version 1.39, 2010/03/08 21:53:37 |
version 1.40, 2010/07/08 19:00:07 |
|
|
<br> |
<br> |
<hr> |
<hr> |
|
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3.tar.gz"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3.tar.gz"> |
You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
This file is updated once a day. |
This file is updated once a day. |
|
|
|
|
the client and allowing clients to check out files outside the CVS |
the client and allowing clients to check out files outside the CVS |
repository. |
repository. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="openssl"></a> |
<li><a name="openssl"></a> |
|
|
A remote attacker can use the bug to cause an OpenSSL application to crash; |
A remote attacker can use the bug to cause an OpenSSL application to crash; |
this may lead to a denial of service. |
this may lead to a denial of service. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/021_openssl.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/021_openssl.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="isakmpd2"></a> |
<li><a name="isakmpd2"></a> |
|
|
cause isakmpd to crash or to loop endlessly. This patch fixes these problems |
cause isakmpd to crash or to loop endlessly. This patch fixes these problems |
and removes some memory leaks. |
and removes some memory leaks. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/020_isakmpd2.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/020_isakmpd2.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="httpd2"></a> |
<li><a name="httpd2"></a> |
|
|
access module, using IP addresses without a netmask on big endian 64-bit |
access module, using IP addresses without a netmask on big endian 64-bit |
platforms causes the rules to fail to match. This only affects sparc64. |
platforms causes the rules to fail to match. This only affects sparc64. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/019_httpd2.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/019_httpd2.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<li><a name="tcp"></a> |
<li><a name="tcp"></a> |
|
|
send out-of-order TCP segments and trick the system into using all |
send out-of-order TCP segments and trick the system into using all |
available memory buffers. |
available memory buffers. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/018_tcp.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/018_tcp.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<li><a name="font"></a> |
<li><a name="font"></a> |
|
|
font.aliases files in XFree86. Thanks to ProPolice, these cannot be |
font.aliases files in XFree86. Thanks to ProPolice, these cannot be |
exploited to gain privileges, but they can cause the X server to abort. |
exploited to gain privileges, but they can cause the X server to abort. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/017_font.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/017_font.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<li><a name="ip6"></a> |
<li><a name="ip6"></a> |
|
|
to cause a denial of service attack against hosts with reachable IPv6 |
to cause a denial of service attack against hosts with reachable IPv6 |
TCP ports. |
TCP ports. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/016_ip6.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/016_ip6.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<li><a name="sysvshm"></a> |
<li><a name="sysvshm"></a> |
|
|
system call that could be used by an attacker to write to kernel memory |
system call that could be used by an attacker to write to kernel memory |
under certain circumstances. |
under certain circumstances. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/015_sysvshm.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/015_sysvshm.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<li><a name="isakmpd"></a> |
<li><a name="isakmpd"></a> |
|
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a> |
have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs. |
have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/014_isakmpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/014_isakmpd.patch"> |
A source code patch exists which remedies these problems</a>.<br> |
A source code patch exists which remedies these problems</a>.<br> |
<p> |
<p> |
<li><a name="sem"></a> |
<li><a name="sem"></a> |
|
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semop&apropos=0&sektion=2&manpath=OpenBSD+Current&arch=i386&format=html">semop(2)</a> functions |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semop&apropos=0&sektion=2&manpath=OpenBSD+Current&arch=i386&format=html">semop(2)</a> functions |
certain arguments. |
certain arguments. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<li><a name="uvm"></a> |
<li><a name="uvm"></a> |
<font color="#009000"><strong>012: RELIABILITY FIX: November 20, 2003</strong></font><br> |
<font color="#009000"><strong>012: RELIABILITY FIX: November 20, 2003</strong></font><br> |
It is possible for a local user to cause a crash via |
It is possible for a local user to cause a crash via |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&apropos=0&sektion=3&manpath=OpenBSD+Current&arch=i386&format=html">sysctl(3)</a> with certain arguments.<br> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&apropos=0&sektion=3&manpath=OpenBSD+Current&arch=i386&format=html">sysctl(3)</a> with certain arguments.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<li><a name="exec"></a> |
<li><a name="exec"></a> |
<font color="#009000"><strong>010: RELIABILITY FIX: November 4, 2003</strong></font><br> |
<font color="#009000"><strong>010: RELIABILITY FIX: November 4, 2003</strong></font><br> |
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. |
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<li><a name="httpd"></a> |
<li><a name="httpd"></a> |
|
|
or potentially run arbitrary code as the user <tt>www</tt> (although it |
or potentially run arbitrary code as the user <tt>www</tt> (although it |
is believed that ProPolice will prevent code execution). |
is believed that ProPolice will prevent code execution). |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<li><a name="arp"></a> |
<li><a name="arp"></a> |
<font color="#009000"><strong>008: RELIABILITY FIX: October 1, 2003</strong></font><br> |
<font color="#009000"><strong>008: RELIABILITY FIX: October 1, 2003</strong></font><br> |
It is possible for a local user to cause a system panic by flooding it with spoofed ARP |
It is possible for a local user to cause a system panic by flooding it with spoofed ARP |
requests.<br> |
requests.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<li><a name="asn1"></a> |
<li><a name="asn1"></a> |
|
|
attacker to mount a denial of service attack against applications linked with |
attacker to mount a denial of service attack against applications linked with |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>. |
This does not affect OpenSSH.<br> |
This does not affect OpenSSH.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<li><a name="pfnorm"></a> |
<li><a name="pfnorm"></a> |
|
|
Three cases of potential access to freed memory have been found in |
Three cases of potential access to freed memory have been found in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
At least one of them could be used to panic pf with active scrub rules remotely.<br> |
At least one of them could be used to panic pf with active scrub rules remotely.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
<li><a name="sendmail"></a> |
<li><a name="sendmail"></a> |
|
|
A buffer overflow in the address parsing in |
A buffer overflow in the address parsing in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
may allow an attacker to gain root privileges.<br> |
may allow an attacker to gain root privileges.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
problem. |
problem. |
|
|
<font color="#009000"><strong>004: SECURITY FIX: September 16, 2003</strong></font><br> |
<font color="#009000"><strong>004: SECURITY FIX: September 16, 2003</strong></font><br> |
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. |
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. |
It is unclear whether or not this bug is exploitable.<br> |
It is unclear whether or not this bug is exploitable.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch">A |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch">A |
source code patch exists which remedies the problem</a>.<br> |
source code patch exists which remedies the problem</a>.<br> |
NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
problem. |
problem. |
|
|
<font color="#009000"><strong>003: SECURITY FIX: September 10, 2003</strong></font><br> |
<font color="#009000"><strong>003: SECURITY FIX: September 10, 2003</strong></font><br> |
Root may be able to reduce the security level by taking advantage of |
Root may be able to reduce the security level by taking advantage of |
an integer overflow when the semaphore limits are made very large.<br> |
an integer overflow when the semaphore limits are made very large.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch"> |
A source code patch exists which remedies the problem</a>. |
A source code patch exists which remedies the problem</a>. |
<p> |
<p> |
<li><a name="semget"></a> |
<li><a name="semget"></a> |
|
|
An improper bounds check in the |
An improper bounds check in the |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semget&sektion=2">semget(2)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semget&sektion=2">semget(2)</a> |
system call can allow a local user to cause a kernel panic.<br> |
system call can allow a local user to cause a kernel panic.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch"> |
A source code patch exists which remedies the problem</a>. |
A source code patch exists which remedies the problem</a>. |
<p> |
<p> |
<li><a name="realpath"></a> |
<li><a name="realpath"></a> |
|
|
Since this same bug resulted in a root compromise in the wu-ftpd ftp server |
Since this same bug resulted in a root compromise in the wu-ftpd ftp server |
it is possible that this bug may allow an attacker to gain escalated privileges |
it is possible that this bug may allow an attacker to gain escalated privileges |
on OpenBSD.<br> |
on OpenBSD.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch"> |
A source code patch exists which remedies the problem</a>. |
A source code patch exists which remedies the problem</a>. |
<p> |
<p> |
</ul> |
</ul> |
|
|
It is possible for a local user to execute arbitrary code resulting in escalation of |
It is possible for a local user to execute arbitrary code resulting in escalation of |
privileges due to a stack overrun in |
privileges due to a stack overrun in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compat_ibcs2&sektion=8&apropos=0&manpath=OpenBSD+Current&arch=i386">compat_ibcs2(8)</a>.<br> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compat_ibcs2&sektion=8&apropos=0&manpath=OpenBSD+Current&arch=i386">compat_ibcs2(8)</a>.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch"> |
A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
<p> |
<p> |
</ul> |
</ul> |