openbsd 3.4 errata

openbsd 3.4 errata this is the openbsd 3.4 release errata & patch list: for openbsd patch branch information, please refer here. for important packages updates, please refer here. for errata on a certain release, click below: 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.5, 3.6, 3.7, 3.8, 3.9, 4.0, 4.1, 4.2. you can also fetch a tar.gz file containing all the following patches. this file is updated once a day. the patches below are available in cvs via the openbsd_3_4 patch branch. for more detailed information on how to install patches to openbsd, please consult the openbsd faq. all architectures 035: security fix: december 13, 2004 on systems running isakmpd(8) it is possible for a local user to cause kernel memory corruption and system panic by setting ipsec(4) credentials on a socket. a source code patch exists which remedies this problem. 034: reliability fix: november 10, 2004 due to a bug in lynx(1) it is possible for pages such as this to cause lynx(1) to exhaust memory and then crash when parsing such pages. a source code patch exists which remedies this problem. 033: reliability fix: november 10, 2004 pppd(8) contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users. a source code patch exists which remedies this problem. 032: reliability fix: november 10, 2004 bind contains a bug which results in bind trying to contact nameservers via ipv6, even in cases where ipv6 connectivity is non-existent. this results in unnecessary timeouts and thus slow dns queries. a source code patch exists which remedies this problem. 031: security fix: september 20, 2004 eilko bos reported that radius authentication, as implemented by login_radius(8), was not checking the shared secret used for replies sent by the radius server. this could allow an attacker to spoof a reply granting access to the attacker. note that openbsd does not ship with radius authentication enabled. a source code patch exists which remedies this problem. 030: security fix: september 16, 2004 chris evans reported several flaws (stack and integer overflows) in the xpm library code that parses image files (can-2004-0687, can-2004-0688). some of these would be exploitable when parsing malicious image files in an application that handles xpm images, if they could escape propolice. a source code patch exists which remedies this problem. 029: security fix: september 10, 2004 httpd(8) 's mod_rewrite module can be made to write one zero byte in an arbitrary memory position outside of a char array, causing a dos or possibly buffer overflows. this would require enabling dbm for mod_rewrite and making use of a malicious dbm file. a source code patch exists which remedies this problem. 028: reliability fix: august 26, 2004 as reported by vafa izadinia bridge(4) with ipsec processing enabled can be crashed remotely by a single icmp echo traversing the bridge. a source code patch exists which remedies this problem. 027: reliability fix: august 25, 2004 improved verification of icmp errors in order to minimize the impact of icmp attacks against tcp. http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html a source code patch exists which remedies this problem. 026: reliability fix: jul 25, 2004 under a certain network load the kernel can run out of stack space. this was encountered in an environment using carp on a vlan interface. this issue initially manifested itself as a fpu related crash on boot up. a source code patch exists which remedies this problem. 025: security fix: june 12, 2004 multiple vulnerabilities have been found in httpd(8) / mod_ssl. can-2003-0020, can-2003-0987, can-2004-0488, can-2004-0492. a source code patch exists which remedies this problem. 024: security fix: june 10, 2004 as disclosed by thomas walpuski isakmpd(8) is still vulnerable to unauthorized sa deletion. an attacker can delete ipsec tunnels at will. a source code patch exists which remedies this problem. 023: security fix: june 9, 2004 multiple remote vulnerabilities have been found in the cvs(1) server that allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the cvs server program. a source code patch exists which remedies this problem. 022: security fix: may 30, 2004 a flaw in the kerberos v kdc(8) server could result in the administrator of a kerberos realm having the ability to impersonate any principal in any other realm which has established a cross-realm trust with their realm. the flaw is due to inadequate checking of the "transited" field in a kerberos request. for more details see heimdal's announcement. a source code patch exists which remedies this problem. 021: security fix: may 20, 2004 a heap overflow in the cvs(1) server has been discovered that can be exploited by clients sending malformed requests, enabling these clients to run arbitrary code with the same privileges as the cvs server program. a source code patch exists which remedies this problem. 020: security fix: may 13, 2004 check for integer overflow in procfs. use of procfs is not recommended. a source code patch exists which remedies this problem. 019: reliability fix: may 6, 2004 reply to in-window syn with a rate-limited ack. a source code patch exists which remedies this problem. 018: reliability fix: may 5, 2004 under load "recent model" gdt(4) controllers will lock up. a source code patch exists which remedies this problem. 017: security fix: may 5, 2004 pathname validation problems have been found in cvs(1), allowing malicious clients to create files outside the repository, allowing malicious servers to overwrite files outside the local cvs tree on the client and allowing clients to check out files outside the cvs repository. a source code patch exists which remedies this problem. 016: reliability fix: march 17, 2004 a missing check for a null-pointer dereference has been found in ssl(3). a remote attacker can use the bug to cause an openssl application to crash; this may lead to a denial of service. a source code patch exists which remedies this problem. 015: reliability fix: march 17, 2004 defects in the payload validation and processing functions of isakmpd(8) have been discovered. an attacker could send malformed isakmp messages and cause isakmpd to crash or to loop endlessly. this patch fixes these problems and removes some memory leaks. a source code patch exists which remedies this problem. 014: security fix: march 13, 2004 due to a bug in the parsing of allow/deny rules for httpd(8)'s access module, using ip addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. this only affects sparc64. a source code patch exists which remedies the problem. 013: reliability fix: march 8, 2004 openbsd's tcp/ip stack did not impose limits on how many out-of-order tcp segments are queued in the system. an attacker could send out-of-order tcp segments and trick the system into using all available memory buffers. a source code patch exists which remedies the problem. 012: reliability fix: february 14, 2004 several buffer overflows exist in the code parsing font.aliases files in xfree86. thanks to propolice, these cannot be exploited to gain privileges, but they can cause the x server to abort. a source code patch exists which remedies the problem. 011: security fix: february 8, 2004 an ipv6 mtu handling problem exists that could be used by an attacker to cause a denial of service attack against hosts with reachable ipv6 tcp ports. a source code patch exists which remedies the problem. 010: security fix: february 5, 2004 a reference counting bug exists in the shmat(2) system call that could be used by an attacker to write to kernel memory under certain circumstances. a source code patch exists which remedies the problem. 009: security fix: january 13, 2004 several message handling flaws in isakmpd(8) have been reported by thomas walpuski. these allow an attacker to delete arbitrary sas. the patch also includes a reliability fix for a filedescriptor leak that causes problems when a crypto card is installed. a source code patch exists which remedies these problems. 008: reliability fix: november 20, 2003 an improper bounds check makes it possible for a local user to cause a crash by passing the semctl(2) and semop(2) functions certain arguments. a source code patch exists which remedies the problem. 007: reliability fix: november 20, 2003 it is possible for a local user to cause a crash via sysctl(3) with certain arguments. a source code patch exists which remedies the problem. 005: reliability fix: november 4, 2003 it is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. a source code patch exists which remedies the problem. 004: reliability fix: november 1, 2003 a user with write permission to httpd.conf or a .htaccess file can crash httpd(8) or potentially run arbitrary code as the user www (although it is believed that propolice will prevent code execution). a source code patch exists which remedies the problem. 003: reliability fix: november 1, 2003 it is possible for a local user to cause a system panic by flooding it with spoofed arp requests. a source code patch exists which remedies the problem. 002: security fix: november 1, 2003 the use of certain asn.1 encodings or malformed public keys may allow an attacker to mount a denial of service attack against applications linked with ssl(3). this does not affect openssh. a source code patch exists which remedies the problem. 001: documentation fix: november 1, 2003 the cd insert documentation has an incorrect example for package installation. where it is written:            # pkg_add ftp://ftp.openbsd.org/pub/openbsd/3.4/packages/i386 it should instead read:            # pkg_add ftp://ftp.openbsd.org/pub/openbsd/3.4/packages/i386/ the extra / at the end is important. we do not make patch files available for things printed on paper. i386 006: security fix: november 17, 2003 it may be possible for a local user to overrun the stack in compat_ibcs2(8). propolice catches this, turning a potential privilege escalation into a denial of service. ibcs2 emulation does not need to be enabled via sysctl(8) for this to happen. a source code patch exists which remedies the problem. alpha no problems identified yet. mac68k no problems identified yet. sparc no problems identified yet. sparc64 no problems identified yet. hppa no problems identified yet. hp300 no problems identified yet. mvme68k no problems identified yet. macppc no problems identified yet. vax no problems identified yet. for openbsd patch branch information, please refer here. for important packages updates, please refer here. for errata on a certain release, click below: 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.5, 3.6, 3.7, 3.8, 3.9, 4.0, 4.1, 4.2. www@openbsd.org $openbsd: errata34.html,v 1.41 2007/09/07 22:45:17 merdely exp $

Acceuil

suivante

openbsd 3.4 errata  Berkshire Computer Repairs And Servicing - 1-Fix Computer Services  The Art of Colin Fix  The Daily Fix - WSJ.com  The Right Way To Fix Inaccurate Wikipedia Articles  M·A·C Cosmetics Studio Fix Powder Plus Foundation  Blogger Buzz: A Layout Solution  IndieHIG » Blog Archive » Fix the Leopard Folders (FTLF or FTFLF)  Fix your Exposé keys - WOW Insider  ca-fix program description.  macosxhints.com - Twenty steps to help diagnose and fix system issues  Federal 'fix' knocks ca.gov for a loop NetworkWorld.com Community  DriverAgent.com Fix Your Driver Problems Instantly with Driver Agent  Cafe Hayek: Just Fix It  Fix for securityd hogging RAM when reauthorizing apps' Keychain ...  VCOM: V Communications. Security, Web, OS Management, Partitioning ...  What To Fix  Gallery 2.2.3 Security Fix Release Gallery  The Simple Dollar » 31 Days To Fix Your Finances: A Wrapup  Dura Fix Aluminum Welding Aluminum Brazing Aluminum Soldering ...  Fixit Guide Series - DIY Mac & iPod Repair  Pierre Fix-Masseau affiches sur AllPosters.fr  Nail Fungus Onychomycosis - Fix My Fungus  Oral Fixation Mints / Get Your Fix  Fix for COM Surrogate Has Stopped Working Error in Vista :: the ...  adaptive path » 8 quick ways to fix your search engine  Solar shield could be quick fix for global warming - earth - 05 ...  Free Registry Fix 3.9 for Windows  Video Coldplay - Fix You - coldplay, fix, you, clip ...  FIX: Update to enable DirectX Video Acceleration (DXVA) of Windows ...  You receive an access violation error and the system may appear to ...  Rob Galbraith DPI: Canon EOS-1D Mark III autofocus fix may be two ...  The Hotfix - Vista SP1, XP SP3, IE8, Home Server, and more! - Home  Tricia Fix Originals. Florida born fashion designer  Opinion Fix public education Seattle Times Newspaper  Can Architects Fix Construction’s “Busted Budgets”? News ...  Macrovision: Updating the Macrovision SECDRV.SYS Driver  Apple Releases Fix For iMacs That Freeze Up -- Apple ...  PINBALL: Pinball Repair Guides. Collector buys pinball, arcade ...  How to Fix a Scratched CD - wikiHow  Fix290  Simple "ntldr is missing" fix with boot floppy, CD-R, or USB flash  [Profil de Fix] OverBlog - Le blog des blogs  We Can Fix That with Data  A race to fix a 30-year-old 'solution' csmonitor.com  Eye Fix Photos: Photo Restoration and Retouching  FIX définition FIX  The new urgency to fix online privacy Perspectives CNET News.com  Finding a Fix  À propos de votre fix « Le Blogue d’Ironica  Congress Pushes 'Band-Aid Fix' to Gas Price Woes, Analyst Says ...  Nukefix, To Fix the Nuclear Weapons Problem  Abena Frantex Abri Fix - Incontinence urinaire  If It Works, Don't Fix It! Vasectomy Information Home Page  VBS.LoveLetter Fix - Symantec.com  fix. The American Heritage® Dictionary of the English Language ...  script-fix -- Screenplay Database  fix - Synonyms from Thesaurus.com  Prototype JavaScript framework: Prototype 1.5.1.1 bug fix release  Outlook-QuoteFix - Home  Proposal to fix Pacific with 'urea' dump - Telegraph