version 1.80, 2019/04/02 12:46:56 |
version 1.81, 2019/05/27 22:55:19 |
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!doctype html> |
<html> |
<html lang=en id=errata> |
<head> |
<meta charset=utf-8> |
|
|
<title>OpenBSD 3.3 Errata</title> |
<title>OpenBSD 3.3 Errata</title> |
<meta name="description" content="the OpenBSD CD errata page"> |
<meta name="description" content="the OpenBSD CD errata page"> |
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> |
|
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="canonical" href="https://www.openbsd.org/errata33.html"> |
<link rel="canonical" href="https://www.openbsd.org/errata33.html"> |
</head> |
|
|
|
<!-- |
<!-- |
IMPORTANT REMINDER |
IMPORTANT REMINDER |
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE |
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE |
--> |
--> |
|
|
<body bgcolor="#ffffff" text="#000000" link="#23238E"> |
|
|
|
<h2> |
<h2 id=OpenBSD> |
<a href="index.html"> |
<a href="index.html"> |
<font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a> |
<i>Open</i><b>BSD</b></a> |
<font color="#e00000">3.3 Errata</font> |
3.3 Errata |
</h2> |
</h2> |
<hr> |
<hr> |
|
|
|
|
|
|
<ul> |
<ul> |
<li id="cvs"> |
<li id="cvs"> |
<font color="#009000"><strong>022: SECURITY FIX: May 5, 2004</strong></font> |
<strong>022: SECURITY FIX: May 5, 2004</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Pathname validation problems have been found in |
Pathname validation problems have been found in |
<a href="https://man.openbsd.org/OpenBSD-3.3/cvs.1">cvs(1)</a>, |
<a href="https://man.openbsd.org/OpenBSD-3.3/cvs.1">cvs(1)</a>, |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="openssl"> |
<li id="openssl"> |
<font color="#009000"><strong>021: RELIABILITY FIX: March 17, 2004</strong></font> |
<strong>021: RELIABILITY FIX: March 17, 2004</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A missing check for a NULL-pointer dereference has been found in |
A missing check for a NULL-pointer dereference has been found in |
<a href="https://man.openbsd.org/OpenBSD-3.3/ssl.3">ssl(3)</a>. |
<a href="https://man.openbsd.org/OpenBSD-3.3/ssl.3">ssl(3)</a>. |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="isakmpd2"> |
<li id="isakmpd2"> |
<font color="#009000"><strong>020: RELIABILITY FIX: March 17, 2004</strong></font> |
<strong>020: RELIABILITY FIX: March 17, 2004</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Defects in the payload validation and processing functions of |
Defects in the payload validation and processing functions of |
<a href="https://man.openbsd.org/OpenBSD-3.3/isakmpd.8">isakmpd(8)</a> |
<a href="https://man.openbsd.org/OpenBSD-3.3/isakmpd.8">isakmpd(8)</a> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="httpd2"> |
<li id="httpd2"> |
<font color="#009000"><strong>019: SECURITY FIX: March 13, 2004</strong></font> |
<strong>019: SECURITY FIX: March 13, 2004</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Due to a bug in the parsing of Allow/Deny rules for |
Due to a bug in the parsing of Allow/Deny rules for |
<a href="https://man.openbsd.org/OpenBSD-3.3/httpd.8">httpd(8)'s</a> |
<a href="https://man.openbsd.org/OpenBSD-3.3/httpd.8">httpd(8)'s</a> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="tcp"> |
<li id="tcp"> |
<font color="#009000"><strong>018: RELIABILITY FIX: March 8, 2004</strong></font> |
<strong>018: RELIABILITY FIX: March 8, 2004</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
OpenBSD's TCP/IP stack did not impose limits on how many out-of-order |
OpenBSD's TCP/IP stack did not impose limits on how many out-of-order |
TCP segments are queued in the system. An attacker could |
TCP segments are queued in the system. An attacker could |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="font"> |
<li id="font"> |
<font color="#009000"><strong>017: RELIABILITY FIX: February 14, 2004</strong></font> |
<strong>017: RELIABILITY FIX: February 14, 2004</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Several buffer overflows exist in the code parsing |
Several buffer overflows exist in the code parsing |
font.aliases files in XFree86. Thanks to ProPolice, these cannot be |
font.aliases files in XFree86. Thanks to ProPolice, these cannot be |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="ip6"> |
<li id="ip6"> |
<font color="#009000"><strong>016: SECURITY FIX: February 8, 2004</strong></font> |
<strong>016: SECURITY FIX: February 8, 2004</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
An IPv6 MTU handling problem exists that could be used by an attacker |
An IPv6 MTU handling problem exists that could be used by an attacker |
to cause a denial of service attack against hosts with reachable IPv6 |
to cause a denial of service attack against hosts with reachable IPv6 |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="sysvshm"> |
<li id="sysvshm"> |
<font color="#009000"><strong>015: SECURITY FIX: February 5, 2004</strong></font> |
<strong>015: SECURITY FIX: February 5, 2004</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A reference counting bug exists in the |
A reference counting bug exists in the |
<a href="https://man.openbsd.org/OpenBSD-3.3/shmat.2">shmat(2)</a> |
<a href="https://man.openbsd.org/OpenBSD-3.3/shmat.2">shmat(2)</a> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="isakmpd"> |
<li id="isakmpd"> |
<font color="#009000"><strong>014: SECURITY FIX: January 15, 2004</strong></font> |
<strong>014: SECURITY FIX: January 15, 2004</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Several message handling flaws in |
Several message handling flaws in |
<a href="https://man.openbsd.org/OpenBSD-3.3/isakmpd.8">isakmpd(8)</a> |
<a href="https://man.openbsd.org/OpenBSD-3.3/isakmpd.8">isakmpd(8)</a> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="sem"> |
<li id="sem"> |
<font color="#009000"><strong>013: RELIABILITY FIX: November 20, 2003</strong></font> |
<strong>013: RELIABILITY FIX: November 20, 2003</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
An improper bounds check makes it possible for a local user to cause a crash |
An improper bounds check makes it possible for a local user to cause a crash |
by passing the |
by passing the |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="uvm"> |
<li id="uvm"> |
<font color="#009000"><strong>012: RELIABILITY FIX: November 20, 2003</strong></font> |
<strong>012: RELIABILITY FIX: November 20, 2003</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
It is possible for a local user to cause a crash via |
It is possible for a local user to cause a crash via |
<a href="https://man.openbsd.org/OpenBSD-3.3/sysctl.3">sysctl(3)</a> with certain arguments.<br> |
<a href="https://man.openbsd.org/OpenBSD-3.3/sysctl.3">sysctl(3)</a> with certain arguments.<br> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="ibcs2"> |
<li id="ibcs2"> |
<a name="i386"></a> |
<strong>011: SECURITY FIX: November 17, 2003</strong> |
<font color="#009000"><strong>011: SECURITY FIX: November 17, 2003</strong></font> |
|
<i>i386 only</i><br> |
<i>i386 only</i><br> |
It is possible for a local user to execute arbitrary code resulting in escalation of |
It is possible for a local user to execute arbitrary code resulting in escalation of |
privileges due to a stack overrun in |
privileges due to a stack overrun in |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="exec"> |
<li id="exec"> |
<font color="#009000"><strong>010: RELIABILITY FIX: November 4, 2003</strong></font> |
<strong>010: RELIABILITY FIX: November 4, 2003</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. |
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. |
<br> |
<br> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="httpd"> |
<li id="httpd"> |
<font color="#009000"><strong>009: RELIABILITY FIX: October 29, 2003</strong></font> |
<strong>009: RELIABILITY FIX: October 29, 2003</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A user with write permission to <tt>httpd.conf</tt> or a <tt>.htaccess</tt> |
A user with write permission to <code>httpd.conf</code> or a <code>.htaccess</code> |
file can crash |
file can crash |
<a href="https://man.openbsd.org/OpenBSD-3.3/httpd.8">httpd(8)</a> |
<a href="https://man.openbsd.org/OpenBSD-3.3/httpd.8">httpd(8)</a> |
or potentially run arbitrary code as the user <tt>www</tt> (although it |
or potentially run arbitrary code as the user <code>www</code> (although it |
is believed that ProPolice will prevent code execution). |
is believed that ProPolice will prevent code execution). |
<br> |
<br> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="arp"> |
<li id="arp"> |
<font color="#009000"><strong>008: RELIABILITY FIX: October 1, 2003</strong></font> |
<strong>008: RELIABILITY FIX: October 1, 2003</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
It is possible for a local user to cause a system panic by flooding it with spoofed ARP |
It is possible for a local user to cause a system panic by flooding it with spoofed ARP |
requests.<br> |
requests.<br> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="asn1"> |
<li id="asn1"> |
<font color="#009000"><strong>007: SECURITY FIX: October 1, 2003</strong></font> |
<strong>007: SECURITY FIX: October 1, 2003</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The use of certain ASN.1 encodings or malformed public keys may allow an |
The use of certain ASN.1 encodings or malformed public keys may allow an |
attacker to mount a denial of service attack against applications linked with |
attacker to mount a denial of service attack against applications linked with |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="pfnorm"> |
<li id="pfnorm"> |
<font color="#009000"><strong>006: SECURITY FIX: September 24, 2003</strong></font> |
<strong>006: SECURITY FIX: September 24, 2003</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Three cases of potential access to freed memory have been found in |
Three cases of potential access to freed memory have been found in |
<a href="https://man.openbsd.org/OpenBSD-3.3/pf.4">pf(4)</a>. |
<a href="https://man.openbsd.org/OpenBSD-3.3/pf.4">pf(4)</a>. |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="sendmail"> |
<li id="sendmail"> |
<font color="#009000"><strong>005: SECURITY FIX: September 17, 2003</strong></font> |
<strong>005: SECURITY FIX: September 17, 2003</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A buffer overflow in the address parsing in |
A buffer overflow in the address parsing in |
<a href="https://man.openbsd.org/OpenBSD-3.3/sendmail.8">sendmail(8)</a> |
<a href="https://man.openbsd.org/OpenBSD-3.3/sendmail.8">sendmail(8)</a> |
|
|
problem. |
problem. |
<p> |
<p> |
<li id="sshbuffer"> |
<li id="sshbuffer"> |
<font color="#009000"><strong>004: SECURITY FIX: September 16, 2003</strong></font> |
<strong>004: SECURITY FIX: September 16, 2003</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. |
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. |
It is unclear whether or not this bug is exploitable.<br> |
It is unclear whether or not this bug is exploitable.<br> |
|
|
problem. |
problem. |
<p> |
<p> |
<li id="sysvsem"> |
<li id="sysvsem"> |
<font color="#009000"><strong>003: SECURITY FIX: September 10, 2003</strong></font> |
<strong>003: SECURITY FIX: September 10, 2003</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Root may be able to reduce the security level by taking advantage of |
Root may be able to reduce the security level by taking advantage of |
an integer overflow when the semaphore limits are made very large.<br> |
an integer overflow when the semaphore limits are made very large.<br> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="semget"> |
<li id="semget"> |
<font color="#009000"><strong>002: RELIABILITY FIX: August 20, 2003</strong></font> |
<strong>002: RELIABILITY FIX: August 20, 2003</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
An improper bounds check in the |
An improper bounds check in the |
<a href="https://man.openbsd.org/OpenBSD-3.3/semget.2">semget(2)</a> |
<a href="https://man.openbsd.org/OpenBSD-3.3/semget.2">semget(2)</a> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="realpath"> |
<li id="realpath"> |
<font color="#009000"><strong>001: SECURITY FIX: August 4, 2003</strong></font> |
<strong>001: SECURITY FIX: August 4, 2003</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
An off-by-one error exists in the C library function |
An off-by-one error exists in the C library function |
<a href="https://man.openbsd.org/OpenBSD-3.3/realpath.3">realpath(3)</a>. |
<a href="https://man.openbsd.org/OpenBSD-3.3/realpath.3">realpath(3)</a>. |
|
|
</ul> |
</ul> |
|
|
<hr> |
<hr> |
|
|
</body> |
|
</html> |
|