<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>OpenBSD 4.2 errata</title>
<link rev=made href="mailto:www@openbsd.org">
<meta name="resource-type" content="document">
<meta name="description" content="the OpenBSD CD errata page">
<meta name="keywords" content="openbsd,cd,errata">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1997-2007 by OpenBSD.">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000" link="#23238E">
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
<h2><font color="#0000e0">
This is the OpenBSD 4.2 release errata & patch list:
</font></h2>
<hr>
<a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
<a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
<br>
For errata on a certain release, click below:<br>
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata27.html">2.7</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>,
<a href="errata35.html">3.5</a>,
<a href="errata36.html">3.6</a>,
<br>
<a href="errata37.html">3.7</a>,
<a href="errata38.html">3.8</a>,
<a href="errata39.html">3.9</a>,
<a href="errata40.html">4.0</a>,
<a href="errata41.html">4.1</a>,
<a href="errata43.html">4.3</a>,
<a href="errata44.html">4.4</a>.
<br>
<hr>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2.tar.gz">
You can also fetch a tar.gz file containing all the following patches</a>.
This file is updated once a day.
<p> The patches below are available in CVS via the
<code>OPENBSD_4_2</code> <a href="stable.html">patch branch</a>.
<p>
For more detailed information on how to install patches to OpenBSD, please
consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
<hr>
<!-- Temporarily put anchors for all archs here. Remove later. -->
<a name="all"></a>
<a name="alpha"></a>
<a name="amd64"></a>
<a name="armish"></a>
<a name="cats"></a>
<a name="hp300"></a>
<a name="hppa"></a>
<a name="i386"></a>
<a name="luna88k"></a>
<a name="mac68k"></a>
<a name="macppc"></a>
<a name="mvme68k"></a>
<a name="mvme88k"></a>
<a name="sgi"></a>
<a name="sparc"></a>
<a name="sparc64"></a>
<a name="vax"></a>
<a name="zaurus"></a>
<ul>
<li><a name="014_pcb"></a>
<font color="#009000"><strong>014: RELIABILITY FIX: July 29, 2008</strong></font> <i>All architectures</i><br>
Some kinds of IPv6 usage would leak kernel memory (in particular, this path
was exercised by the named(8) patch for port randomization). Since INET6 is
enabled by default, this condition affects all systems.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/014_pcb.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="013_bind"></a>
<font color="#009000"><strong>013: SECURITY FIX: July 23, 2008</strong></font> <i>All architectures</i><br>
<strong>2nd revision, July 23, 2008</strong><br>
A vulnerability has been found with BIND. An attacker could use this vulnerability
to poison the cache of a recursive resolving name server.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447">CVE-2008-1447</a>.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/013_bind.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="012_xorg2"></a>
<font color="#009000"><strong>012: SECURITY FIX: July 15, 2008</strong></font> <i>All architectures</i><br>
Multiple vulnerabilities have been discovered in X.Org.<br>
RENDER Extension heap buffer overflow,
RENDER Extension crash,
RENDER Extension memory corruption,
MIT-SHM arbitrary memory read,
RECORD and Security extensions memory corruption.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360">CVE-2008-2360</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361">CVE-2008-2361</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362">CVE-2008-2362</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379">CVE-2008-1379</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377">CVE-2008-1377</a>.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/012_xorg2.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="011_openssh2"></a>
<font color="#009000"><strong>011: SECURITY FIX: April 3, 2008</strong></font> <i>All architectures</i><br>
Avoid possible hijacking of X11-forwarded connections with sshd(8)
by refusing to listen on a port unless all address families bind
successfully.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/011_openssh2.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="010_openssh"></a>
<font color="#009000"><strong>010: SECURITY FIX: March 30, 2008</strong></font> <i>All architectures</i><br>
sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) <em>ForceCommand</em>
directive was in effect, allowing users with write access to this file to
execute arbitrary commands. This behaviour was documented, but was an unsafe
default and an extra hassle for administrators.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/010_openssh.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="009_ppp"></a>
<font color="#009000"><strong>009: SECURITY FIX: March 7, 2008</strong></font> <i>All architectures</i><br>
Buffer overflow in ppp command prompt parsing.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/009_ppp.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="008_ip6rthdr"></a>
<font color="#009000"><strong>008: RELIABILITY FIX: February 25, 2008</strong></font> <i>All architectures</i><br>
Malformed IPv6 routing headers can cause a kernel panic.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/008_ip6rthdr.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="007_tcprespond"></a>
<font color="#009000"><strong>007: RELIABILITY FIX: February 22, 2008</strong></font> <i>All architectures</i><br>
Incorrect assumptions in tcp_respond can lead to a kernel panic.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/007_tcprespond.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="006_xorg"></a>
<font color="#009000"><strong>006: SECURITY FIX: February 8, 2008</strong></font> <i>All architectures</i><br>
<strong>2nd revision, February 10, 2008</strong><br>
Multiple vulnerabilities have been discovered in X.Org.<br>
XFree86 Misc extension out of bounds array index,
File existence disclosure,
Xinput extension memory corruption,
TOG-cup extension memory corruption,
MIT-SHM and EVI extensions integer overflows,
PCF Font parser buffer overflow.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5760">CVE-2007-5760</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5958">CVE-2007-5958</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427">CVE-2007-6427</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6428">CVE-2007-6428</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429">CVE-2007-6429</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006">CVE-2008-0006</a>.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/006_xorg.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="005_ifrtlabel"></a>
<font color="#009000"><strong>005: RELIABILITY FIX: January 11, 2008</strong></font> <i>All architectures</i><br>
A missing NULL pointer check can lead to a kernel panic.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/005_ifrtlabel.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="004_pf"></a>
<font color="#009000"><strong>004: RELIABILITY FIX: November 27, 2007</strong></font> <i>All architectures</i><br>
A memory leak in pf can lead to machine lockups.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/004_pf.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="003_i386_boot"></a>
<font color="#009000"><strong>003: CD BOOT FAILURE ON OLDER COMPUTERS : October 30, 2007</strong></font> <i>i386 only</i><br>
Some older BIOSes are unable to boot CD1 (ie. the commercial release sold
by the project, not the CD images available on the net).
A workaround using CD2 (amd64 architecture) is as follows.
(An amd64 machine is <i>NOT</i> required for this to work.)<br>
<br>
<ol>
<li>Insert CD2 and tell your computer to boot it;<br>
<li>When the <tt>boot></tt> prompt appears, stop the automatic boot
by pressing the space bar;<br>
<li>Remove CD2 and insert CD1;<br>
<li>Erase the character you typed to stop the boot, type<br>
<tt><b>boot /4.2/i386/bsd.rd</b></tt><br>
then press <i>Enter</i>.
</ol>
<p>
<li><a name="002_openssl"></a>
<font color="#009000"><strong>002: SECURITY FIX: October 10, 2007</strong></font> <i>All architectures</i><br>
The SSL_get_shared_ciphers() function in OpenSSL contains an off-by-one overflow.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/002_openssl.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="001_dhcpd"></a>
<font color="#009000"><strong>001: SECURITY FIX: October 8, 2007</strong></font> <i>All architectures</i><br>
Malicious DHCP clients could cause dhcpd(8) to corrupt its stack<br>
A DHCP client that claimed to require a maximum message size less than
the minimum IP MTU could cause dhcpd(8) to overwrite stack memory.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/001_dhcpd.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
</ul>
<hr>
<a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
<a href=pkg-stable.html>For important packages updates, please refer here.</a><br>
<br>
For errata on a certain release, click below:<br>
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata27.html">2.7</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>,
<a href="errata35.html">3.5</a>,
<a href="errata36.html">3.6</a>,
<br>
<a href="errata37.html">3.7</a>,
<a href="errata38.html">3.8</a>,
<a href="errata39.html">3.9</a>,
<a href="errata40.html">4.0</a>,
<a href="errata41.html">4.1</a>,
<a href="errata43.html">4.3</a>,
<a href="errata44.html">4.4</a>.
<br>
<hr>
<a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
<a href="mailto:www@openbsd.org">www@openbsd.org</a>
<br><small>$OpenBSD: errata42.html,v 1.24 2008/08/24 18:45:01 deraadt Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to errata42.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www