File: [local] / www / errata40.html (download) (as text)
Revision 1.81, Sun Mar 10 18:46:50 2024 UTC (2 months ago) by tj
Branch: MAIN
CVS Tags: HEAD
Changes since 1.80: +2 -1 lines
add 7.5 errata page
|
<!doctype html>
<html lang=en id=errata>
<meta charset=utf-8>
<title>OpenBSD 4.0 Errata</title>
<meta name="description" content="the OpenBSD CD errata page">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/errata40.html">
<!--
IMPORTANT REMINDER
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE
-->
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
4.0 Errata
</h2>
<hr>
For errata on a certain release, click below:<br>
<a href="errata20.html">2.0</a>,
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata27.html">2.7</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>,
<a href="errata35.html">3.5</a>,
<br>
<a href="errata36.html">3.6</a>,
<a href="errata37.html">3.7</a>,
<a href="errata38.html">3.8</a>,
<a href="errata39.html">3.9</a>,
<a href="errata41.html">4.1</a>,
<a href="errata42.html">4.2</a>,
<a href="errata43.html">4.3</a>,
<a href="errata44.html">4.4</a>,
<a href="errata45.html">4.5</a>,
<a href="errata46.html">4.6</a>,
<a href="errata47.html">4.7</a>,
<a href="errata48.html">4.8</a>,
<a href="errata49.html">4.9</a>,
<a href="errata50.html">5.0</a>,
<a href="errata51.html">5.1</a>,
<a href="errata52.html">5.2</a>,
<br>
<a href="errata53.html">5.3</a>,
<a href="errata54.html">5.4</a>,
<a href="errata55.html">5.5</a>,
<a href="errata56.html">5.6</a>,
<a href="errata57.html">5.7</a>,
<a href="errata58.html">5.8</a>,
<a href="errata59.html">5.9</a>,
<a href="errata60.html">6.0</a>,
<a href="errata61.html">6.1</a>,
<a href="errata62.html">6.2</a>,
<a href="errata63.html">6.3</a>,
<a href="errata64.html">6.4</a>,
<a href="errata65.html">6.5</a>,
<a href="errata66.html">6.6</a>,
<a href="errata67.html">6.7</a>,
<a href="errata68.html">6.8</a>,
<br>
<a href="errata69.html">6.9</a>,
<a href="errata70.html">7.0</a>,
<a href="errata71.html">7.1</a>,
<a href="errata72.html">7.2</a>,
<a href="errata73.html">7.3</a>,
<a href="errata74.html">7.4</a>,
<a href="errata75.html">7.5</a>.
<hr>
<p>
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch contains usage instructions.
All the following patches are also available in one
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0.tar.gz">tar.gz file</a>
for convenience.
<p>
Patches for supported releases are also incorporated into the
<a href="stable.html">-stable branch</a>.
<hr>
<ul>
<li id="httpd">
<strong>001: SECURITY FIX: November 4, 2006</strong>
<i>All architectures</i><br>
<a href="https://man.openbsd.org/OpenBSD-4.0/httpd.8">httpd(8)</a>
does not sanitize the Expect header from an HTTP request when it is
reflected back in an error message, which might allow cross-site scripting (XSS)
style attacks.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918">CVE-2006-3918</a>
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/001_httpd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="openssl2">
<strong>002: SECURITY FIX: November 4, 2006</strong>
<i>All architectures</i><br>
Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
structures an error condition is mishandled, possibly resulting in an infinite
loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
pointer may be dereferenced in the SSL version 2 client code. In addition, many
applications using OpenSSL do not perform any validation of the lengths of
public keys being used.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937">CVE-2006-2937</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738">CVE-2006-3738</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343">CVE-2006-4343</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940">CVE-2006-2940</a>
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/002_openssl.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="systrace">
<strong>003: SECURITY FIX: November 4, 2006</strong>
<i>All architectures</i><br>
Fix for an integer overflow in
<a href="https://man.openbsd.org/OpenBSD-4.0/systrace.4">systrace(4)</a>'s
STRIOCREPLACE support, found by
Chris Evans. This could be exploited for DoS, limited kmem reads or local
privilege escalation.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/003_systrace.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="arc">
<strong>004: RELIABILITY FIX: November 7, 2006</strong>
<i>All architectures</i><br>
Due to a bug in the
<a href="https://man.openbsd.org/OpenBSD-4.0/arc.4">arc(4)</a>
RAID driver the driver will not properly synchronize the cache to the logical volumes
upon system shut down. The result being that the mounted file systems within the logical
volumes will not be properly marked as being clean and fsck will be run for the subsequent
boot up.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/004_arc.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="ldso">
<strong>005: SECURITY FIX: November 19, 2006</strong>
<i>All architectures</i><br>
The ELF
<a href="https://man.openbsd.org/OpenBSD-4.0/ld.so.1">ld.so(1)</a>
fails to properly sanitize the environment. There is a potential localhost security
problem in cases we have not found yet. This patch applies to all ELF-based
systems (m68k, m88k, and vax are a.out-based systems).
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/005_ldso.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="ports-tar">
<strong>006: FTP DISTRIBUTION ERROR: December 4, 2006</strong>
<i>All architectures</i><br>
The <b>src.tar.gz</b> and <b>ports.tar.gz</b> archives
released on FTP were created incorrectly, a week after the 4.0 release. The
archives on the CD sets are correct; this only affects people who downloaded
them from a <a href="ftp.html">mirror</a>.
<br>
The archives have been corrected. The correct MD5 of
<a href="https://ftp.openbsd.org/pub/OpenBSD/4.0/ports.tar.gz">
ports.tar.gz</a> is eff352b4382a7fb7ffce1e8b37e9eb56, and for
<a href="https://ftp.openbsd.org/pub/OpenBSD/4.0/src.tar.gz">
src.tar.gz</a> it is b8d7a0dc6f3d27a5377a23d69c40688e.
<br>
<p>
<li id="agp">
<strong>007: SECURITY FIX: January 3, 2007</strong>
<i>i386 only</i><br>
Insufficient validation in
<a href="https://man.openbsd.org/OpenBSD-4.0/vga.4">vga(4)</a>
may allow an attacker to gain root privileges if the kernel is compiled with
<code>option PCIAGP</code>
and the actual device is not an AGP device.
The <code>PCIAGP</code> option is present by default on i386
kernels only.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/i386/007_agp.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="icmp6">
<strong>008: RELIABILITY FIX: January 16, 2007</strong>
<i>All architectures</i><br>
Under some circumstances, processing an ICMP6 echo request would cause
the kernel to enter an infinite loop.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/008_icmp6.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="timezone">
<strong>009: INTEROPERABILITY FIX: February 4, 2007</strong>
<i>All architectures</i><br>
A US daylight saving time rules change takes effect in 2007.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/009_timezone.patch">
A source code patch exists which syncs the timezone data files with tzdata2007a</a>.<br>
<p>
<li id="m_dup1">
<strong>010: SECURITY FIX: March 7, 2007</strong>
<i>All architectures</i><br>
<b>2nd revision, March 17, 2007</b><br>
Incorrect mbuf handling for ICMP6 packets.<br>
Using
<a href="https://man.openbsd.org/OpenBSD-4.0/pf.4">pf(4)</a>
to avoid the problem packets is an effective workaround until the patch
can be installed.<br>
Use "block in inet6" in /etc/pf.conf
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/010_m_dup1.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p011_xorg">
<strong>011: SECURITY FIX: April 4, 2007</strong>
<i>All architectures</i><br>
Multiple vulnerabilities have been discovered in X.Org.<br>
XC-MISC extension ProcXCMiscGetXIDList memory corruption vulnerability,
BDFFont parsing integer overflow vulnerability,
fonts.dir file parsing integer overflow vulnerability,
multiple integer overflows in the XGetPixel() and XInitImage functions
in ImUtil.c.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003">CVE-2007-1003</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351">CVE-2007-1351</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352">CVE-2007-1352</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667">CVE-2007-1667</a>.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/011_xorg.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p012_route6">
<strong>012: SECURITY FIX: April 23, 2007</strong>
<i>All architectures</i><br>
IPv6 type 0 route headers can be used to mount a DoS attack against
hosts and networks. This is a design flaw in IPv6 and not a bug in
OpenBSD.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/012_route6.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p013_altivec">
<strong>013: STABILITY FIX: April 26, 2007</strong>
<i>PowerPC</i><br>
An unhandled AltiVec assist exception can cause a kernel panic.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/macppc/013_altivec.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p014_xorg">
<strong>014: STABILITY FIX: May 9, 2007</strong>
<i>All Architectures</i><br>
A malicious client can cause a division by zero.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/014_xorg.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p015_file">
<strong>015: SECURITY FIX: July 9, 2007</strong>
<i>All Architectures</i><br>
Fix possible heap overflow in file(1), aka CVE-2007-1536.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/015_file.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p016_dhcpd">
<strong>016: SECURITY FIX: October 8, 2007</strong>
<i>All architectures</i><br>
Malicious DHCP clients could cause dhcpd(8) to corrupt its stack<br>
A DHCP client that claimed to require a maximum message size less than
the minimum IP MTU could cause dhcpd(8) to overwrite stack memory.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/016_dhcpd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p017_openssl">
<strong>017: SECURITY FIX: October 10, 2007</strong>
<i>All architectures</i><br>
The SSL_get_shared_ciphers() function in OpenSSL contains an off-by-one overflow.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/017_openssl.patch">
A source code patch exists which remedies this problem.</a>
<p>
</ul>
<hr>
![[BACK]](/icons/back.gif){kind=icon}
Return to errata40.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www