br> | may allow an attacker to gain root privileges.<br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
NOTE: this is the <em>second</em> revision of the patch that fixes an additional | NOTE: this is the <em>second</em> revision of the patch that fixes an additional | ||
problem. | problem. | ||
|
|
||
<i>All architectures</i><br> | <i>All architectures</i><br> | ||
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. | All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. | ||
It is unclear whether or not this bug is exploitable.<br> | It is unclear whether or not this bug is exploitable.<br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
NOTE: this is the <em>second</em> revision of the patch that fixes an additional | NOTE: this is the <em>second</em> revision of the patch that fixes an additional | ||
problem. | problem. | ||
|
|
||
<i>All architectures</i><br> | <i>All architectures</i><br> | ||
Root may be able to reduce the security level by taking advantage of | Root may be able to reduce the security level by taking advantage of | ||
an integer overflow when the semaphore limits are made very large.<br> | an integer overflow when the semaphore limits are made very large.<br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="semget"> | <li id="semget"> | ||
|
|
||
An improper bounds check in the | An improper bounds check in the | ||
<a href="http://man.openbsd.org/?query=semget&sektion=2">semget(2)</a> | <a href="http://man.openbsd.org/?query=semget&sektion=2">semget(2)</a> | ||
system call can allow a local user to cause a kernel panic.<br> | system call can allow a local user to cause a kernel panic.<br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
<li id="realpath"> | <li id="realpath"> | ||
|
|
||
Since this same bug resulted in a root compromise in the wu-ftpd ftp server | Since this same bug resulted in a root compromise in the wu-ftpd ftp server | ||
it is possible that this bug may allow an attacker to gain escalated privileges | it is possible that this bug may allow an attacker to gain escalated privileges | ||
on OpenBSD.<br> | on OpenBSD.<br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||