This is the OpenBSD 2.7 release errata & patch list:
For OpenBSD patch branch information, please refer here.
For 2.1 errata, please refer here.
For 2.2 errata, please refer here.
For 2.3 errata, please refer here.
For 2.4 errata, please refer here.
For 2.5 errata, please refer here.
For 2.6 errata, please refer here.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_2_7
patch branch.
All architectures
- 019: SECURITY FIX: July 5, 2000
Just like pretty much all the other unix ftp daemons on the planet,
ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default.
The problem exists if anonymous ftp is enabled.
A source code patch exists which remedies this problem.
- 018: SECURITY FIX: July 5, 2000
Mopd contained a buffer overflow.
A source code patch exists which remedies this problem.
- 017: INSTALLATION FIX: July 3, 2000
The screen package shipped with 2.7 does not install itself properly. The
existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to
screen-3.9.5.tgz.old and a replacement package has been provided under the
name screen-3.9.5p1.tgz.
A source code patch exists which remedies this problem.
- 013: SECURITY FIX: June 28, 2000
libedit would check for a .editrc file in the current directory.
That behaviour is not nice; this does not turn into a security problem in
any real world situation that we know of, but a patch is available anyways.
A source code patch exists which remedies this problem.
- 012: SECURITY FIX: June 24, 2000
A serious bug in dhclient(8) could allow strings from a malicious dhcp
server to be executed in the shell as root.
A source code patch exists which remedies this problem.
- 009: SECURITY FIX: June 9, 2000
A serious bug in isakmpd(8) policy handling wherein policy
verification could be completely bypassed in isakmpd.
A source code patch exists which remedies this problem.
- 008: RELIABILITY FIX: June 8, 2000
Some operations in msdosfs could result in a system panic.
A source code patch exists which remedies this problem.
- 007: RELIABILITY FIX: June 8, 2000
NFS exporting of CD filesystems caused a system panic.
A source code patch exists which remedies this problem.
- 006: SECURITY FIX: June 6, 2000
The non-default UseLogin feature in /etc/sshd_config is broken and should not
be used. On other operating systems, it results in a hole.
Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
- 005: RELIABILITY FIX: May 29, 2000
Parse IPv4 options more carefully. It is not yet clear if this can even be used
to crash the machine remote or locally.
A source code patch exists which remedies this problem.
- 004: RELIABILITY FIX: May 29, 2000
Certain routing table modifications by the superuser could cause a system panic.
A source code patch exists which remedies this problem.
- 003: SECURITY FIX: May 26, 2000
It is possible to bypass the learning flag on an interface if frames
go directly to the machine acting as a
bridge.
A source code patch exists which remedies this problem.
- 002: DRIVER FIX: May 26, 2000
The
ef(4)
driver will complain when adding an address with ifconfig
(ifconfig: SIOCAIFADDR: Invalid argument).
A source code patch exists which remedies this problem.
- 001: SECURITY FIX: May 25, 2000
A misuse of
ipf(8)
keep-state rules can result in firewall rules being bypassed.
A source code patch exists, which remedies this problem, and updates ipf
to version 3.3.16.
i386
mac68k
- No problems identified yet.
sparc
- No problems identified yet.
amiga
pmax
- 020: KERNEL BUG: July 10, 2000
As originally shipped, the pmax port would fail to install due to
/kern/msgbuf bugs. The neccessary fixes have been merged,
and the binaries needed re-released on the FTP site.
The 2.7 srcsys.tar.gz however file has not been updated.
If you recompile a kernel, you should use either the
stable release source tree or apply the
provided patch to a 2.7 source tree.
A source code patch exists which remedies this problem.
arc
- No problems identified yet.
alpha
- No problems identified yet.
hp300
- No problems identified yet.
mvme68k
- No problems identified yet.
powerpc
- No problems identified yet.
For OpenBSD patch branch information, please refer here.
For 2.1 errata, please refer here.
For 2.2 errata, please refer here.
For 2.3 errata, please refer here.
For 2.4 errata, please refer here.
For 2.5 errata, please refer here.
For 2.6 errata, please refer here.
www@openbsd.org
$OpenBSD: errata.html,v 1.258 2000/07/12 16:37:59 deraadt Exp $