version 1.67, 2016/08/15 02:22:06 |
version 1.68, 2016/10/16 19:11:29 |
|
|
<br> |
<br> |
<hr> |
<hr> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5.tar.gz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5.tar.gz"> |
You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
This file is updated once a day. |
This file is updated once a day. |
<p> |
<p> |
|
|
<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753">CAN-2005-0753</a> |
<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753">CAN-2005-0753</a> |
. |
. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/033_cvs4.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/033_cvs4.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<a href="http://man.openbsd.org/?query=tcp&sektion=4">tcp(4)</a> |
<a href="http://man.openbsd.org/?query=tcp&sektion=4">tcp(4)</a> |
timestamps. |
timestamps. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/032_tcp2.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/032_tcp2.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<a href="http://man.openbsd.org/?query=telnet&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">telnet(1)</a> |
<a href="http://man.openbsd.org/?query=telnet&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">telnet(1)</a> |
. |
. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/031_telnet.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/031_telnet.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
stack can lead to memory exhaustion or processing of TCP segments with |
stack can lead to memory exhaustion or processing of TCP segments with |
invalid SACK options and cause a system crash. |
invalid SACK options and cause a system crash. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/030_sack.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/030_sack.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<a href="http://man.openbsd.org/?query=copy&apropos=0&sektion=9&manpath=OpenBSD+Current&arch=i386&format=html">copy(9)</a> |
<a href="http://man.openbsd.org/?query=copy&apropos=0&sektion=9&manpath=OpenBSD+Current&arch=i386&format=html">copy(9)</a> |
functions to prevent their misuse. |
functions to prevent their misuse. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/amd64/029_copy.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/amd64/029_copy.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<a href="http://man.openbsd.org/?query=copy&apropos=0&sektion=9&manpath=OpenBSD+Current&arch=i386&format=html">copy(9)</a> |
<a href="http://man.openbsd.org/?query=copy&apropos=0&sektion=9&manpath=OpenBSD+Current&arch=i386&format=html">copy(9)</a> |
functions to prevent their misuse. |
functions to prevent their misuse. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/i386/028_locore.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/i386/028_locore.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
retransmit timeout. By sending packets with specific values in the TCP |
retransmit timeout. By sending packets with specific values in the TCP |
timestamp option, an attacker can cause a system panic. |
timestamp option, an attacker can cause a system panic. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/027_rtt.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/027_rtt.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
This would require enabling the XBitHack directive or server-side |
This would require enabling the XBitHack directive or server-side |
includes and making use of a malicious document. |
includes and making use of a malicious document. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/026_httpd3.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/026_httpd3.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
library function contains a memory management error, which causes failure |
library function contains a memory management error, which causes failure |
to retrieve the current working directory if the path is very long. |
to retrieve the current working directory if the path is very long. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/025_getcwd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/025_getcwd.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<a href="http://man.openbsd.org/?query=ipsec&apropos=0&sektion=4&manpath=OpenBSD+Current&format=html">ipsec(4)</a> |
<a href="http://man.openbsd.org/?query=ipsec&apropos=0&sektion=4&manpath=OpenBSD+Current&format=html">ipsec(4)</a> |
credentials on a socket. |
credentials on a socket. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/024_pfkey.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/024_pfkey.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="lynx"> |
<li id="lynx"> |
|
|
<a href="http://man.openbsd.org/?query=lynx&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">lynx(1)</a> |
<a href="http://man.openbsd.org/?query=lynx&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">lynx(1)</a> |
to exhaust memory and then crash when parsing such pages. |
to exhaust memory and then crash when parsing such pages. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/023_lynx.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/023_lynx.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="pppd"> |
<li id="pppd"> |
|
|
contains a bug that allows an attacker to crash his own connection, but it cannot |
contains a bug that allows an attacker to crash his own connection, but it cannot |
be used to deny service to other users. |
be used to deny service to other users. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/022_pppd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/022_pppd.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="bind"> |
<li id="bind"> |
|
|
cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and |
cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and |
thus slow DNS queries. |
thus slow DNS queries. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/021_bind.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/021_bind.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="radius"> |
<li id="radius"> |
|
|
This could allow an attacker to spoof a reply granting access to the |
This could allow an attacker to spoof a reply granting access to the |
attacker. Note that OpenBSD does not ship with radius authentication enabled. |
attacker. Note that OpenBSD does not ship with radius authentication enabled. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/020_radius.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/020_radius.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="xpm"> |
<li id="xpm"> |
|
|
Some of these would be exploitable when parsing malicious image files in |
Some of these would be exploitable when parsing malicious image files in |
an application that handles XPM images, if they could escape ProPolice. |
an application that handles XPM images, if they could escape ProPolice. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/019_xpm.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/019_xpm.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="httpd2"> |
<li id="httpd2"> |
|
|
This would require enabling dbm for mod_rewrite and making use of a malicious |
This would require enabling dbm for mod_rewrite and making use of a malicious |
dbm file. |
dbm file. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/018_httpd2.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/018_httpd2.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="libz"> |
<li id="libz"> |
|
|
<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797">CAN-2004-0797</a> |
<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797">CAN-2004-0797</a> |
. |
. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="bridge"> |
<li id="bridge"> |
|
|
<a href="http://man.openbsd.org/?query=bridge&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">bridge(4)</a> |
<a href="http://man.openbsd.org/?query=bridge&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">bridge(4)</a> |
with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge. |
with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/016_bridge.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/016_bridge.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="icmp"> |
<li id="icmp"> |
|
|
<br> |
<br> |
<a href="http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html">http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html</a> |
<a href="http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html">http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html</a> |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/015_icmp.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/015_icmp.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="rnd"> |
<li id="rnd"> |
|
|
encountered in an environment using CARP on a VLAN interface. This issue initially |
encountered in an environment using CARP on a VLAN interface. This issue initially |
manifested itself as a FPU related crash on boot up. |
manifested itself as a FPU related crash on boot up. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/014_rnd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/014_rnd.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="httpd"> |
<li id="httpd"> |
|
|
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>, |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>, |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492</a>. |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492</a>. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/013_httpd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/013_httpd.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="isakmpd"> |
<li id="isakmpd"> |
|
|
is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec |
is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec |
tunnels at will. |
tunnels at will. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/012_isakmpd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/012_isakmpd.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="cvs3"> |
<li id="cvs3"> |
|
|
server that allow an attacker to crash the server or possibly execute arbitrary |
server that allow an attacker to crash the server or possibly execute arbitrary |
code with the same privileges as the CVS server program. |
code with the same privileges as the CVS server program. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/011_cvs3.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/011_cvs3.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="fifofs"> |
<li id="fifofs"> |
|
|
One program affected by this is the <a href="http://www.qmail.org/">qmail</a> |
One program affected by this is the <a href="http://www.qmail.org/">qmail</a> |
mail server which could go into an infinite loop and consume all CPU. |
mail server which could go into an infinite loop and consume all CPU. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/010_fifofs.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/010_fifofs.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="kerberos"> |
<li id="kerberos"> |
|
|
more details see <a href="http://www.pdc.kth.se/heimdal/advisory/2004-04-01/"> |
more details see <a href="http://www.pdc.kth.se/heimdal/advisory/2004-04-01/"> |
Heimdal's announcement</a>. |
Heimdal's announcement</a>. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/009_kerberos.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/009_kerberos.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="xdm"> |
<li id="xdm"> |
|
|
<a href="http://bugs.xfree86.org/show_bug.cgi?id=1376">XFree86 |
<a href="http://bugs.xfree86.org/show_bug.cgi?id=1376">XFree86 |
bugzilla</a> for details. |
bugzilla</a> for details. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/008_xdm.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/008_xdm.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="cvs2"> |
<li id="cvs2"> |
|
|
malformed requests, enabling these clients to run arbitrary code |
malformed requests, enabling these clients to run arbitrary code |
with the same privileges as the CVS server program. |
with the same privileges as the CVS server program. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/007_cvs2.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/007_cvs2.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="procfs"> |
<li id="procfs"> |
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Check for integer overflow in procfs. Use of procfs is not recommended. |
Check for integer overflow in procfs. Use of procfs is not recommended. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="tcp"> |
<li id="tcp"> |
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Reply to in-window SYN with a rate-limited ACK. |
Reply to in-window SYN with a rate-limited ACK. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/005_tcp.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/005_tcp.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="scsi"> |
<li id="scsi"> |
|
|
<a href="http://man.openbsd.org/?query=iha&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">iha(4)</a> |
<a href="http://man.openbsd.org/?query=iha&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">iha(4)</a> |
). |
). |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/004_scsi.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/004_scsi.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="gdt"> |
<li id="gdt"> |
|
|
<a href="http://man.openbsd.org/?query=gdt&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">gdt(4)</a> |
<a href="http://man.openbsd.org/?query=gdt&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">gdt(4)</a> |
controllers will lock up. |
controllers will lock up. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/003_gdt.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/003_gdt.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="cvs"> |
<li id="cvs"> |
|
|
the client and allowing clients to check out files outside the CVS |
the client and allowing clients to check out files outside the CVS |
repository. |
repository. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="autobook_package"> |
<li id="autobook_package"> |