openbsd 3.4 errata
openbsd 3.4 errata
this is the openbsd 3.4 release errata & patch list:
for openbsd patch branch information, please refer here.
for important packages updates, please refer here.
for errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2.
you can also fetch a tar.gz file containing all the following patches.
this file is updated once a day.
the patches below are available in cvs via the
openbsd_3_4 patch branch.
for more detailed information on how to install patches to openbsd, please
consult the openbsd faq.
all architectures
035: security fix: december 13, 2004
on systems running
isakmpd(8)
it is possible for a local user to cause kernel memory corruption
and system panic by setting
ipsec(4)
credentials on a socket.
a source code patch exists which remedies this problem.
034: reliability fix: november 10, 2004
due to a bug in
lynx(1)
it is possible for pages such as
this
to cause
lynx(1)
to exhaust memory and then crash when parsing such pages.
a source code patch exists which remedies this problem.
033: reliability fix: november 10, 2004
pppd(8)
contains a bug that allows an attacker to crash his own connection, but it cannot
be used to deny service to other users.
a source code patch exists which remedies this problem.
032: reliability fix: november 10, 2004
bind contains a bug which results in bind trying to contact nameservers via ipv6, even in
cases where ipv6 connectivity is non-existent. this results in unnecessary timeouts and
thus slow dns queries.
a source code patch exists which remedies this problem.
031: security fix: september 20, 2004
eilko bos reported that radius authentication, as implemented by
login_radius(8),
was not checking the shared secret used for replies sent by the radius server.
this could allow an attacker to spoof a reply granting access to the
attacker. note that openbsd does not ship with radius authentication enabled.
a source code patch exists which remedies this problem.
030: security fix: september 16, 2004
chris evans reported several flaws (stack and integer overflows) in the
xpm
library code that parses image files
(can-2004-0687,
can-2004-0688).
some of these would be exploitable when parsing malicious image files in
an application that handles xpm images, if they could escape propolice.
a source code patch exists which remedies this problem.
029: security fix: september 10, 2004
httpd(8)
's mod_rewrite module can be made to write one zero byte in an arbitrary memory
position outside of a char array, causing a dos or possibly buffer overflows.
this would require enabling dbm for mod_rewrite and making use of a malicious
dbm file.
a source code patch exists which remedies this problem.
028: reliability fix: august 26, 2004
as
reported
by vafa izadinia
bridge(4)
with ipsec processing enabled can be crashed remotely by a single icmp echo traversing the bridge.
a source code patch exists which remedies this problem.
027: reliability fix: august 25, 2004
improved verification of icmp errors in order to minimize the impact of icmp attacks
against tcp.
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
a source code patch exists which remedies this problem.
026: reliability fix: jul 25, 2004
under a certain network load the kernel can run out of stack space. this was
encountered in an environment using carp on a vlan interface. this issue initially
manifested itself as a fpu related crash on boot up.
a source code patch exists which remedies this problem.
025: security fix: june 12, 2004
multiple vulnerabilities have been found in
httpd(8)
/ mod_ssl.
can-2003-0020,
can-2003-0987,
can-2004-0488,
can-2004-0492.
a source code patch exists which remedies this problem.
024: security fix: june 10, 2004
as
disclosed
by thomas walpuski
isakmpd(8)
is still vulnerable to unauthorized sa deletion. an attacker can delete ipsec
tunnels at will.
a source code patch exists which remedies this problem.
023: security fix: june 9, 2004
multiple remote vulnerabilities have been found in the
cvs(1)
server that allow an attacker to crash the server or possibly execute arbitrary
code with the same privileges as the cvs server program.
a source code patch exists which remedies this problem.
022: security fix: may 30,
2004
a flaw in the kerberos v kdc(8)
server could result in the administrator of a kerberos realm having
the ability to impersonate any principal in any other realm which
has established a cross-realm trust with their realm. the flaw is due to
inadequate checking of the "transited" field in a kerberos request. for
more details see
heimdal's announcement.
a source code patch exists which remedies this problem.
021: security fix: may 20,
2004
a heap overflow in the
cvs(1)
server has been discovered that can be exploited by clients sending
malformed requests, enabling these clients to run arbitrary code
with the same privileges as the cvs server program.
a source code patch exists which remedies this problem.
020: security fix: may 13,
2004
check for integer overflow in procfs. use of procfs is not recommended.
a source code patch exists which remedies this problem.
019: reliability fix: may 6,
2004
reply to in-window syn with a rate-limited ack.
a source code patch exists which remedies this problem.
018: reliability fix: may 5,
2004
under load "recent model"
gdt(4)
controllers will lock up.
a source code patch exists which remedies this problem.
017: security fix: may 5,
2004
pathname validation problems have been found in
cvs(1),
allowing malicious clients to create files outside the repository, allowing
malicious servers to overwrite files outside the local cvs tree on
the client and allowing clients to check out files outside the cvs
repository.
a source code patch exists which remedies this problem.
016: reliability fix: march 17,
2004
a missing check for a null-pointer dereference has been found in
ssl(3).
a remote attacker can use the bug to cause an openssl application to crash;
this may lead to a denial of service.
a source code patch exists which remedies this problem.
015: reliability fix: march 17,
2004
defects in the payload validation and processing functions of
isakmpd(8)
have been discovered. an attacker could send malformed isakmp messages and
cause isakmpd to crash or to loop endlessly. this patch fixes these problems
and removes some memory leaks.
a source code patch exists which remedies this problem.
014: security fix: march 13,
2004
due to a bug in the parsing of allow/deny rules for
httpd(8)'s
access module, using ip addresses without a netmask on big endian 64-bit
platforms causes the rules to fail to match. this only affects sparc64.
a source code patch exists which remedies the problem.
013: reliability fix: march 8,
2004
openbsd's tcp/ip stack did not impose limits on how many out-of-order
tcp segments are queued in the system. an attacker could
send out-of-order tcp segments and trick the system into using all
available memory buffers.
a source code patch exists which remedies the problem.
012: reliability fix: february 14,
2004
several buffer overflows exist in the code parsing
font.aliases files in xfree86. thanks to propolice, these cannot be
exploited to gain privileges, but they can cause the x server to abort.
a source code patch exists which remedies the problem.
011: security fix: february 8, 2004
an ipv6 mtu handling problem exists that could be used by an attacker
to cause a denial of service attack against hosts with reachable ipv6
tcp ports.
a source code patch exists which remedies the problem.
010: security fix: february 5, 2004
a reference counting bug exists in the
shmat(2)
system call that could be used by an attacker to write to kernel memory
under certain circumstances.
a source code patch exists which remedies the problem.
009: security fix: january 13, 2004
several message handling flaws in
isakmpd(8)
have been reported by thomas walpuski. these allow an attacker to delete arbitrary sas. the patch also
includes a reliability fix for a filedescriptor leak that causes problems when a crypto card is
installed.
a source code patch exists which remedies these problems.
008: reliability fix: november 20, 2003
an improper bounds check makes it possible for a local user to cause a crash
by passing the
semctl(2) and
semop(2) functions
certain arguments.
a source code patch exists which remedies the problem.
007: reliability fix: november 20, 2003
it is possible for a local user to cause a crash via
sysctl(3) with certain arguments.
a source code patch exists which remedies the problem.
005: reliability fix: november 4, 2003
it is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
a source code patch exists which remedies the problem.
004: reliability fix: november 1, 2003
a user with write permission to httpd.conf or a .htaccess
file can crash
httpd(8)
or potentially run arbitrary code as the user www (although it
is believed that propolice will prevent code execution).
a source code patch exists which remedies the problem.
003: reliability fix: november 1, 2003
it is possible for a local user to cause a system panic by flooding it with spoofed arp
requests.
a source code patch exists which remedies the problem.
002: security fix: november 1, 2003
the use of certain asn.1 encodings or malformed public keys may allow an
attacker to mount a denial of service attack against applications linked with
ssl(3).
this does not affect openssh.
a source code patch exists which remedies the problem.
001: documentation fix: november 1, 2003
the cd insert documentation has an incorrect example for package installation.
where it is written:
# pkg_add ftp://ftp.openbsd.org/pub/openbsd/3.4/packages/i386
it should instead read:
# pkg_add ftp://ftp.openbsd.org/pub/openbsd/3.4/packages/i386/
the extra / at the end is important. we do not make
patch files available for things printed on paper.
i386
006: security fix: november 17, 2003
it may be possible for a local user to overrun the stack in
compat_ibcs2(8).
propolice catches this, turning a potential privilege escalation into a denial
of service. ibcs2 emulation does not need to be enabled via
sysctl(8)
for this to happen.
a source code patch exists which remedies the problem.
alpha
no problems identified yet.
mac68k
no problems identified yet.
sparc
no problems identified yet.
sparc64
no problems identified yet.
hppa
no problems identified yet.
hp300
no problems identified yet.
mvme68k
no problems identified yet.
macppc
no problems identified yet.
vax
no problems identified yet.
for openbsd patch branch information, please refer here.
for important packages updates, please refer here.
for errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2.
www@openbsd.org
$openbsd: errata34.html,v 1.41 2007/09/07 22:45:17 merdely exp $
Acceuil
suivante
openbsd 3.4 errata Berkshire Computer Repairs And Servicing - 1-Fix Computer Services The Art of Colin Fix The Daily Fix - WSJ.com The Right Way To Fix Inaccurate Wikipedia Articles M·A·C Cosmetics Studio Fix Powder Plus Foundation Blogger Buzz: A Layout Solution IndieHIG » Blog Archive » Fix the Leopard Folders (FTLF or FTFLF) Fix your Exposé keys - WOW Insider ca-fix program description. macosxhints.com - Twenty steps to help diagnose and fix system issues Federal 'fix' knocks ca.gov for a loop NetworkWorld.com Community DriverAgent.com Fix Your Driver Problems Instantly with Driver Agent Cafe Hayek: Just Fix It Fix for securityd hogging RAM when reauthorizing apps' Keychain ... VCOM: V Communications. Security, Web, OS Management, Partitioning ... What To Fix Gallery 2.2.3 Security Fix Release Gallery The Simple Dollar » 31 Days To Fix Your Finances: A Wrapup Dura Fix Aluminum Welding Aluminum Brazing Aluminum Soldering ... Fixit Guide Series - DIY Mac & iPod Repair Pierre Fix-Masseau affiches sur AllPosters.fr Nail Fungus Onychomycosis - Fix My Fungus Oral Fixation Mints / Get Your Fix Fix for COM Surrogate Has Stopped Working Error in Vista :: the ... adaptive path » 8 quick ways to fix your search engine Solar shield could be quick fix for global warming - earth - 05 ... Free Registry Fix 3.9 for Windows Video Coldplay - Fix You - coldplay, fix, you, clip ... FIX: Update to enable DirectX Video Acceleration (DXVA) of Windows ... You receive an access violation error and the system may appear to ... Rob Galbraith DPI: Canon EOS-1D Mark III autofocus fix may be two ... The Hotfix - Vista SP1, XP SP3, IE8, Home Server, and more! - Home Tricia Fix Originals. Florida born fashion designer Opinion Fix public education Seattle Times Newspaper Can Architects Fix Construction’s “Busted Budgets”? News ... Macrovision: Updating the Macrovision SECDRV.SYS Driver Apple Releases Fix For iMacs That Freeze Up -- Apple ... PINBALL: Pinball Repair Guides. Collector buys pinball, arcade ... How to Fix a Scratched CD - wikiHow Fix290 Simple "ntldr is missing" fix with boot floppy, CD-R, or USB flash [Profil de Fix] OverBlog - Le blog des blogs We Can Fix That with Data A race to fix a 30-year-old 'solution' csmonitor.com Eye Fix Photos: Photo Restoration and Retouching FIX définition FIX The new urgency to fix online privacy Perspectives CNET News.com Finding a Fix À propos de votre fix « Le Blogue d’Ironica Congress Pushes 'Band-Aid Fix' to Gas Price Woes, Analyst Says ... Nukefix, To Fix the Nuclear Weapons Problem Abena Frantex Abri Fix - Incontinence urinaire If It Works, Don't Fix It! Vasectomy Information Home Page VBS.LoveLetter Fix - Symantec.com fix. The American Heritage® Dictionary of the English Language ... script-fix -- Screenplay Database fix - Synonyms from Thesaurus.com Prototype JavaScript framework: Prototype 1.5.1.1 bug fix release Outlook-QuoteFix - Home Proposal to fix Pacific with 'urea' dump - Telegraph