File: [local] / www / errata53.html (download) (as text)
Revision 1.7, Mon May 20 18:51:29 2013 UTC (11 years ago) by sthen
Branch: MAIN
Changes since 1.6: +7 -5 lines
fix description of the nginx bug, we mistakenly had the description for
the cve-2013-2028 which didn't affect us (though we had the right cve number)
noticed by jeremy@, ok jasper@
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>OpenBSD 5.3 errata</title>
<link rev=made href="mailto:www@openbsd.org">
<meta name="resource-type" content="document">
<meta name="description" content="the OpenBSD CD errata page">
<meta name="keywords" content="openbsd,cd,errata">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 2012 by OpenBSD.">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000" link="#23238E">
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
<h2><font color="#0000e0">
This is the OpenBSD 5.3 release errata & patch list:
</font></h2>
<hr>
<a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
<br>
For errata on a certain release, click below:<br>
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata27.html">2.7</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>,
<a href="errata35.html">3.5</a>,
<a href="errata36.html">3.6</a>,
<br>
<a href="errata37.html">3.7</a>,
<a href="errata38.html">3.8</a>,
<a href="errata39.html">3.9</a>,
<a href="errata40.html">4.0</a>,
<a href="errata41.html">4.1</a>,
<a href="errata42.html">4.2</a>,
<a href="errata43.html">4.3</a>,
<a href="errata44.html">4.4</a>,
<a href="errata45.html">4.5</a>,
<a href="errata46.html">4.6</a>,
<a href="errata47.html">4.7</a>,
<a href="errata48.html">4.8</a>,
<a href="errata49.html">4.9</a>,
<a href="errata50.html">5.0</a>,
<a href="errata51.html">5.1</a>,
<a href="errata52.html">5.2</a>.
<br>
<hr>
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.3.tar.gz">
You can also fetch a tar.gz file containing all the following patches</a>.
This file is updated once a day.
<p> The patches below are available in CVS via the
<code>OPENBSD_5_3</code> <a href="stable.html">patch branch</a>.
<p>
For more detailed information on how to install patches to OpenBSD, please
consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
<hr>
<!-- Temporarily put anchors for all archs here. Remove later. -->
<a name="all"></a>
<a name="alpha"></a>
<a name="amd64"></a>
<a name="armish"></a>
<a name="hp300"></a>
<a name="hppa"></a>
<a name="i386"></a>
<a name="landisk"></a>
<a name="loongson"></a>
<a name="luna88k"></a>
<a name="mac68k"></a>
<a name="macppc"></a>
<a name="mvme68k"></a>
<a name="mvme88k"></a>
<a name="sgi"></a>
<a name="socppc"></a>
<a name="sparc"></a>
<a name="sparc64"></a>
<a name="vax"></a>
<a name="zaurus"></a>
<ul>
<li><a name="001_bgpd"></a>
<font color="#009000"><strong>001: RELIABILITY FIX: March 15, 2013</strong></font> <i>All architectures</i><br>
A rare condition during session startup may cause bgpd to replace
an active session leading to unknown consequences. Bug found by
inspection (we do not know how to reproduce it, consider that a challenge).
<br>
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.3/common/001_bgpd.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="002_vr"></a>
<font color="#009000"><strong>002: RELIABILITY FIX: May 5, 2013</strong></font> <i>All architectures</i><br>
A flaw exists in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4"
>vr(4)</a> driver that may cause it to not recover from some error conditions.
<br>
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.3/common/002_vr.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="003_nginx"></a>
<font color="#009000"><strong>003: RELIABILITY FIX: May 17, 2013</strong></font> <i>All architectures</i><br>
A problem exists in
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nginx&sektion=8">nginx(8)</a>
if proxy_pass is used with untrusted HTTP backend servers.
The problem may lead to a denial of service or a disclosure of a
worker process memory on a specially crafted response from an
upstream proxied server.
This issue was assigned CVE-2013-2070.
<br>
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.3/common/003_nginx.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
<li><a name="004_route"></a>
<font color="#009000"><strong>004: RELIABILITY FIX: May 17, 2013</strong></font> <i>All architectures</i><br>
As discovered by Peter Philipp, it is possible for an unprivileged user
process to trigger deleting the undeletable RNF_ROOT route, resulting in
a kernel panic.
<br>
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.3/common/004_route.patch">
A source code patch exists which remedies this problem</a>.<br>
<p>
</ul>
<hr>
<a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
<a href="mailto:www@openbsd.org">www@openbsd.org</a>
<br><small>$OpenBSD: errata53.html,v 1.7 2013/05/20 18:51:29 sthen Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to errata53.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www