The patches below are available in CVS via the
OPENBSD_2_8
patch branch.
For more detailed information on install patches to OpenBSD, please consult the OpenBSD FAQ.
In addition to a source code patch, new xlock binaries have been created for each architecture listed below. Place these binaries at /usr/X11R6/bin/xlock
and chmod 4755 /usr/X11R6/bin/xlock.
1. A symlink problem was discovered in the KerberosIV password checking
routines /usr/bin/su and /usr/bin/login, which makes it possible for a
local user to overwrite any file on the local machine.
2. It is possible to specify environment variables in telnet
which will be passed over the to the remote host. This makes it
possible to set environment variables on the remote side, including
ones that have special meaning on the server. It is not clear at this
time what the impact is, but we recommend everyone to upgrade their
machines immediately.
A security hole exists in lpd(8)
that may allow an attacker with line printer access to gain root
privileges. A machine must be running lpd to be vulnerable (OpenBSD
does not start lpd by default). Only machines with line printer
access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
may be used to mount an attack.
A source code patch exists which remedies the problem
A security hole exists in sendmail(8)
that may allow an attacker on the local host to gain root privileges by
specifying out-of-bounds debug parameters.
A source code patch exists which remedies the problem
A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
A source code patch exists which remedies the problem.
Programs using the fts(3)
routines (such as rm, find, and most programs that take a -R
flag) can be tricked into changing into the wrong directory if the
parent dir is changed out from underneath it. This is similar to
the old fts bug but happens when popping out of directories, as
opposed to descending into them.
A source code patch exists which remedies the problem.
This is the second version of the patch.
The signal handlers in sendmail(8) contain code that is unsafe in the
context of a signal handler. This leads to potentially serious
race conditions. At the moment this is a theoretical attack only
and can only be exploited on the local host (if at all).
A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.
IPF has a serious problem with fragment cacheing, the bug is triggered if you use the ipf(5) syntax "keep state".
A source code patch exists which remedies the problem.
ftpd(8) has a potential DoS related to glob(3). This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have 025_glob.patch installed before installing this patch.
A source code patch exists which remedies the problem.
glob(3) contains multiple buffer overflows.
A source code patch exists which remedies the problem.
The readline library shipped with OpenBSD allows history files creation
with a permissive
umask(2).
This can lead to the leakage of sensitive information in applications
that use passwords and the like during user interaction (one such
application is mysql).
A source code patch exists which remedies the problem.
Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun leading to a remote DoS. This option is not on by default.
A source code patch exists which remedies the problem.
There is an exploitable heap corruption bug in
sudo.
A source code patch exists which remedies the problem.
Client side ident protocol was broken in libwrap, affecting anything using libwrap including tcpd. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.
A source code patch exists which remedies the problem.
Fix memory allocation in the PCI LANCE driver, le. A side effect of this is that OpenBSD under VMWare now works again.
A source code patch exists which remedies the problem.
Merge named
with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities (actually it appears
that these were already impossible to exploit beforehand).
A source code patch exists which remedies the problem.
The rnd(4) device does not use all of its input when data is written to it.
A source code patch exists which remedies the problem.
Allow ThunderLAN cards to share interrupts nicely.
A source code patch exists which remedies the problem.
Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.
A source code patch exists which remedies the problem.
Procfs contained numerous overflows, which could lead an intruder to root permissions. Procfs is NOT enabled by default in OpenBSD.
A source code patch exists which remedies the problem.
The crypto subsystem could incorrectly fail to run certain software ciphers,
if a hardware card existed in the machine.
A source code patch exists which remedies the problem.
A crash could occur during fast routing, if IPSEC was enabled.
A source code patch exists which remedies the problem.
Another problem exists in the Kerberos libraries.
A source code patch exists which remedies the problem.
Two problems have recently been discovered in the KerberosIV code.
OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.
A source code patch exists which remedies the problem.
You can view the OpenBSD Advisory here.
First off, AES (rijndael) encryption and decryption were broken for IPsec
and swap encryption.
Secondly, the AES code did not work properly on big endian machines.
A second revision source code patch exists which remedies the problem.
In ssh(1), skey support for SSH1 protocol was broken. Some people might consider
that kind of important.
A source code patch exists which remedies this problem.
UKC> disable pcibios UKC> quit
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz
# cd /; tar xvfpz xshare28.tgz # cd /; tar xvfpz xfont28.tgz