This is the OpenBSD 3.3 release errata & patch list:
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.4.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_3_3
patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
All architectures
- 017: RELIABILITY FIX: February 14,
2004
Several buffer overflows exist in the code parsing
font.aliases files in XFree86. Thanks to ProPolice, these cannot be
exploited to gain privileges, but they can cause the X server to abort.
A source code patch exists which remedies the problem.
- 016: SECURITY FIX: February 8, 2004
An IPv6 MTU handling problem exists that could be used by an attacker
to cause a denial of service attack against hosts with reachable IPv6
TCP ports.
A source code patch exists which remedies the problem.
- 015: SECURITY FIX: February 5, 2004
A reference counting bug exists in the
shmat(2)
system call that could be used by an attacker to write to kernel memory
under certain circumstances.
A source code patch exists which remedies the problem.
- 014: SECURITY FIX: January 15, 2004
Several message handling flaws in
isakmpd(8)
have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.
A source code patch exists which remedies these problems.
-
013: RELIABILITY FIX: November 20, 2003
An improper bounds check makes it possible for a local user to cause a crash
by passing the
semctl(2) and
semop(2) functions
certain arguments.
A source code patch exists which remedies the problem.
-
012: RELIABILITY FIX: November 20, 2003
It is possible for a local user to cause a crash via
sysctl(3) with certain arguments.
A source code patch exists which remedies the problem.
-
010: RELIABILITY FIX: November 4, 2003
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
A source code patch exists which remedies the problem.
-
009: RELIABILITY FIX: October 29, 2003
A user with write permission to httpd.conf or a .htaccess
file can crash
httpd(8)
or potentially run arbitrary code as the user www (although it
is believed that ProPolice will prevent code execution).
A source code patch exists which remedies the problem.
-
008: RELIABILITY FIX: October 1, 2003
It is possible for a local user to cause a system panic by flooding it with spoofed ARP
requests.
A source code patch exists which remedies the problem.
-
007: SECURITY FIX: October 1, 2003
The use of certain ASN.1 encodings or malformed public keys may allow an
attacker to mount a denial of service attack against applications linked with
ssl(3).
This does not affect OpenSSH.
A source code patch exists which remedies the problem.
-
006: SECURITY FIX: September 24, 2003
Three cases of potential access to freed memory have been found in
pf(4).
At least one of them could be used to panic pf with active scrub rules remotely.
A source code patch exists which remedies the problem.
-
005: SECURITY FIX: September 17, 2003
A buffer overflow in the address parsing in
sendmail(8)
may allow an attacker to gain root privileges.
A source code patch exists which remedies the problem.
NOTE: this is the second revision of the patch that fixes an additional
problem.
-
004: SECURITY FIX: September 16, 2003
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.
It is unclear whether or not this bug is exploitable.
A
source code patch exists which remedies the problem.
NOTE: this is the second revision of the patch that fixes an additional
problem.
-
003: SECURITY FIX: September 10, 2003
Root may be able to reduce the security level by taking advantage of
an integer overflow when the semaphore limits are made very large.
A source code patch exists which remedies the problem.
-
002: RELIABILITY FIX: August 20, 2003
An improper bounds check in the
semget(2)
system call can allow a local user to cause a kernel panic.
A source code patch exists which remedies the problem.
- 001: SECURITY FIX: August 4, 2003
An off-by-one error exists in the C library function
realpath(3).
Since this same bug resulted in a root compromise in the wu-ftpd ftp server
it is possible that this bug may allow an attacker to gain escalated privileges
on OpenBSD.
A source code patch exists which remedies the problem.
i386
alpha
- No problems identified yet.
mac68k
- No problems identified yet.
sparc
- No problems identified yet.
sparc64
- No problems identified yet.
hppa
- No problems identified yet.
hp300
- No problems identified yet.
mvme68k
- No problems identified yet.
macppc
- No problems identified yet.
vax
- No problems identified yet.
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.4.
www@openbsd.org
$OpenBSD: errata33.html,v 1.15 2004/02/14 20:15:27 matthieu Exp $