OpenBSD 3.4 Errata

=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata34.html,v retrieving revision 1.89 retrieving revision 1.90 diff -c -r1.89 -r1.90 *** www/errata34.html 2019/04/02 12:46:56 1.89 --- www/errata34.html 2019/05/27 22:55:19 1.90 *************** *** 1,23 **** ! ! ! OpenBSD 3.4 Errata - - !

! OpenBSD ! 3.4 Errata

--- 1,22 ---- ! ! ! ! OpenBSD 3.4 Errata !

! OpenBSD ! 3.4 Errata

*************** *** 85,91 ****

! 035: SECURITY FIX: December 13, 2004 All architectures
On systems running isakmpd(8) --- 84,90 ----
- ! 035: SECURITY FIX: December 13, 2004 All architectures
  On systems running isakmpd(8) *************** *** 98,104 **** A source code patch exists which remedies this problem.
- ! 034: RELIABILITY FIX: November 10, 2004 All architectures
  Due to a bug in lynx(1) --- 97,103 ---- A source code patch exists which remedies this problem.
- ! 034: RELIABILITY FIX: November 10, 2004 All architectures
  Due to a bug in lynx(1) *************** *** 112,118 **** A source code patch exists which remedies this problem.
- ! 033: RELIABILITY FIX: November 10, 2004 All architectures
  pppd(8) contains a bug that allows an attacker to crash his own connection, but it cannot --- 111,117 ---- A source code patch exists which remedies this problem.
- ! 033: RELIABILITY FIX: November 10, 2004 All architectures
  pppd(8) contains a bug that allows an attacker to crash his own connection, but it cannot *************** *** 122,128 **** A source code patch exists which remedies this problem.
- ! 032: RELIABILITY FIX: November 10, 2004 All architectures
  BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and --- 121,127 ---- A source code patch exists which remedies this problem.
- ! 032: RELIABILITY FIX: November 10, 2004 All architectures
  BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and *************** *** 132,138 **** A source code patch exists which remedies this problem.
- ! 031: SECURITY FIX: September 20, 2004 All architectures
  Eilko Bos reported that radius authentication, as implemented by login_radius(8), --- 131,137 ---- A source code patch exists which remedies this problem.
- ! 031: SECURITY FIX: September 20, 2004 All architectures
  Eilko Bos reported that radius authentication, as implemented by login_radius(8), *************** *** 144,150 **** A source code patch exists which remedies this problem.
- ! 030: SECURITY FIX: September 16, 2004 All architectures
  Chris Evans reported several flaws (stack and integer overflows) in the Xpm --- 143,149 ---- A source code patch exists which remedies this problem.
- ! 030: SECURITY FIX: September 16, 2004 All architectures
  Chris Evans reported several flaws (stack and integer overflows) in the Xpm *************** *** 158,164 **** A source code patch exists which remedies this problem.
- ! 029: SECURITY FIX: September 10, 2004 All architectures
  httpd(8) 's mod_rewrite module can be made to write one zero byte in an arbitrary memory --- 157,163 ---- A source code patch exists which remedies this problem.
- ! 029: SECURITY FIX: September 10, 2004 All architectures
  httpd(8) 's mod_rewrite module can be made to write one zero byte in an arbitrary memory *************** *** 171,177 ****
- ! 028: RELIABILITY FIX: August 26, 2004 All architectures
  As reported --- 170,176 ----
- ! 028: RELIABILITY FIX: August 26, 2004 All architectures
  As reported *************** *** 183,189 **** A source code patch exists which remedies this problem.
- ! 027: RELIABILITY FIX: August 25, 2004 All architectures
  Improved verification of ICMP errors in order to minimize the impact of ICMP attacks against TCP. --- 182,188 ---- A source code patch exists which remedies this problem.
- ! 027: RELIABILITY FIX: August 25, 2004 All architectures
  Improved verification of ICMP errors in order to minimize the impact of ICMP attacks against TCP. *************** *** 194,200 **** A source code patch exists which remedies this problem.
- ! 026: RELIABILITY FIX: Jul 25, 2004 All architectures
  Under a certain network load the kernel can run out of stack space. This was encountered in an environment using CARP on a VLAN interface. This issue initially --- 193,199 ---- A source code patch exists which remedies this problem.
- ! 026: RELIABILITY FIX: Jul 25, 2004 All architectures
  Under a certain network load the kernel can run out of stack space. This was encountered in an environment using CARP on a VLAN interface. This issue initially *************** *** 204,210 **** A source code patch exists which remedies this problem.
- ! 025: SECURITY FIX: June 12, 2004 All architectures
  Multiple vulnerabilities have been found in httpd(8) --- 203,209 ---- A source code patch exists which remedies this problem.
- ! 025: SECURITY FIX: June 12, 2004 All architectures
  Multiple vulnerabilities have been found in httpd(8) *************** *** 218,224 **** A source code patch exists which remedies this problem.
- ! 024: SECURITY FIX: June 10, 2004 All architectures
  As disclosed --- 217,223 ---- A source code patch exists which remedies this problem.
- ! 024: SECURITY FIX: June 10, 2004 All architectures
  As disclosed *************** *** 231,237 **** A source code patch exists which remedies this problem.
- ! 023: SECURITY FIX: June 9, 2004 All architectures
  Multiple remote vulnerabilities have been found in the cvs(1) --- 230,236 ---- A source code patch exists which remedies this problem.
- ! 023: SECURITY FIX: June 9, 2004 All architectures
  Multiple remote vulnerabilities have been found in the cvs(1) *************** *** 242,248 **** A source code patch exists which remedies this problem.
- ! 022: SECURITY FIX: May 30, 2004 All architectures
  A flaw in the Kerberos V kdc(8) --- 241,247 ---- A source code patch exists which remedies this problem.
- ! 022: SECURITY FIX: May 30, 2004 All architectures
  A flaw in the Kerberos V kdc(8) *************** *** 257,263 **** A source code patch exists which remedies this problem.
- ! 021: SECURITY FIX: May 20, 2004 All architectures
  A heap overflow in the cvs(1) --- 256,262 ---- A source code patch exists which remedies this problem.
- ! 021: SECURITY FIX: May 20, 2004 All architectures
  A heap overflow in the cvs(1) *************** *** 269,275 **** A source code patch exists which remedies this problem.
- ! 020: SECURITY FIX: May 13, 2004 All architectures
  Check for integer overflow in procfs. Use of procfs is not recommended.
  --- 268,274 ---- A source code patch exists which remedies this problem.
- ! 020: SECURITY FIX: May 13, 2004 All architectures
  Check for integer overflow in procfs. Use of procfs is not recommended.
  *************** *** 277,283 **** A source code patch exists which remedies this problem.
- ! 019: RELIABILITY FIX: May 6, 2004 All architectures
  Reply to in-window SYN with a rate-limited ACK.
  --- 276,282 ---- A source code patch exists which remedies this problem.
- ! 019: RELIABILITY FIX: May 6, 2004 All architectures
  Reply to in-window SYN with a rate-limited ACK.
  *************** *** 285,291 **** A source code patch exists which remedies this problem.
- ! 018: RELIABILITY FIX: May 5, 2004 All architectures
  Under load "recent model" gdt(4) --- 284,290 ---- A source code patch exists which remedies this problem.
- ! 018: RELIABILITY FIX: May 5, 2004 All architectures
  Under load "recent model" gdt(4) *************** *** 295,301 **** A source code patch exists which remedies this problem.
- ! 017: SECURITY FIX: May 5, 2004 All architectures
  Pathname validation problems have been found in cvs(1), --- 294,300 ---- A source code patch exists which remedies this problem.
- ! 017: SECURITY FIX: May 5, 2004 All architectures
  Pathname validation problems have been found in cvs(1), *************** *** 308,314 **** A source code patch exists which remedies this problem.
- ! 016: RELIABILITY FIX: March 17, 2004 All architectures
  A missing check for a NULL-pointer dereference has been found in ssl(3). --- 307,313 ---- A source code patch exists which remedies this problem.
- ! 016: RELIABILITY FIX: March 17, 2004 All architectures
  A missing check for a NULL-pointer dereference has been found in ssl(3). *************** *** 319,325 **** A source code patch exists which remedies this problem.
- ! 015: RELIABILITY FIX: March 17, 2004 All architectures
  Defects in the payload validation and processing functions of isakmpd(8) --- 318,324 ---- A source code patch exists which remedies this problem.
- ! 015: RELIABILITY FIX: March 17, 2004 All architectures
  Defects in the payload validation and processing functions of isakmpd(8) *************** *** 331,337 **** A source code patch exists which remedies this problem.
- ! 014: SECURITY FIX: March 13, 2004 All architectures
  Due to a bug in the parsing of Allow/Deny rules for httpd(8)'s --- 330,336 ---- A source code patch exists which remedies this problem.
- ! 014: SECURITY FIX: March 13, 2004 All architectures
  Due to a bug in the parsing of Allow/Deny rules for httpd(8)'s *************** *** 342,348 **** A source code patch exists which remedies this problem.
- ! 013: RELIABILITY FIX: March 8, 2004 All architectures
  OpenBSD's TCP/IP stack did not impose limits on how many out-of-order TCP segments are queued in the system. An attacker could --- 341,347 ---- A source code patch exists which remedies this problem.
- ! 013: RELIABILITY FIX: March 8, 2004 All architectures
  OpenBSD's TCP/IP stack did not impose limits on how many out-of-order TCP segments are queued in the system. An attacker could *************** *** 353,359 **** A source code patch exists which remedies this problem.
- ! 012: RELIABILITY FIX: February 14, 2004 All architectures
  Several buffer overflows exist in the code parsing font.aliases files in XFree86. Thanks to ProPolice, these cannot be --- 352,358 ---- A source code patch exists which remedies this problem.
- ! 012: RELIABILITY FIX: February 14, 2004 All architectures
  Several buffer overflows exist in the code parsing font.aliases files in XFree86. Thanks to ProPolice, these cannot be *************** *** 363,369 **** A source code patch exists which remedies this problem.
- ! 011: SECURITY FIX: February 8, 2004 All architectures
  An IPv6 MTU handling problem exists that could be used by an attacker to cause a denial of service attack against hosts with reachable IPv6 --- 362,368 ---- A source code patch exists which remedies this problem.
- ! 011: SECURITY FIX: February 8, 2004 All architectures
  An IPv6 MTU handling problem exists that could be used by an attacker to cause a denial of service attack against hosts with reachable IPv6 *************** *** 373,379 **** A source code patch exists which remedies this problem.
- ! 010: SECURITY FIX: February 5, 2004 All architectures
  A reference counting bug exists in the shmat(2) --- 372,378 ---- A source code patch exists which remedies this problem.
- ! 010: SECURITY FIX: February 5, 2004 All architectures
  A reference counting bug exists in the shmat(2) *************** *** 384,390 **** A source code patch exists which remedies this problem.
- ! 009: SECURITY FIX: January 13, 2004 All architectures
  Several message handling flaws in isakmpd(8) --- 383,389 ---- A source code patch exists which remedies this problem.
- ! 009: SECURITY FIX: January 13, 2004 All architectures
  Several message handling flaws in isakmpd(8) *************** *** 396,402 **** A source code patch exists which remedies this problem.
- ! 008: RELIABILITY FIX: November 20, 2003 All architectures
  An improper bounds check makes it possible for a local user to cause a crash by passing the --- 395,401 ---- A source code patch exists which remedies this problem.
- ! 008: RELIABILITY FIX: November 20, 2003 All architectures
  An improper bounds check makes it possible for a local user to cause a crash by passing the *************** *** 408,414 **** A source code patch exists which remedies this problem.
- ! 007: RELIABILITY FIX: November 20, 2003 All architectures
  It is possible for a local user to cause a crash via sysctl(3) with certain arguments. --- 407,413 ---- A source code patch exists which remedies this problem.
- ! 007: RELIABILITY FIX: November 20, 2003 All architectures
  It is possible for a local user to cause a crash via sysctl(3) with certain arguments. *************** *** 417,423 **** A source code patch exists which remedies this problem.
- ! 006: SECURITY FIX: November 17, 2003 i386 only
  It may be possible for a local user to overrun the stack in compat_ibcs2(8).
  --- 416,422 ---- A source code patch exists which remedies this problem.
- ! 006: SECURITY FIX: November 17, 2003 i386 only
  It may be possible for a local user to overrun the stack in compat_ibcs2(8).
  *************** *** 430,436 **** A source code patch exists which remedies this problem.
- ! 005: RELIABILITY FIX: November 4, 2003 All architectures
  It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
  --- 429,435 ---- A source code patch exists which remedies this problem.
- ! 005: RELIABILITY FIX: November 4, 2003 All architectures
  It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
  *************** *** 438,456 **** A source code patch exists which remedies this problem.
- ! 004: RELIABILITY FIX: November 1, 2003 All architectures
  ! A user with write permission to httpd.conf or a .htaccess file can crash httpd(8) ! or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution).
  A source code patch exists which remedies this problem.
- ! 003: RELIABILITY FIX: November 1, 2003 All architectures
  It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
  --- 437,455 ---- A source code patch exists which remedies this problem.
- ! 004: RELIABILITY FIX: November 1, 2003 All architectures
  ! A user with write permission to httpd.conf or a .htaccess file can crash httpd(8) ! or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution).
  A source code patch exists which remedies this problem.
- ! 003: RELIABILITY FIX: November 1, 2003 All architectures
  It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
  *************** *** 458,464 **** A source code patch exists which remedies this problem.
- ! 002: SECURITY FIX: November 1, 2003 All architectures
  The use of certain ASN.1 encodings or malformed public keys may allow an attacker to mount a denial of service attack against applications linked with --- 457,463 ---- A source code patch exists which remedies this problem.
- ! 002: SECURITY FIX: November 1, 2003 All architectures
  The use of certain ASN.1 encodings or malformed public keys may allow an attacker to mount a denial of service attack against applications linked with *************** *** 468,489 **** A source code patch exists which remedies this problem.
- ! 001: DOCUMENTATION FIX: November 1, 2003 All architectures
  The CD insert documentation has an incorrect example for package installation.
  Where it is written:
  ! ! # pkg_add https://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386
  It should instead read:
  ! ! # pkg_add https://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/
  ! The extra / at the end is important. We do not make patch files available for things printed on paper.
- - - --- 467,485 ---- A source code patch exists which remedies this problem.
! 001: DOCUMENTATION FIX: November 1, 2003 All architectures
The CD insert documentation has an incorrect example for package installation.
Where it is written:
! ! # pkg_add https://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386
It should instead read:
! ! # pkg_add https://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/
! The extra / at the end is important. We do not make patch files available for things printed on paper.