www/errata35.html - diff - 1.68

Return to errata35.html CVS log

Up to [local] / www

Diff for /www/errata35.html between version 1.67 and 1.68

version 1.67, 2016/08/15 02:22:06

version 1.68, 2016/10/16 19:11:29

Line 70

Line 70

<br>

<br>

<hr>

<hr>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5.tar.gz">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5.tar.gz">

You can also fetch a tar.gz file containing all the following patches</a>.

You can also fetch a tar.gz file containing all the following patches</a>.

This file is updated once a day.

This file is updated once a day.

<p>

<p>

Line 95

Line 95

<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753">CAN-2005-0753</a>

<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753">CAN-2005-0753</a>

.

.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/033_cvs4.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/033_cvs4.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 106

Line 106

<a href="http://man.openbsd.org/?query=tcp&sektion=4">tcp(4)</a>

<a href="http://man.openbsd.org/?query=tcp&sektion=4">tcp(4)</a>

timestamps.

timestamps.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/032_tcp2.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/032_tcp2.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 120

Line 120

<a href="http://man.openbsd.org/?query=telnet&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">telnet(1)</a>

<a href="http://man.openbsd.org/?query=telnet&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">telnet(1)</a>

.

.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/031_telnet.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/031_telnet.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 132

Line 132

stack can lead to memory exhaustion or processing of TCP segments with

stack can lead to memory exhaustion or processing of TCP segments with

invalid SACK options and cause a system crash.

invalid SACK options and cause a system crash.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/030_sack.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/030_sack.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 143

Line 143

<a href="http://man.openbsd.org/?query=copy&apropos=0&sektion=9&manpath=OpenBSD+Current&arch=i386&format=html">copy(9)</a>

<a href="http://man.openbsd.org/?query=copy&apropos=0&sektion=9&manpath=OpenBSD+Current&arch=i386&format=html">copy(9)</a>

functions to prevent their misuse.

functions to prevent their misuse.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/amd64/029_copy.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/amd64/029_copy.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 154

Line 154

<a href="http://man.openbsd.org/?query=copy&apropos=0&sektion=9&manpath=OpenBSD+Current&arch=i386&format=html">copy(9)</a>

<a href="http://man.openbsd.org/?query=copy&apropos=0&sektion=9&manpath=OpenBSD+Current&arch=i386&format=html">copy(9)</a>

functions to prevent their misuse.

functions to prevent their misuse.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/i386/028_locore.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/i386/028_locore.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 167

Line 167

retransmit timeout. By sending packets with specific values in the TCP

retransmit timeout. By sending packets with specific values in the TCP

timestamp option, an attacker can cause a system panic.

timestamp option, an attacker can cause a system panic.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/027_rtt.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/027_rtt.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 182

Line 182

This would require enabling the XBitHack directive or server-side

This would require enabling the XBitHack directive or server-side

includes and making use of a malicious document.

includes and making use of a malicious document.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/026_httpd3.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/026_httpd3.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 194

Line 194

library function contains a memory management error, which causes failure

library function contains a memory management error, which causes failure

to retrieve the current working directory if the path is very long.

to retrieve the current working directory if the path is very long.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/025_getcwd.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/025_getcwd.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 208

Line 208

<a href="http://man.openbsd.org/?query=ipsec&apropos=0&sektion=4&manpath=OpenBSD+Current&format=html">ipsec(4)</a>

<a href="http://man.openbsd.org/?query=ipsec&apropos=0&sektion=4&manpath=OpenBSD+Current&format=html">ipsec(4)</a>

credentials on a socket.

credentials on a socket.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/024_pfkey.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/024_pfkey.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="lynx">

<li id="lynx">

Line 222

Line 222

<a href="http://man.openbsd.org/?query=lynx&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">lynx(1)</a>

<a href="http://man.openbsd.org/?query=lynx&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">lynx(1)</a>

to exhaust memory and then crash when parsing such pages.

to exhaust memory and then crash when parsing such pages.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/023_lynx.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/023_lynx.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="pppd">

<li id="pppd">

Line 232

Line 232

contains a bug that allows an attacker to crash his own connection, but it cannot

contains a bug that allows an attacker to crash his own connection, but it cannot

be used to deny service to other users.

be used to deny service to other users.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/022_pppd.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/022_pppd.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="bind">

<li id="bind">

Line 242

Line 242

cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and

cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and

thus slow DNS queries.

thus slow DNS queries.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/021_bind.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/021_bind.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="radius">

<li id="radius">

Line 254

Line 254

This could allow an attacker to spoof a reply granting access to the

This could allow an attacker to spoof a reply granting access to the

attacker. Note that OpenBSD does not ship with radius authentication enabled.

attacker. Note that OpenBSD does not ship with radius authentication enabled.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/020_radius.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/020_radius.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="xpm">

<li id="xpm">

Line 268

Line 268

Some of these would be exploitable when parsing malicious image files in

Some of these would be exploitable when parsing malicious image files in

an application that handles XPM images, if they could escape ProPolice.

an application that handles XPM images, if they could escape ProPolice.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/019_xpm.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/019_xpm.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="httpd2">

<li id="httpd2">

Line 280

Line 280

This would require enabling dbm for mod_rewrite and making use of a malicious

This would require enabling dbm for mod_rewrite and making use of a malicious

dbm file.

dbm file.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/018_httpd2.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/018_httpd2.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="libz">

<li id="libz">

Line 291

Line 291

<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797">CAN-2004-0797</a>

<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797">CAN-2004-0797</a>

.

.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="bridge">

<li id="bridge">

Line 303

Line 303

<a href="http://man.openbsd.org/?query=bridge&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">bridge(4)</a>

<a href="http://man.openbsd.org/?query=bridge&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">bridge(4)</a>

with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.

with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/016_bridge.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/016_bridge.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="icmp">

<li id="icmp">

Line 314

Line 314

<br>

<br>

<a href="http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html">http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html</a>

<a href="http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html">http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html</a>

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/015_icmp.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/015_icmp.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="rnd">

<li id="rnd">

Line 324

Line 324

encountered in an environment using CARP on a VLAN interface. This issue initially

encountered in an environment using CARP on a VLAN interface. This issue initially

manifested itself as a FPU related crash on boot up.

manifested itself as a FPU related crash on boot up.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/014_rnd.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/014_rnd.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="httpd">

<li id="httpd">

Line 338

Line 338

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>,

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>,

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492</a>.

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492</a>.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/013_httpd.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/013_httpd.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="isakmpd">

<li id="isakmpd">

Line 351

Line 351

is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec

is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec

tunnels at will.

tunnels at will.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/012_isakmpd.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/012_isakmpd.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="cvs3">

<li id="cvs3">

Line 362

Line 362

server that allow an attacker to crash the server or possibly execute arbitrary

server that allow an attacker to crash the server or possibly execute arbitrary

code with the same privileges as the CVS server program.

code with the same privileges as the CVS server program.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/011_cvs3.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/011_cvs3.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="fifofs">

<li id="fifofs">

Line 373

Line 373

One program affected by this is the <a href="http://www.qmail.org/">qmail</a>

One program affected by this is the <a href="http://www.qmail.org/">qmail</a>

mail server which could go into an infinite loop and consume all CPU.

mail server which could go into an infinite loop and consume all CPU.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/010_fifofs.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/010_fifofs.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="kerberos">

<li id="kerberos">

Line 388

Line 388

more details see <a href="http://www.pdc.kth.se/heimdal/advisory/2004-04-01/">

more details see <a href="http://www.pdc.kth.se/heimdal/advisory/2004-04-01/">

Heimdal's announcement</a>.

Heimdal's announcement</a>.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/009_kerberos.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/009_kerberos.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="xdm">

<li id="xdm">

Line 402

Line 402

<a href="http://bugs.xfree86.org/show_bug.cgi?id=1376">XFree86

<a href="http://bugs.xfree86.org/show_bug.cgi?id=1376">XFree86

bugzilla</a> for details.

bugzilla</a> for details.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/008_xdm.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/008_xdm.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="cvs2">

<li id="cvs2">

Line 414

Line 414

malformed requests, enabling these clients to run arbitrary code

malformed requests, enabling these clients to run arbitrary code

with the same privileges as the CVS server program.

with the same privileges as the CVS server program.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/007_cvs2.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/007_cvs2.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="procfs">

<li id="procfs">

Line 422

Line 422

  <i>All architectures</i><br>

  <i>All architectures</i><br>

Check for integer overflow in procfs. Use of procfs is not recommended.

Check for integer overflow in procfs. Use of procfs is not recommended.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="tcp">

<li id="tcp">

Line 430

Line 430

  <i>All architectures</i><br>

  <i>All architectures</i><br>

Reply to in-window SYN with a rate-limited ACK.

Reply to in-window SYN with a rate-limited ACK.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/005_tcp.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/005_tcp.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="scsi">

<li id="scsi">

Line 442

Line 442

<a href="http://man.openbsd.org/?query=iha&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">iha(4)</a>

<a href="http://man.openbsd.org/?query=iha&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">iha(4)</a>

).

).

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/004_scsi.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/004_scsi.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="gdt">

<li id="gdt">

Line 452

Line 452

<a href="http://man.openbsd.org/?query=gdt&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">gdt(4)</a>

<a href="http://man.openbsd.org/?query=gdt&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">gdt(4)</a>

controllers will lock up.

controllers will lock up.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/003_gdt.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/003_gdt.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="cvs">

<li id="cvs">

Line 465

Line 465

the client and allowing clients to check out files outside the CVS

the client and allowing clients to check out files outside the CVS

repository.

repository.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

<li id="autobook_package">

<li id="autobook_package">