This is the OpenBSD 3.5 release errata & patch list:
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_3_5
patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
All architectures
-
009: SECURITY FIX: May 30,
2004
A flaw in the Kerberos V kdc(8)
server could result in the administrator of a Kerberos realm having
the ability to impersonate any principal in any other realm which
has established a cross-realm trust with their realm. The flaw is due to
inadequate checking of the "transited" field in a Kerberos request. For
more details see
Heimdal's announcement.
A source code patch exists which remedies this problem.
-
008: SECURITY FIX: May 26,
2004
With the introduction of IPv6 code in
xdm(1),
one test on the 'requestPort' resource was deleted by accident. This
makes xdm create the chooser socket even if xdmcp is disabled in
xdm-config, by setting requestPort to 0. See
XFree86
bugzilla for details.
A source code patch exists which remedies this problem.
-
007: SECURITY FIX: May 20,
2004
A heap overflow in the
cvs(1)
server has been discovered that can be exploited by clients sending
malformed requests, enabling these clients to run arbitrary code
with the same privileges as the CVS server program.
A source code patch exists which remedies this problem.
-
006: SECURITY FIX: May 13,
2004
Check for integer overflow in procfs. Use of procfs is not recommended.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: May 6,
2004
Reply to in-window SYN with a rate-limited ACK.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: May 5,
2004
Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e.
siop(4),
trm(4),
iha(4)
).
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: May 5,
2004
Under load "recent model"
gdt(4)
controllers will lock up.
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: May 5,
2004
Pathname validation problems have been found in
cvs(1),
allowing malicious clients to create files outside the repository, allowing
malicious servers to overwrite files outside the local CVS tree on
the client and allowing clients to check out files outside the CVS
repository.
A source code patch exists which remedies this problem.
i386
- No problems identified yet.
alpha
- No problems identified yet.
amd64
- No problems identified yet.
cats
- No problems identified yet.
mac68k
- No problems identified yet.
sparc
- No problems identified yet.
sparc64
- No problems identified yet.
hppa
- No problems identified yet.
hp300
- No problems identified yet.
mvme68k
- No problems identified yet.
mvme88k
- No problems identified yet.
macppc
-
001: BROKEN PACKAGE ON CD: May 4, 2004
The powerpc autobook-1.3.tgz package found on CD2 has been found to be corrupt,
and will not extract.
A replacement package can be found on the ftp sites.
vax
- No problems identified yet.
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4.
www@openbsd.org
$OpenBSD: errata.html,v 1.498 2004/06/01 13:50:05 saad Exp $