[BACK]Return to errata33.html CVS log [TXT][DIR] Up to [local] / www

Diff for /www/errata33.html between version 1.71 and 1.72

version 1.71, 2016/08/15 02:22:06 version 1.72, 2016/10/16 19:11:29
Line 70 
Line 70 
 <br>  <br>
 <hr>  <hr>
   
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3.tar.gz">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3.tar.gz">
 You can also fetch a tar.gz file containing all the following patches</a>.  You can also fetch a tar.gz file containing all the following patches</a>.
 This file is updated once a day.  This file is updated once a day.
 <p>  <p>
Line 96 
Line 96 
 the client and allowing clients to check out files outside the CVS  the client and allowing clients to check out files outside the CVS
 repository.  repository.
 <br>  <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="openssl">  <li id="openssl">
Line 107 
Line 107 
 A remote attacker can use the bug to cause an OpenSSL application to crash;  A remote attacker can use the bug to cause an OpenSSL application to crash;
 this may lead to a denial of service.  this may lead to a denial of service.
 <br>  <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/021_openssl.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/021_openssl.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="isakmpd2">  <li id="isakmpd2">
Line 119 
Line 119 
 cause isakmpd to crash or to loop endlessly.  This patch fixes these problems  cause isakmpd to crash or to loop endlessly.  This patch fixes these problems
 and removes some memory leaks.  and removes some memory leaks.
 <br>  <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/020_isakmpd2.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/020_isakmpd2.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="httpd2">  <li id="httpd2">
Line 130 
Line 130 
 access module, using IP addresses without a netmask on big endian 64-bit  access module, using IP addresses without a netmask on big endian 64-bit
 platforms causes the rules to fail to match. This only affects sparc64.  platforms causes the rules to fail to match. This only affects sparc64.
 <br>  <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/019_httpd2.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/019_httpd2.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="tcp">  <li id="tcp">
Line 141 
Line 141 
 send out-of-order TCP segments and trick the system into using all  send out-of-order TCP segments and trick the system into using all
 available memory buffers.  available memory buffers.
 <br>  <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/018_tcp.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/018_tcp.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="font">  <li id="font">
Line 151 
Line 151 
 font.aliases files in XFree86. Thanks to ProPolice, these cannot be  font.aliases files in XFree86. Thanks to ProPolice, these cannot be
 exploited to gain privileges, but they can cause the X server to abort.  exploited to gain privileges, but they can cause the X server to abort.
 <br>  <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/017_font.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/017_font.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="ip6">  <li id="ip6">
Line 161 
Line 161 
 to cause a denial of service attack against hosts with reachable IPv6  to cause a denial of service attack against hosts with reachable IPv6
 TCP ports.  TCP ports.
 <br>  <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/016_ip6.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/016_ip6.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="sysvshm">  <li id="sysvshm">
Line 172 
Line 172 
 system call that could be used by an attacker to write to kernel memory  system call that could be used by an attacker to write to kernel memory
 under certain circumstances.  under certain circumstances.
 <br>  <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/015_sysvshm.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/015_sysvshm.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="isakmpd">  <li id="isakmpd">
Line 182 
Line 182 
 <a href="http://man.openbsd.org/?query=isakmpd&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">isakmpd(8)</a>  <a href="http://man.openbsd.org/?query=isakmpd&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">isakmpd(8)</a>
 have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.  have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.
 <br>  <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/014_isakmpd.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/014_isakmpd.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="sem">  <li id="sem">
Line 194 
Line 194 
 <a href="http://man.openbsd.org/?query=semop&amp;apropos=0&amp;sektion=2&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">semop(2)</a> functions  <a href="http://man.openbsd.org/?query=semop&amp;apropos=0&amp;sektion=2&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">semop(2)</a> functions
 certain arguments.  certain arguments.
 <br>  <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="uvm">  <li id="uvm">
Line 202 
Line 202 
 &nbsp; <i>All architectures</i><br>  &nbsp; <i>All architectures</i><br>
 It is possible for a local user to cause a crash via  It is possible for a local user to cause a crash via
 <a href="http://man.openbsd.org/?query=sysctl&amp;apropos=0&amp;sektion=3&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">sysctl(3)</a> with certain arguments.<br>  <a href="http://man.openbsd.org/?query=sysctl&amp;apropos=0&amp;sektion=3&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">sysctl(3)</a> with certain arguments.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="ibcs2">  <li id="ibcs2">
Line 212 
Line 212 
 It is possible for a local user to execute arbitrary code resulting in escalation of  It is possible for a local user to execute arbitrary code resulting in escalation of
 privileges due to a stack overrun in  privileges due to a stack overrun in
 <a href="http://man.openbsd.org/?query=compat_ibcs2&amp;sektion=8&amp;apropos=0&amp;manpath=OpenBSD+Current&amp;arch=i386">compat_ibcs2(8)</a>.<br>  <a href="http://man.openbsd.org/?query=compat_ibcs2&amp;sektion=8&amp;apropos=0&amp;manpath=OpenBSD+Current&amp;arch=i386">compat_ibcs2(8)</a>.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="exec">  <li id="exec">
Line 220 
Line 220 
 &nbsp; <i>All architectures</i><br>  &nbsp; <i>All architectures</i><br>
 It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.  It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
 <br>  <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="httpd">  <li id="httpd">
Line 232 
Line 232 
 or potentially run arbitrary code as the user <tt>www</tt> (although it  or potentially run arbitrary code as the user <tt>www</tt> (although it
 is believed that ProPolice will prevent code execution).  is believed that ProPolice will prevent code execution).
 <br>  <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="arp">  <li id="arp">
Line 240 
Line 240 
 &nbsp; <i>All architectures</i><br>  &nbsp; <i>All architectures</i><br>
 It is possible for a local user to cause a system panic by flooding it with spoofed ARP  It is possible for a local user to cause a system panic by flooding it with spoofed ARP
 requests.<br>  requests.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="asn1">  <li id="asn1">
Line 250 
Line 250 
 attacker to mount a denial of service attack against applications linked with  attacker to mount a denial of service attack against applications linked with
 <a href="http://man.openbsd.org/?query=ssl&amp;sektion=3">ssl(3)</a>.  <a href="http://man.openbsd.org/?query=ssl&amp;sektion=3">ssl(3)</a>.
 This does not affect OpenSSH.<br>  This does not affect OpenSSH.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="pfnorm">  <li id="pfnorm">
Line 259 
Line 259 
 Three cases of potential access to freed memory have been found in  Three cases of potential access to freed memory have been found in
 <a href="http://man.openbsd.org/?query=pf&amp;sektion=4">pf(4)</a>.  <a href="http://man.openbsd.org/?query=pf&amp;sektion=4">pf(4)</a>.
 At least one of them could be used to panic pf with active scrub rules remotely.<br>  At least one of them could be used to panic pf with active scrub rules remotely.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="sendmail">  <li id="sendmail">
Line 268 
Line 268 
 A buffer overflow in the address parsing in  A buffer overflow in the address parsing in
 <a href="http://man.openbsd.org/?query=sendmail&amp;sektion=8">sendmail(8)</a>  <a href="http://man.openbsd.org/?query=sendmail&amp;sektion=8">sendmail(8)</a>
 may allow an attacker to gain root privileges.<br>  may allow an attacker to gain root privileges.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 NOTE: this is the <em>second</em> revision of the patch that fixes an additional  NOTE: this is the <em>second</em> revision of the patch that fixes an additional
 problem.  problem.
Line 278 
Line 278 
 &nbsp; <i>All architectures</i><br>  &nbsp; <i>All architectures</i><br>
 All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.  All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.
 It is unclear whether or not this bug is exploitable.<br>  It is unclear whether or not this bug is exploitable.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 NOTE: this is the <em>second</em> revision of the patch that fixes an additional  NOTE: this is the <em>second</em> revision of the patch that fixes an additional
 problem.  problem.
Line 288 
Line 288 
 &nbsp; <i>All architectures</i><br>  &nbsp; <i>All architectures</i><br>
 Root may be able to reduce the security level by taking advantage of  Root may be able to reduce the security level by taking advantage of
 an integer overflow when the semaphore limits are made very large.<br>  an integer overflow when the semaphore limits are made very large.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="semget">  <li id="semget">
Line 297 
Line 297 
 An improper bounds check in the  An improper bounds check in the
 <a href="http://man.openbsd.org/?query=semget&amp;sektion=2">semget(2)</a>  <a href="http://man.openbsd.org/?query=semget&amp;sektion=2">semget(2)</a>
 system call can allow a local user to cause a kernel panic.<br>  system call can allow a local user to cause a kernel panic.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
 <li id="realpath">  <li id="realpath">
Line 308 
Line 308 
 Since this same bug resulted in a root compromise in the wu-ftpd ftp server  Since this same bug resulted in a root compromise in the wu-ftpd ftp server
 it is possible that this bug may allow an attacker to gain escalated privileges  it is possible that this bug may allow an attacker to gain escalated privileges
 on OpenBSD.<br>  on OpenBSD.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch">  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch">
 A source code patch exists which remedies this problem.</a>  A source code patch exists which remedies this problem.</a>
 <p>  <p>
   
Legend:
Removed from v.1.71  
changed lines
  Added in v.1.72