forked from openbsd/www
-
Notifications
You must be signed in to change notification settings - Fork 0
/
errata23.html
390 lines (363 loc) · 14.7 KB
/
errata23.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
<!doctype html>
<html lang=en id=errata>
<meta charset=utf-8>
<title>OpenBSD 2.3 Errata</title>
<meta name="description" content="the OpenBSD CD errata page">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/errata23.html">
<!--
IMPORTANT REMINDER
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE
-->
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
2.3 Errata
</h2>
<hr>
For errata on a certain release, click below:<br>
<a href="errata20.html">2.0</a>,
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata27.html">2.7</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>,
<a href="errata35.html">3.5</a>,
<a href="errata36.html">3.6</a>,
<br>
<a href="errata37.html">3.7</a>,
<a href="errata38.html">3.8</a>,
<a href="errata39.html">3.9</a>,
<a href="errata40.html">4.0</a>,
<a href="errata41.html">4.1</a>,
<a href="errata42.html">4.2</a>,
<a href="errata43.html">4.3</a>,
<a href="errata44.html">4.4</a>,
<a href="errata45.html">4.5</a>,
<a href="errata46.html">4.6</a>,
<a href="errata47.html">4.7</a>,
<a href="errata48.html">4.8</a>,
<a href="errata49.html">4.9</a>,
<a href="errata50.html">5.0</a>,
<a href="errata51.html">5.1</a>,
<a href="errata52.html">5.2</a>,
<br>
<a href="errata53.html">5.3</a>,
<a href="errata54.html">5.4</a>,
<a href="errata55.html">5.5</a>,
<a href="errata56.html">5.6</a>,
<a href="errata57.html">5.7</a>,
<a href="errata58.html">5.8</a>,
<a href="errata59.html">5.9</a>,
<a href="errata60.html">6.0</a>,
<a href="errata61.html">6.1</a>,
<a href="errata62.html">6.2</a>,
<a href="errata63.html">6.3</a>,
<a href="errata64.html">6.4</a>,
<a href="errata65.html">6.5</a>,
<a href="errata66.html">6.6</a>,
<a href="errata67.html">6.7</a>,
<a href="errata68.html">6.8</a>,
<br>
<a href="errata69.html">6.9</a>,
<a href="errata70.html">7.0</a>.
<hr>
<p>
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch contains usage instructions.
All the following patches are also available in one
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3.tar.gz">tar.gz file</a>
for convenience.
<p>
Patches for supported releases are also incorporated into the
<a href="stable.html">-stable branch</a>.
<hr>
<ul>
<li id="bootpd">
<strong>001: SECURITY FIX</strong>
<i>All architectures</i><br>
A remotely exploitable problem exists in bootpd(8). bootpd is disabled
by default, but some people may actually be using it.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/bootpd.patch">
A source code patch exists which remedies this problem.</a>
This is the second version of the patch.
<p>
<li id="tcpfix">
<strong>002: SECURITY FIX</strong>
<i>All architectures</i><br>
A remote machine lockup problem exists in the TCP decoding code.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="atapi">
<strong>003: HARDWARE SUPPORT</strong>
<i>All architectures</i><br>
Some ATAPI cdroms which do not support the full mandatory command set,
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver.
A patch is
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/acd.patch">
available here.</a>
<p>
<li id="chpass">
<strong>004: SECURITY FIX</strong>
<i>All architectures</i><br>
Chpass(1) has a file descriptor leak which allows an
attacker to modify /etc/master.passwd.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/chpass.patch">
A source code patch exists which remedies this problem.</a>
For more details, see the
<a href="advisories/nai_28_chpass.txt">Network Associates advisory</a>.
<p>
<li id="resid">
<strong>005: RELIABILITY FIX</strong>
<i>All architectures</i><br>
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a
kernel panic. This is the third revision of this patch.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resid.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="inetd">
<strong>006: SECURITY FIX</strong>
<i>All architectures</i><br>
Inetd had a file descriptor leak. A patch is
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch">
available here.</a>
<p>
<li id="unionfs">
<strong>007: BUG FIX</strong>
<i>All architectures</i><br>
As shipped, unionfs had some serious problems.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch">
A patch is available to solve this</a>.
<p>
<li id="fdalloc">
<strong>008: SECURITY FIX</strong>
<i>All architectures</i><br>
Some non-allocated file descriptors have implied uses according to
system libraries, and hence setuid and setgid processes should not
be executed with these descriptors unallocated. A patch which forces
setuid and setgid processes to have some descriptors in fd slots
0, 1, and 2 is
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/fdalloc.patch">
available here.</a>
<p>
<li id="resolver">
<strong>009: SECURITY FIX</strong>
<i>All architectures</i><br>
A benign looking buffer overflow in the resolver routines was re-introduced
accidentally. The previously fixed behaviour is more correct. A patch
to fix this is
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resolver.patch">
available here.</a>
<p>
<li id="xlib">
<strong>010: SECURITY FIX</strong>
<i>All architectures</i><br>
Vulnerabilities have been found in the X11, Xt, Xaw and Xmu
libraries. These affect xterm and all other setuid-root programs that
use these libraries. The problems are associated with buffer overflows
in code that processes user-supplied data. The Xt library problems
include those fixed in TOG's recent public patch 3 for X11R6.3. All
releases of XFree86 up to and including 3.3.2 patch 1 and the version
distributed with OpenBSD are vulnerable to some or all of these
problems.
These problems are fixed in XFree86 patch 2.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/XFree86-3.3.2.2.patch">
The 2nd source patch</a> for these problems, specifically adapted to the
OpenBSD 2.3 X11 tree, is available now.
<p>
<li id="kill">
<strong>011: SECURITY FIX</strong>
<i>All architectures</i><br>
The kill(2) system call previously would permit a large set of signals to
be delivered to setuid or setgid processes. If such processes were using
those signals in dubious ways, this could have resulted in security
problems of various kinds.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/kill.patch">
The fourth revision of a source code patch which solves the problem is
available.</a>
<p>
<li id="immutable">
<strong>012: SECURITY FIX</strong>
<i>All architectures</i><br>
A possible new security problem exists if you rely on securelevels and
immutable or append-only files or character devices. The fix does not
permit mmap'ing of immutable or append-only files which are otherwise
writable, as the VM system will bypass the meaning of the file flags
when writes happen to the file.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/immutable.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="ipsec">
<strong>013: SECURITY FIX</strong>
<i>All architectures</i><br>
If IPSEC communication is attempted by starting photurisd(8) (which is
disabled by default), a system crash may be evoked from remote if
an attacker uses some classes of invalid packets.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/ipsec.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="xterm-xaw">
<strong>014: SECURITY FIX</strong>
<i>All architectures</i><br>
As stated in CERT advisory VB-98.04, there are buffer
overrun problems in <b>xterm</b> related to the input-Method,
preeditType, and *Keymap resources. Additional buffer overruns exist in
the <b>Xaw</b> library related to the inputMethod and
preeditType resources. The xterm(1) problem represents a security
vulnerability for any platform where xterm is installed setuid-root
(as is the case for all OpenBSD platforms). The Xaw problem represents
a security vulnerability for any setuid-root program that uses the Xaw
library (including xterm). Patch1 from XFree86 3.3.2 corrects
these problems.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/xterm-xaw.patch">
We provide a version of this patch file specifically for the OpenBSD 2.3 tree</a>.
We also provide tar files which replace the xterm(1) binary and the libXaw
libraries on your system. These are expected to be extracted in
<b>/usr/X11R6</b> using the command
<b>"tar xvfpz Xawfix.tgz"</b>.
The files are...
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/Xawfix.tgz">i386</a>,
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/alpha/Xawfix.tgz">alpha</a>,
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/mac68k/Xawfix.tgz">mac68k</a>,
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/mvme68k/Xawfix.tgz">
mvme68k</a>,
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/hp300/Xawfix.tgz">hp300</a>,
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/Xawfix.tgz">sparc</a>,
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/pmax/Xawfix.tgz">pmax</a>,
and
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/arc/Xawfix.tgz">arc</a>.
<p>
<li id="pctr">
<strong>015: RELIABILITY FIX</strong><br>
The pctr(4) driver has bugs that permit any user to crash the machine,
if the CPU is not an Intel CPU. This problem has been properly fixed
since, but fixes are hard to apply to the 2.2 or 2.3 releases. To avoid
the problem, recompile your kernel without the pctr(4) device driver.
<p>
<li><strong>016: CORRUPTED FILE</strong><br>
The CD version of the precompiled ghostscript package is corrupted and
not installable. The correct file can be retrieved by FTP from:
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz">
https://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz</a>.
Its checksums (obtained with <i>cksum(1)</i>, <i>md5(1)</i> and
<i>sha1(1)</i> respectively) are:
<ul>
<li>725752890 3639338 ghostscript-5.10.tgz
<li>MD5 (ghostscript-5.10.tgz) = 3144ca814ad1965d671be2b7be3d3050
<li>SHA1 (ghostscript-5.10.tgz) = bd9374fa547ac0078d5207463d3b0a19d80d213c
</ul>
<p>
<li id="pcvt">
<strong>017: RELIABILITY FIX</strong><br>
The pcvt(4) console driver has a bug that can cause some keyboard
controllers to lock up when a key is pressed that toggles the status
of a keyboard LED (scroll lock, caps lock, etc). The problem is
generally intermittent and the keyboard can be "unlocked" by unplugging
and plugging it back in.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/pcvt.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li><strong>018: RELIABILITY FIX</strong><br>
The 2.3 release does not run reliably on the sun4m LX/LC machines
(ie. Sparc Classic).
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/iommureg.patch">
A source code patch exists which remedies this problem.</a>
Two kernels which replace the ones in the release are also provided:
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/bsd">bsd</a> and
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/bsd.scsi3">bsd.scsi3</a>.
Other replacements for the 2.3 install tools are
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc">also available</a>.
<p>
<li><strong>019: MINOR INCOMPATIBILITY</strong><br>
The AmigaOS patch
<a href="http://us.aminet.net/pub/aminet/util/sys/PoolMem.lha">PoolMem</a>
improves AmigaOS memory handling tremendously, but confuses loadbsd, which
grabs less memory from the system than is available. To work around the
problem, be sure to execute
<pre>
PoolMem remove
</pre>
right before running loadbsd. The next release of loadbsd will probably be
PoolMem-aware.
<p>
<li><strong>020: RELEASE WARNING</strong><br>
The XFree86 binary set shipped on the CD and FTP site are not the
exact final set that we shipped for the other releases. A few minor
changes, mostly in <b>xdm(1)</b> configuration, were made
after those binaries were made. Patches for this might come out later.
<p>
<li><strong>021: X11 RELEASE ERROR</strong><br>
The XFree86 binary set was linked with an older version of the C
library. To work around the problem, do the following as root.
<p>
<pre>
cd /usr/lib/
ln -s libc.so.18.0 libc.so.17
</pre>
<p>
<li><strong>022: X11 RELEASE ERROR</strong><br>
The X11R5 server used in this port does not understand the default
authorization types used by the X11R6 clients, which results in no
clients being able to connect to the server. To fix this
problem add the line below to /usr/X11R6/lib/X11/xdm/xdm-config.
<p>
<pre>
DisplayManager._0.authName: MIT-MAGIC-COOKIE-1
</pre>
<p>
<li><strong>023: INSTALLATION PROCESS FLAW</strong><br>
The pmax install does not correctly install the boot block.
To work around the problem, after the install program has finished, do
the following (assuming scsi id 0):
<p>
<pre>
disklabel rz0 > /tmp/label
disklabel -R -B rz0 /tmp/label
</pre>
<p>
<li><strong>024: RELEASE WARNING</strong><br>
The XFree86 binary set shipped on the CD and FTP site are not the
exact final set that we shipped for the other releases. A few minor
changes, mostly in <b>xdm(1)</b> configuration, were made
after those binaries were made. Patches for this might come out later.
<p>
<li><strong>025: X11 RELEASE ERROR</strong><br>
The XFree86 binary set was linked with an older version of the C
library. To work around the problem, do the following as root.
<p>
<pre>
cd /usr/lib/
ln -s libc.so.18.0 libc.so.17
</pre>
<p>
<li><strong>026: RELEASE WARNING</strong><br>
When you start the install an upgrade option is advertised but
there really is no such option.
<p>
<li><strong>027: RELEASE WARNING</strong><br>
When you start the install an upgrade option is advertised but
there really is no such option.
<p>
<li><strong>028: RELEASE WARNING</strong><br>
Unlabeled disks with weird geometries can panic the kernel.
A fix will be made available when 2.3 is out.
<p>
<li><strong>029: SECURITY FIX</strong><br>
The powerpc release shipped on the OpenBSD 2.3 CD does not contain
two late fixes applied late in the release cycle. The
<a href="errata22.html#rmjob">rmjob</a> and
<a href="errata22.html#uucpd">uucpd</a> patches should be applied to
the system if those subsystems are used.
<p>
</ul>
<hr>