The patches below are available in CVS via the
OPENBSD_3_0
patch branch.
For more detailed information on install patches to OpenBSD, please consult the OpenBSD FAQ.
Effectively an upgrade of OpenSSH 3.0 to OpenSSH 3.0.2,
a source code patch exists which remedies these problems.
This is the second version of this patch.
If the Postfix sendmail replacement is installed on a system an
attacker may be able to gain root privileges on the local host via
sudo(8) which runs the mailer as root with an environment inherited
from the invoking user. While this is a bug in sudo it is not
believed to be possible to exploit when sendmail (the mailer that
ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes
the mailer an environment that is not subject to influence from the
invoking user.
A source code patch exists which remedies the problem.
Systems running with IP-in-IP encapsulation can be made to crash by
malformed packets.
A source code patch exists which remedies the problem.
A security issue exists in the lpd daemon that may allow an attacker
to create arbitrary new files in the root directory. Only machines
with line printer access (ie: listed in either /etc/hosts.lpd or
/etc/hosts.equiv) may be used to mount an attack and the attacker
must have root access on the machine. OpenBSD does not start lpd
in the default installation.
A source code patch exists which remedies the problem.
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
A source code patch exists which remedies the problem.
pf(4)
was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
A source code patch exists which remedies the problem.
sshd(8)
is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems:
By default, OpenSSH KerberosV support only becomes active after KerberosV
has been properly configured.
UseLogin
sshd option
boot cd:,OFWBOOT /3.0/macppc/bsd.rd