This is the OpenBSD 3.5 release errata & patch list:
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_3_5
patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
All architectures
-
007: SECURITY FIX: May 20,
2004
A heap overflow in the
cvs(1)
server has been discovered that can be exploited by clients sending
malformed requests, enabling these clients to run arbitrary code
with the same privileges as the CVS server program.
A source code patch exists which remedies this problem.
-
006: SECURITY FIX: May 13,
2004
Check for integer overflow in procfs. Use of procfs is not recommended.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: May 6,
2004
Reply to in-window SYN with a rate-limited ACK.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: May 5,
2004
Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e.
siop(4),
trm(4),
iha(4)
).
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: May 5,
2004
Under load "recent model"
gdt(4)
controllers will lock up.
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: May 5,
2004
Pathname validation problems have been found in
cvs(1),
allowing malicious clients to create files outside the repository, allowing
malicious servers to overwrite files outside the local CVS tree on
the client and allowing clients to check out files outside the CVS
repository.
A source code patch exists which remedies this problem.
i386
- No problems identified yet.
alpha
- No problems identified yet.
amd64
- No problems identified yet.
cats
- No problems identified yet.
mac68k
- No problems identified yet.
sparc
- No problems identified yet.
sparc64
- No problems identified yet.
hppa
- No problems identified yet.
hp300
- No problems identified yet.
mvme68k
- No problems identified yet.
mvme88k
- No problems identified yet.
macppc
-
001: BROKEN PACKAGE ON CD: May 4, 2004
The powerpc autobook-1.3.tgz package found on CD2 has been found to be corrupt,
and will not extract.
A replacement package can be found on the ftp sites.
vax
- No problems identified yet.
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4.
www@openbsd.org
$OpenBSD: errata.html,v 1.492 2004/05/20 21:05:59 otto Exp $