| version 1.7, 2003/11/21 02:34:01 |
version 1.8, 2003/11/21 16:55:16 |
|
|
| <meta name="keywords" content="openbsd,cd,errata"> |
<meta name="keywords" content="openbsd,cd,errata"> |
| <meta name="distribution" content="global"> |
<meta name="distribution" content="global"> |
| <meta name="copyright" content="This document copyright 1997-2003 by OpenBSD."> |
<meta name="copyright" content="This document copyright 1997-2003 by OpenBSD."> |
| |
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> |
| </head> |
</head> |
| |
|
| <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E"> |
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E"> |
|
|
| consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>. |
consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>. |
| <hr> |
<hr> |
| |
|
| <dl> |
<a name="all"></a> |
| <a name=all></a> |
<h3><font color="#e00000">All architectures</font></h3> |
| <li><h3><font color="#e00000">All architectures</font></h3> |
|
| <ul> |
<ul> |
| <a name=sem></a> |
<li><a name="sem"></a> |
| <li><font color="#009000"><strong>013: RELIABILITY FIX: November 20, 2003</strong></font><br> |
<font color="#009000"><strong>013: RELIABILITY FIX: November 20, 2003</strong></font><br> |
| An improper bounds check makes it possible for a local user to cause a crash |
An improper bounds check makes it possible for a local user to cause a crash |
| by passing the |
by passing the |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semctl&apropos=0&sektion=2&manpath=OpenBSD+Current&arch=i386&format=html">semctl(2)</a> and |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semctl&apropos=0&sektion=2&manpath=OpenBSD+Current&arch=i386&format=html">semctl(2)</a> and |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semop&apropos=0&sektion=2&manpath=OpenBSD+Current&arch=i386&format=html">semop(2)</a> functions |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semop&apropos=0&sektion=2&manpath=OpenBSD+Current&arch=i386&format=html">semop(2)</a> functions |
| certain arguments. |
certain arguments. |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch"> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch"> |
| A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
| <p> |
<p> |
| <a name=uvm></a> |
<li><a name="uvm"></a> |
| <li><font color="#009000"><strong>012: RELIABILITY FIX: November 20, 2003</strong></font><br> |
<font color="#009000"><strong>012: RELIABILITY FIX: November 20, 2003</strong></font><br> |
| It is possible for a local user to cause a crash via |
It is possible for a local user to cause a crash via |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&apropos=0&sektion=3&manpath=OpenBSD+Current&arch=i386&format=html">sysctl(3)</a> with certain arguments.<br> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&apropos=0&sektion=3&manpath=OpenBSD+Current&arch=i386&format=html">sysctl(3)</a> with certain arguments.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch"> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch"> |
| A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
| <p> |
<p> |
| <a name=exec></a> |
<li><a name="exec"></a> |
| <li><font color="#009000"><strong>010: RELIABILITY FIX: November 4, 2003</strong></font><br> |
<font color="#009000"><strong>010: RELIABILITY FIX: November 4, 2003</strong></font><br> |
| It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. |
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch"> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch"> |
| A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
| <p> |
<p> |
| <a name=httpd></a> |
<li><a name="httpd"></a> |
| <li><font color="#009000"><strong>009: RELIABILITY FIX: October 29, 2003</strong></font><br> |
<font color="#009000"><strong>009: RELIABILITY FIX: October 29, 2003</strong></font><br> |
| A user with write permission to <tt>httpd.conf</tt> or a <tt>.htaccess</tt> |
A user with write permission to <tt>httpd.conf</tt> or a <tt>.htaccess</tt> |
| file can crash |
file can crash |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> |
|
|
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch"> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch"> |
| A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
| <p> |
<p> |
| <a name=arp></a> |
<li><a name="arp"></a> |
| <li><font color="#009000"><strong>008: RELIABILITY FIX: October 1, 2003</strong></font><br> |
<font color="#009000"><strong>008: RELIABILITY FIX: October 1, 2003</strong></font><br> |
| It is possible for a local user to cause a system panic by flooding it with spoofed ARP |
It is possible for a local user to cause a system panic by flooding it with spoofed ARP |
| requests.<br> |
requests.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch"> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch"> |
| A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
| <p> |
<p> |
| <a name=asn1></a> |
<li><a name="asn1"></a> |
| <li><font color="#009000"><strong>007: SECURITY FIX: October 1, 2003</strong></font><br> |
<font color="#009000"><strong>007: SECURITY FIX: October 1, 2003</strong></font><br> |
| The use of certain ASN.1 encodings or malformed public keys may allow an |
The use of certain ASN.1 encodings or malformed public keys may allow an |
| attacker to mount a denial of service attack against applications linked with |
attacker to mount a denial of service attack against applications linked with |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>. |
|
|
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch"> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch"> |
| A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
| <p> |
<p> |
| <a name=pfnorm></a> |
<li><a name="pfnorm"></a> |
| <li><font color="#009000"><strong>006: SECURITY FIX: September 24, 2003</strong></font><br> |
<font color="#009000"><strong>006: SECURITY FIX: September 24, 2003</strong></font><br> |
| Three cases of potential access to freed memory have been found in |
Three cases of potential access to freed memory have been found in |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
| At least one of them could be used to panic pf with active scrub rules remotely.<br> |
At least one of them could be used to panic pf with active scrub rules remotely.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch"> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch"> |
| A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
| <p> |
<p> |
| <a name=sendmail></a> |
<li><a name="sendmail"></a> |
| <li><font color="#009000"><strong>005: SECURITY FIX: September 17, 2003</strong></font><br> |
<font color="#009000"><strong>005: SECURITY FIX: September 17, 2003</strong></font><br> |
| A buffer overflow in the address parsing in |
A buffer overflow in the address parsing in |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
| may allow an attacker to gain root privileges.<br> |
may allow an attacker to gain root privileges.<br> |
|
|
| NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
| problem. |
problem. |
| <p> |
<p> |
| <a name=sshbuffer></a> |
<li><a name="sshbuffer"></a> |
| <li><font color="#009000"><strong>004: SECURITY FIX: September 16, 2003</strong></font><br> |
<font color="#009000"><strong>004: SECURITY FIX: September 16, 2003</strong></font><br> |
| All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. |
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. |
| It is unclear whether or not this bug is exploitable.<br> |
It is unclear whether or not this bug is exploitable.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch">A |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch">A |
|
|
| NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
| problem. |
problem. |
| <p> |
<p> |
| <a name=sysvsem></a> |
<li><a name="sysvsem"></a> |
| <li><font color="#009000"><strong>003: SECURITY FIX: September 10, 2003</strong></font><br> |
<font color="#009000"><strong>003: SECURITY FIX: September 10, 2003</strong></font><br> |
| Root may be able to reduce the security level by taking advantage of |
Root may be able to reduce the security level by taking advantage of |
| an integer overflow when the semaphore limits are made very large.<br> |
an integer overflow when the semaphore limits are made very large.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch"> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch"> |
| A source code patch exists which remedies the problem</a>. |
A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=semget></a> |
<li><a name="semget"></a> |
| <li><font color="#009000"><strong>002: RELIABILITY FIX: August 20, 2003</strong></font><br> |
<font color="#009000"><strong>002: RELIABILITY FIX: August 20, 2003</strong></font><br> |
| An improper bounds check in the |
An improper bounds check in the |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semget&sektion=2">semget(2)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semget&sektion=2">semget(2)</a> |
| system call can allow a local user to cause a kernel panic.<br> |
system call can allow a local user to cause a kernel panic.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch"> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch"> |
| A source code patch exists which remedies the problem</a>. |
A source code patch exists which remedies the problem</a>. |
| <a name=realpath></a> |
<a name="realpath"></a> |
| <p> |
<p> |
| <li><font color="#009000"><strong>001: SECURITY FIX: August 4, 2003</strong></font><br> |
<li><font color="#009000"><strong>001: SECURITY FIX: August 4, 2003</strong></font><br> |
| An off-by-one error exists in the C library function |
An off-by-one error exists in the C library function |
|
|
| <p> |
<p> |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=i386></a> |
<a name="i386"></a> |
| <li><h3><font color="#e00000">i386</font></h3> |
<h3><font color="#e00000">i386</font></h3> |
| <ul> |
<ul> |
| <a name=ibcs2></a> |
<li><a name="ibcs2"></a> |
| <li><font color="#009000"><strong>011: SECURITY FIX: November 17, 2003</strong></font><br> |
<font color="#009000"><strong>011: SECURITY FIX: November 17, 2003</strong></font><br> |
| It is possible for a local user to execute arbitrary code resulting in escalation of |
It is possible for a local user to execute arbitrary code resulting in escalation of |
| privileges due to a stack overrun in |
privileges due to a stack overrun in |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compat_ibcs2&sektion=8&apr |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compat_ibcs2&sektion=8&apropos=0&manpath=OpenBSD+Current&arch=i386">compat_ibcs2(8)</a>.<br> |
| opos=0&manpath=OpenBSD+Current&arch=i386">compat_ibcs2(8)</a>.<br> |
|
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch"> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch"> |
| A source code patch exists which remedies the problem</a>.<br> |
A source code patch exists which remedies the problem</a>.<br> |
| <p> |
<p> |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=alpha></a> |
<a name="alpha"></a> |
| <li><h3><font color="#e00000">alpha</font></h3> |
<h3><font color="#e00000">alpha</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=mac68k></a> |
<a name="mac68k"></a> |
| <li><h3><font color="#e00000">mac68k</font></h3> |
<h3><font color="#e00000">mac68k</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=sparc></a> |
<a name="sparc"></a> |
| <li><h3><font color="#e00000">sparc</font></h3> |
<h3><font color="#e00000">sparc</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=sparc64></a> |
<a name="sparc64"></a> |
| <li><h3><font color="#e00000">sparc64</font></h3> |
<h3><font color="#e00000">sparc64</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=hppa></a> |
<a name="hppa"></a> |
| <li><h3><font color="#e00000">hppa</font></h3> |
<h3><font color="#e00000">hppa</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=hp300></a> |
<a name="hp300"></a> |
| <li><h3><font color="#e00000">hp300</font></h3> |
<h3><font color="#e00000">hp300</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=mvme68k></a> |
<a name="mvme68k"></a> |
| <li><h3><font color="#e00000">mvme68k</font></h3> |
<h3><font color="#e00000">mvme68k</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=macppc></a> |
<a name="macppc"></a> |
| <li><h3><font color="#e00000">macppc</font></h3> |
<h3><font color="#e00000">macppc</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| <p> |
<p> |
| <a name=vax></a> |
<a name="vax"></a> |
| <li><h3><font color="#e00000">vax</font></h3> |
<h3><font color="#e00000">vax</font></h3> |
| <ul> |
<ul> |
| <li>No problems identified yet. |
<li>No problems identified yet. |
| </ul> |
</ul> |
| |
|
| </dl> |
|
| <br> |
<br> |
| |
|
| <hr> |
<hr> |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata33.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www