Annotation of www/errata55.html, Revision 1.41
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 5.5 errata</title>
5: <meta name="description" content="the OpenBSD CD errata page">
6: <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1.40 sthen 7: <link rel="canonical" href="http://www.openbsd.org/errata55.html">
1.1 deraadt 8: </head>
9:
1.20 tedu 10: <!--
11: IMPORTANT REMINDER
12: IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE
13: -->
14:
15:
1.1 deraadt 16: <body bgcolor="#ffffff" text="#000000" link="#23238E">
17:
18: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.24 deraadt 19: <h2><font color="#e00000">
20: OpenBSD 5.5 errata
1.1 deraadt 21: </font></h2>
22:
23: <hr>
24: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
25: <br>
26: For errata on a certain release, click below:<br>
27: <a href="errata21.html">2.1</a>,
28: <a href="errata22.html">2.2</a>,
29: <a href="errata23.html">2.3</a>,
30: <a href="errata24.html">2.4</a>,
31: <a href="errata25.html">2.5</a>,
32: <a href="errata26.html">2.6</a>,
33: <a href="errata27.html">2.7</a>,
34: <a href="errata28.html">2.8</a>,
35: <a href="errata29.html">2.9</a>,
36: <a href="errata30.html">3.0</a>,
37: <a href="errata31.html">3.1</a>,
38: <a href="errata32.html">3.2</a>,
39: <a href="errata33.html">3.3</a>,
40: <a href="errata34.html">3.4</a>,
41: <a href="errata35.html">3.5</a>,
42: <a href="errata36.html">3.6</a>,
43: <br>
44: <a href="errata37.html">3.7</a>,
45: <a href="errata38.html">3.8</a>,
46: <a href="errata39.html">3.9</a>,
47: <a href="errata40.html">4.0</a>,
48: <a href="errata41.html">4.1</a>,
49: <a href="errata42.html">4.2</a>,
50: <a href="errata43.html">4.3</a>,
51: <a href="errata44.html">4.4</a>,
52: <a href="errata45.html">4.5</a>,
53: <a href="errata46.html">4.6</a>,
54: <a href="errata47.html">4.7</a>,
55: <a href="errata48.html">4.8</a>,
56: <a href="errata49.html">4.9</a>,
57: <a href="errata50.html">5.0</a>,
58: <a href="errata51.html">5.1</a>,
59: <a href="errata52.html">5.2</a>,
1.5 deraadt 60: <br>
61: <a href="errata53.html">5.3</a>,
1.22 jsg 62: <a href="errata54.html">5.4</a>,
1.35 deraadt 63: <a href="errata56.html">5.6</a>,
64: <a href="errata57.html">5.7</a>.
1.1 deraadt 65: <br>
66: <hr>
67:
68: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5.tar.gz">
69: You can also fetch a tar.gz file containing all the following patches</a>.
70: This file is updated once a day.
1.6 deraadt 71: <p>
1.1 deraadt 72:
1.6 deraadt 73: The patches below are available in CVS via the
1.2 deraadt 74: <code>OPENBSD_5_5</code> <a href="stable.html">patch branch</a>.
1.6 deraadt 75: <p>
1.1 deraadt 76:
77: For more detailed information on how to install patches to OpenBSD, please
78: consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
1.6 deraadt 79: <p>
80:
1.1 deraadt 81: <hr>
82:
83: <ul>
1.3 deraadt 84:
1.31 bentley 85: <li id="001_icmp">
1.7 deraadt 86: <font color="#009000"><strong>001: RELIABILITY FIX: March 15, 2014</strong></font>
87: <i>All architectures</i><br>
1.4 deraadt 88: Memory corruption happens during
89: ICMP reflection handling. ICMP reflection is disabled by default.
1.8 deraadt 90: <br>
91: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/001_icmp.patch.sig">
92: A source code patch exists which remedies this problem.</a>
93: <p>
1.4 deraadt 94:
1.31 bentley 95: <li id="002_openssl">
1.8 deraadt 96: <font color="#009000"><strong>002: SECURITY FIX: April 8, 2014</strong></font>
97: <i>All architectures</i><br>
98: Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
99: heartbeat extension (RFC6520) which can result in a leak of memory contents.
1.4 deraadt 100: <br>
1.8 deraadt 101: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/002_openssl.patch.sig">
1.6 deraadt 102: A source code patch exists which remedies this problem.</a>
1.4 deraadt 103: <p>
1.1 deraadt 104:
1.31 bentley 105: <li id="003_ftp">
1.9 jca 106: <font color="#009000"><strong>003: SECURITY FIX: April 9, 2014</strong></font>
107: <i>All architectures</i><br>
1.10 jca 108: Missing hostname check for HTTPS connections in the
109: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&manpath=OpenBSD+5.5&sektion=1">ftp(1)</a>
110: utility.
1.9 jca 111: <br>
112: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/003_ftp.patch.sig">
113: A source code patch exists which remedies this problem.</a>
114: <p>
115:
1.31 bentley 116: <li id="004_openssl">
1.12 deraadt 117: <font color="#009000"><strong>004: SECURITY FIX: April 12, 2014</strong></font>
1.11 deraadt 118: <i>All architectures</i><br>
119: A use-after-free race condition in OpenSSL's read buffer may permit an attacker
120: to inject data from one connection into another.
121: <br>
122: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig">
123: A source code patch exists which remedies this problem.</a>
124: <p>
125:
1.31 bentley 126: <li id="005_openssl">
1.14 deraadt 127: <font color="#009000"><strong>005: RELIABILITY FIX: May 1, 2014</strong></font>
1.13 deraadt 128: <i>All architectures</i><br>
129: An attacker can trigger generation of an SSL alert which could cause
130: a null pointer dereference.
131: <br>
132: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig">
133: A source code patch exists which remedies this problem.</a>
134: <p>
135:
1.31 bentley 136: <li id="006_libXfont">
1.15 deraadt 137: <font color="#009000"><strong>006: SECURITY FIX: May 24, 2014</strong></font>
138: <i>All architectures with X server</i><br>
139: X Font Service Protocol & Font metadata file handling issues in libXfont
140: <ul>
141: <li>CVE-2014-0209: integer overflow of allocations in font metadata file parsing
142: <li>CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies
143: <li>CVE-2014-0211: integer overflows calculating memory needs for xfs replies
144: </ul>
145: Please see <a href="http://lists.x.org/archives/xorg-announce/2014-May/002431.html">the advisory</a> for more information.
146: <br>
147: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/006_libXfont.patch.sig">
148: A source code patch exists which remedies this problem.</a>
149: <p>
150:
1.31 bentley 151: <li id="007_sendmail">
1.18 tobias 152: <font color="#009000"><strong>007: SECURITY FIX: June 5, 2014</strong></font>
1.16 deraadt 153: <i>All architectures</i><br>
154: Sendmail was not properly closing file descriptions before executing programs.
155: This could enable local users to interfere with an open SMTP connection.
156: This issue was assigned CVE-2014-3956.
157: <br>
158: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/007_sendmail.patch.sig">
159: A source code patch exists which remedies this problem.</a>
160: <p>
161:
1.31 bentley 162: <li id="008_openssl">
1.18 tobias 163: <font color="#009000"><strong>008: SECURITY FIX: June 6, 2014</strong></font>
1.17 deraadt 164: <i>All architectures</i><br>
165: This patch contains a number of SSL library fixes.
166: <br>
167: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/008_openssl.patch.sig">
168: A source code patch exists which remedies this problem.</a>
169: <p>
170:
1.31 bentley 171: <li id="009_dhcp">
1.19 tobias 172: <font color="#009000"><strong>009: RELIABILITY FIX: July 30, 2014</strong></font>
173: <i>All architectures</i><br>
174: Packets with illegal DHCP options can lead to memory exhaustion of
175: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>
176: and
177: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>.
178: <br>
179: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/009_dhcp.patch.sig">
180: A source code patch exists which remedies this problem.</a>
181: <p>
182:
1.31 bentley 183: <li id="010_openssl">
1.21 tedu 184: <font color="#009000"><strong>010: SECURITY FIX: August 9, 2014</strong></font>
185: <i>All architectures</i><br>
186: This patch contains a number of SSL library fixes.
187: <br>
188: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/010_openssl.patch.sig">
189: A source code patch exists which remedies this problem.</a>
190: <p>
191:
1.31 bentley 192: <li id="011_nginx">
1.23 stsp 193: <font color="#009000"><strong>011: SECURITY FIX: October 1, 2014</strong></font>
194: <i>All architectures</i><br>
195: nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual
196: host confusion attacks in some configurations.
197: This issue was assigned CVE-2014-3616.
198: <br>
199: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/011_nginx.patch.sig">
200: A source code patch exists which remedies this problem.</a>
201: <p>
202:
1.31 bentley 203: <li id="012_openssl">
1.25 tedu 204: <font color="#009000"><strong>012: RELIABILITY FIX: October 20, 2014</strong></font>
205: <i>All architectures</i><br>
206: Two remotely triggerable memory leaks in OpenSSL can lead to a denial of
207: service in server applications.
208: <br>
209: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/012_openssl.patch.sig">
210: A source code patch exists which remedies this problem.</a>
211: <p>
212:
1.31 bentley 213: <li id="013_kernexec">
1.25 tedu 214: <font color="#009000"><strong>013: RELIABILITY FIX: October 20, 2014</strong></font>
215: <i>All architectures</i><br>
216: Executable headers with an unaligned address will trigger a kernel panic.
217: <br>
218: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/013_kernexec.patch.sig">
219: A source code patch exists which remedies this problem.</a>
220: <p>
221:
1.31 bentley 222: <li id="014_pfctl">
1.27 tedu 223: <font color="#009000"><strong>014: RELIABILITY FIX: November 17, 2014</strong></font>
1.26 sthen 224: <i>All architectures</i><br>
1.27 tedu 225: A PF rule using an IPv4 address
226: followed by an IPv6 address and then a dynamic address, e.g. "pass
227: from {192.0.2.1 2001:db8::1} to (pppoe0)", will have an incorrect /32
228: mask applied to the dynamic address.
1.26 sthen 229: <br>
1.27 tedu 230: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/014_pfctl.patch.sig">
1.26 sthen 231: A source code patch exists which remedies this problem.</a>
232: <p>
1.27 tedu 233:
1.31 bentley 234: <li id="015_asr">
1.27 tedu 235: <font color="#009000"><strong>015: RELIABILITY FIX: November 17, 2014</strong></font>
236: <i>All architectures</i><br>
237: Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.
238: <br>
239: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/015_asr.patch.sig">
240: A source code patch exists which remedies this problem.</a>
241: <p>
242:
1.31 bentley 243: <li id="016_pipex">
1.28 tedu 244: <font color="#009000"><strong>016: RELIABILITY FIX: December 5, 2014</strong></font>
245: <i>All architectures</i><br>
246: Several bugs were fixed that allowed a crash from remote when an active pipex
247: session exists.
248: <br>
249: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/016_pipex.patch.sig">
250: A source code patch exists which remedies this problem.</a>
251: <p>
252:
1.31 bentley 253: <li id="017_pppoe">
1.28 tedu 254: <font color="#009000"><strong>017: RELIABILITY FIX: December 5, 2014</strong></font>
255: <i>All architectures</i><br>
256: An incorrect memcpy call would result in corrupted MAC addresses when
257: using PPPOE.
258: <br>
259: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/017_pppoe.patch.sig">
260: A source code patch exists which remedies this problem.</a>
261: <p>
262:
1.31 bentley 263: <li id="018_virtio">
1.29 tedu 264: <font color="#009000"><strong>018: RELIABILITY FIX: December 9, 2014</strong></font>
265: <i>All architectures</i><br>
266: Several bugs in virtio(4) can lead to hangs with virtio devices,
267: like vio(4) and vioblk(4).
268: <br>
269: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/018_virtio.patch.sig">
270: A source code patch exists which remedies this problem.</a>
271: <p>
272:
1.31 bentley 273: <li id="019_xserver">
1.29 tedu 274: <font color="#009000"><strong>019: SECURITY FIX: December 9, 2014</strong></font>
275: <i>All architectures</i><br>
276: One year after Ilja van Sprundel discovered and reported a large number
277: of issues in the way the X server code base handles requests from X clients,
278: they have been fixed.
279: <br>
280: <a href="http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/">X Advisory</a>
281: <br>
282: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/019_xserver.patch.sig">
283: A source code patch exists which remedies this problem.</a>
284: <p>
285:
1.31 bentley 286: <li id="020_libevent">
1.30 bluhm 287: <font color="#009000"><strong>020: SECURITY FIX: January 13, 2015</strong></font>
288: <i>All architectures</i><br>
289: Fix CVE-2014-6272 in libevent 1.4 event buffer handling. OpenBSD
290: base uses it for the programs: cu tmux ftp-proxy httpd ldapd relayd
291: tftp-proxy tftpd
292: <br>
293: <a href="http://www.wangafu.net/~nickm/volatile/advisory.txt.asc">Libevent Advisory</a>
294: <br>
295: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/020_libevent.patch.sig">
296: A source code patch exists which remedies this problem.</a>
297: <p>
1.26 sthen 298:
1.32 tedu 299: <li id="021_xserver">
300: <font color="#009000"><strong>021: SECURITY FIX: March 3, 2015</strong></font>
301: <i>All architectures</i><br>
302: Information leak in the XkbSetGeometry request of X servers.
303: <br>
304: For more information, see the
305: <a href="http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/">X.org advisory</a>.
306: <br>
307: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/021_xserver.patch.sig">
308: A source code patch exists which remedies this problem.</a>
309: <p>
310:
1.34 tedu 311: <li id="022_freetype">
312: <font color="#009000"><strong>022: SECURITY FIX: March 13, 2015</strong></font>
313: <i>All architectures</i><br>
314: Another fix for buffer overflows in malformed fonts.
315: <br>
316: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/022_freetype.patch.sig">
317: A source code patch exists which remedies this problem.</a>
318: <p>
319:
1.36 tedu 320: <li id="023_libxfont">
321: <font color="#009000"><strong>023: SECURITY FIX: March 18, 2015</strong></font>
322: <i>All architectures</i><br>
323: Buffer overflows in libXfont
324: <br>
325: For more information, see the
326: <a href="http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/">X.org advisory</a>.
327: <br>
328: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/023_libxfont.patch.sig">
329: A source code patch exists which remedies this problem.</a>
1.38 tedu 330: <br>Note that the instructions should read <code>cd /usr/xenocara/lib/libXfont</code>.
1.36 tedu 331: <p>
332:
1.37 tedu 333: <li id="024_openssl">
334: <font color="#009000"><strong>024: SECURITY FIX: March 19, 2015</strong></font>
335: <i>All architectures</i><br>
336: Fix two possible crash causing defects.<br>
337: CVE-2015-0286 - Apply fix from OpenSSL for ASN1_TYPE_cmp.<br>
338: CVE-2015-0292 - Backport existing fix for Base64 decoding.<br>
339: <br>
340: For more information, see the
341: <a href="https://www.openssl.org/news/secadv_20150319.txt">OpenSSL advisory</a>.
342: <br>
343: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/024_openssl.patch.sig">
344: A source code patch exists which remedies this problem.</a>
1.38 tedu 345: <br>Note that instructions should read <code>cd /usr/src/lib/libssl/crypto</code>.
1.37 tedu 346: <p>
347:
1.39 gilles 348: <li id="025_smtpd">
349: <font color="#009000"><strong>025: RELIABILITY FIX: April 17, 2015</strong></font>
350: <i>All architectures</i><br>
351: Fix a logic error in smtpd handling of SNI.
352: This could allow a remote user to crash the server or provoke a disconnect of other sessions.
353: <br>
354: <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/025_smtpd.patch.sig">
355: A source code patch exists which remedies this problem.</a>
356: <p>
357:
1.1 deraadt 358: </ul>
359:
1.33 tedu 360: <hr>
361:
1.1 deraadt 362: </body>
363: </html>