version 1.35, 2010/03/08 21:53:37 |
version 1.36, 2010/07/08 19:00:07 |
|
|
<br> |
<br> |
<hr> |
<hr> |
|
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5.tar.gz"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5.tar.gz"> |
You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
This file is updated once a day. |
This file is updated once a day. |
|
|
|
|
<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753">CAN-2005-0753</a> |
<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753">CAN-2005-0753</a> |
. |
. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/033_cvs4.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/033_cvs4.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
|
|
|
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcp&sektion=4">tcp(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcp&sektion=4">tcp(4)</a> |
timestamps. |
timestamps. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/032_tcp2.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/032_tcp2.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
|
|
|
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">telnet(1)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">telnet(1)</a> |
. |
. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/031_telnet.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/031_telnet.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
|
|
|
|
stack can lead to memory exhaustion or processing of TCP segments with |
stack can lead to memory exhaustion or processing of TCP segments with |
invalid SACK options and cause a system crash. |
invalid SACK options and cause a system crash. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/030_sack.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/030_sack.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
|
|
|
|
retransmit timeout. By sending packets with specific values in the TCP |
retransmit timeout. By sending packets with specific values in the TCP |
timestamp option, an attacker can cause a system panic. |
timestamp option, an attacker can cause a system panic. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/027_rtt.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/027_rtt.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
|
|
|
|
This would require enabling the XBitHack directive or server-side |
This would require enabling the XBitHack directive or server-side |
includes and making use of a malicious document. |
includes and making use of a malicious document. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/026_httpd3.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/026_httpd3.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
|
|
|
|
library function contains a memory management error, which causes failure |
library function contains a memory management error, which causes failure |
to retrieve the current working directory if the path is very long. |
to retrieve the current working directory if the path is very long. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/025_getcwd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/025_getcwd.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
|
|
|
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&apropos=0&sektion=4&manpath=OpenBSD+Current&format=html">ipsec(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&apropos=0&sektion=4&manpath=OpenBSD+Current&format=html">ipsec(4)</a> |
credentials on a socket. |
credentials on a socket. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/024_pfkey.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/024_pfkey.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="lynx"></a> |
<li><a name="lynx"></a> |
|
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">lynx(1)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">lynx(1)</a> |
to exhaust memory and then crash when parsing such pages. |
to exhaust memory and then crash when parsing such pages. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/023_lynx.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/023_lynx.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="pppd"></a> |
<li><a name="pppd"></a> |
|
|
contains a bug that allows an attacker to crash his own connection, but it cannot |
contains a bug that allows an attacker to crash his own connection, but it cannot |
be used to deny service to other users. |
be used to deny service to other users. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/022_pppd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/022_pppd.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="bind"></a> |
<li><a name="bind"></a> |
|
|
cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and |
cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and |
thus slow DNS queries. |
thus slow DNS queries. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/021_bind.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/021_bind.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="radius"></a> |
<li><a name="radius"></a> |
|
|
This could allow an attacker to spoof a reply granting access to the |
This could allow an attacker to spoof a reply granting access to the |
attacker. Note that OpenBSD does not ship with radius authentication enabled. |
attacker. Note that OpenBSD does not ship with radius authentication enabled. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/020_radius.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/020_radius.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="xpm"></a> |
<li><a name="xpm"></a> |
|
|
Some of these would be exploitable when parsing malicious image files in |
Some of these would be exploitable when parsing malicious image files in |
an application that handles XPM images, if they could escape ProPolice. |
an application that handles XPM images, if they could escape ProPolice. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/019_xpm.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/019_xpm.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="httpd2"></a> |
<li><a name="httpd2"></a> |
|
|
This would require enabling dbm for mod_rewrite and making use of a malicious |
This would require enabling dbm for mod_rewrite and making use of a malicious |
dbm file. |
dbm file. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/018_httpd2.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/018_httpd2.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="libz"></a> |
<li><a name="libz"></a> |
|
|
<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797">CAN-2004-0797</a> |
<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797">CAN-2004-0797</a> |
. |
. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="bridge"></a> |
<li><a name="bridge"></a> |
|
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">bridge(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">bridge(4)</a> |
with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge. |
with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/016_bridge.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/016_bridge.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="icmp"></a> |
<li><a name="icmp"></a> |
|
|
<br> |
<br> |
<a href="http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html">http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html</a> |
<a href="http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html">http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html</a> |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/015_icmp.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/015_icmp.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="rnd"></a> |
<li><a name="rnd"></a> |
|
|
encountered in an environment using CARP on a VLAN interface. This issue initially |
encountered in an environment using CARP on a VLAN interface. This issue initially |
manifested itself as a FPU related crash on boot up. |
manifested itself as a FPU related crash on boot up. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/014_rnd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/014_rnd.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="httpd"></a> |
<li><a name="httpd"></a> |
|
|
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>, |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>, |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492</a>. |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492</a>. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/013_httpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/013_httpd.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="isakmpd"></a> |
<li><a name="isakmpd"></a> |
|
|
is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec |
is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec |
tunnels at will. |
tunnels at will. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/012_isakmpd.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/012_isakmpd.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="cvs3"></a> |
<li><a name="cvs3"></a> |
|
|
server that allow an attacker to crash the server or possibly execute arbitrary |
server that allow an attacker to crash the server or possibly execute arbitrary |
code with the same privileges as the CVS server program. |
code with the same privileges as the CVS server program. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/011_cvs3.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/011_cvs3.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="fifofs"></a> |
<li><a name="fifofs"></a> |
|
|
One program affected by this is the <a href="http://www.qmail.org/">qmail</a> |
One program affected by this is the <a href="http://www.qmail.org/">qmail</a> |
mail server which could go into an infinite loop and consume all CPU. |
mail server which could go into an infinite loop and consume all CPU. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/010_fifofs.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/010_fifofs.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="kerberos"></a> |
<li><a name="kerberos"></a> |
|
|
Heimdal's announcement</a>. |
Heimdal's announcement</a>. |
<br> |
<br> |
<a |
<a |
href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/009_kerberos.patch"> |
href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/009_kerberos.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="xdm"></a> |
<li><a name="xdm"></a> |
|
|
bugzilla</a> for details. |
bugzilla</a> for details. |
<br> |
<br> |
<a |
<a |
href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/008_xdm.patch"> |
href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/008_xdm.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="cvs2"></a> |
<li><a name="cvs2"></a> |
|
|
malformed requests, enabling these clients to run arbitrary code |
malformed requests, enabling these clients to run arbitrary code |
with the same privileges as the CVS server program. |
with the same privileges as the CVS server program. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/007_cvs2.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/007_cvs2.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="procfs"></a> |
<li><a name="procfs"></a> |
|
|
2004</strong></font><br> |
2004</strong></font><br> |
Check for integer overflow in procfs. Use of procfs is not recommended. |
Check for integer overflow in procfs. Use of procfs is not recommended. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="tcp"></a> |
<li><a name="tcp"></a> |
|
|
2004</strong></font><br> |
2004</strong></font><br> |
Reply to in-window SYN with a rate-limited ACK. |
Reply to in-window SYN with a rate-limited ACK. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/005_tcp.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/005_tcp.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="scsi"></a> |
<li><a name="scsi"></a> |
|
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iha&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">iha(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iha&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">iha(4)</a> |
). |
). |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/004_scsi.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/004_scsi.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="gdt"></a> |
<li><a name="gdt"></a> |
|
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gdt&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">gdt(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gdt&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">gdt(4)</a> |
controllers will lock up. |
controllers will lock up. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/003_gdt.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/003_gdt.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
<li><a name="cvs"></a> |
<li><a name="cvs"></a> |
|
|
the client and allowing clients to check out files outside the CVS |
the client and allowing clients to check out files outside the CVS |
repository. |
repository. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
</ul> |
</ul> |
|
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copy&apropos=0&sektion=9&manpath=OpenBSD+Current&arch=i386&format=html">copy(9)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copy&apropos=0&sektion=9&manpath=OpenBSD+Current&arch=i386&format=html">copy(9)</a> |
functions to prevent their misuse. |
functions to prevent their misuse. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/i386/028_locore.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/i386/028_locore.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
</ul> |
</ul> |
|
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copy&apropos=0&sektion=9&manpath=OpenBSD+Current&arch=i386&format=html">copy(9)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copy&apropos=0&sektion=9&manpath=OpenBSD+Current&arch=i386&format=html">copy(9)</a> |
functions to prevent their misuse. |
functions to prevent their misuse. |
<br> |
<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/amd64/029_copy.patch"> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/amd64/029_copy.patch"> |
A source code patch exists which remedies this problem</a>.<br> |
A source code patch exists which remedies this problem</a>.<br> |
<p> |
<p> |
</ul> |
</ul> |