-
Notifications
You must be signed in to change notification settings - Fork 42
/
errata26.html
344 lines (310 loc) · 12.5 KB
/
errata26.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
<!doctype html>
<html lang=en id=errata>
<meta charset=utf-8>
<title>OpenBSD 2.6 Errata</title>
<meta name="description" content="the OpenBSD CD errata page">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/errata26.html">
<!--
IMPORTANT REMINDER
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE
-->
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
2.6 Errata
</h2>
<hr>
For errata on a certain release, click below:<br>
<a href="errata20.html">2.0</a>,
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata27.html">2.7</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>,
<a href="errata35.html">3.5</a>,
<a href="errata36.html">3.6</a>,
<br>
<a href="errata37.html">3.7</a>,
<a href="errata38.html">3.8</a>,
<a href="errata39.html">3.9</a>,
<a href="errata40.html">4.0</a>,
<a href="errata41.html">4.1</a>,
<a href="errata42.html">4.2</a>,
<a href="errata43.html">4.3</a>,
<a href="errata44.html">4.4</a>,
<a href="errata45.html">4.5</a>,
<a href="errata46.html">4.6</a>,
<a href="errata47.html">4.7</a>,
<a href="errata48.html">4.8</a>,
<a href="errata49.html">4.9</a>,
<a href="errata50.html">5.0</a>,
<a href="errata51.html">5.1</a>,
<a href="errata52.html">5.2</a>,
<br>
<a href="errata53.html">5.3</a>,
<a href="errata54.html">5.4</a>,
<a href="errata55.html">5.5</a>,
<a href="errata56.html">5.6</a>,
<a href="errata57.html">5.7</a>,
<a href="errata58.html">5.8</a>,
<a href="errata59.html">5.9</a>,
<a href="errata60.html">6.0</a>,
<a href="errata61.html">6.1</a>,
<a href="errata62.html">6.2</a>,
<a href="errata63.html">6.3</a>,
<a href="errata64.html">6.4</a>,
<a href="errata65.html">6.5</a>,
<a href="errata66.html">6.6</a>,
<a href="errata67.html">6.7</a>,
<a href="errata68.html">6.8</a>,
<br>
<a href="errata69.html">6.9</a>,
<a href="errata70.html">7.0</a>,
<a href="errata71.html">7.1</a>,
<a href="errata72.html">7.2</a>,
<a href="errata73.html">7.3</a>,
<a href="errata74.html">7.4</a>,
<a href="errata75.html">7.5</a>,
<a href="errata76.html">7.6</a>.
<hr>
<p>
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch contains usage instructions.
All the following patches are also available in one
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6.tar.gz">tar.gz file</a>
for convenience.
<p>
Patches for supported releases are also incorporated into the
<a href="stable.html">-stable branch</a>.
<hr>
<ul>
<li id="newsyslog">
<strong>001: RELIABILITY FIX: Nov 8, 1999</strong>
<i>All architectures</i><br>
A race condition in newsyslog(8) can cause errors in log file rotation.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/001_newsyslog.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="ifmedia">
<strong>002: SECURITY FIX: Nov 9, 1999</strong>
<i>All architectures</i><br>
Any user can change interface media configurations.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/002_ifmedia.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="m4">
<strong>003: FUNCTIONALITY FIX: Nov 10, 1999</strong>
<i>All architectures</i><br>
m4 is quite broken in the 2.6 release.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/003_m4.patch">
A source code patch exists which remedies this problem.</a>
This is the 3rd revision of the patch.
<p>
<li id="sparc_locore">
<strong>004: RELIABILITY FIX: Nov 12, 1999</strong>
<i>sparc only</i><br>
The sparc kernel can be crashed by a user.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/004_locore.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="sshjumbo">
<strong>005: FUNCTIONALITY ADDITION: Nov 11, 1999</strong>
<i>All architectures</i><br>
Various OpenSSH improvements have been made since the 2.6 release shipped.<br>
To resolve the various (non-security related) features which users may want,
we are making a jumbo patch available. <b>This is now at VERSION FOUR.</b><br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/005_sshjumbo.patch">
Revision 4 of this jumbo source code patch exists.</a><br>
<b>NOTE: /etc/sshd_config and /etc/ssh_config may need changes.</b>
<p>
<li id="alpha_locore">
<strong>006: RELIABILITY FIX: Nov 13, 1999</strong>
<i>alpha only</i><br>
The alpha kernel can possibly be crashed by a user.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/alpha/006_locore.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="hp300_locore">
<strong>007: RELIABILITY FIX: Nov 12, 1999</strong>
<i>m68k architectures</i><br>
All m68k kernels can possibly be crashed by a user.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="atapijumbo">
<strong>009: DRIVER IMPROVEMENTS: Dec 4, 1999</strong>
<i>All architectures</i><br>
Various improvements have been made to the IDE/ATAPI subsystem since
the 2.6 release shipped.<br>
Some of these improvements make some recalcitrant devices work much better.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/009_atapi.patch"><br>
Revision 1 of this jumbo source code patch exists.</a><br>
<p>
<li id="sendmail">
<strong>010: SECURITY FIX: Dec 4, 1999</strong>
<i>All architectures</i><br>
Sendmail had a race in aliases file handling, which this patch fixes.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/010_sendmail.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="poll">
<strong>011: SECURITY FIX: Dec 4, 1999</strong>
<i>All architectures</i><br>
Various bugs in poll(2) may cause a kernel crash.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/011_poll.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="packets3c900b">
<strong>012: DRIVER IMPROVEMENT: Jan 3, 2000</strong>
<i>All architectures</i><br>
The 3C900B-TPO fails to select the correct media type (it never sees or
sends packets).<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/012_3c900b.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="addusery2k">
<strong>013: Y2K FIX: Jan 3, 2000</strong>
<i>All architectures</i><br>
A minor problem in the logging support for the adduser(8) command.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/013_addusery2k.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="eepromy2k">
<strong>014: Y2K FIX: Jan 3, 2000</strong><br>
A minor problem; the sparc eeprom(8) command is not Y2K compliant.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/014_eepromy2k.patch">
A source code patch exists which remedies this problem.</a>
This is the second revision of the patch.
<p>
<li id="aty2k">
<strong>015: Y2K FIX: Jan 9, 2000</strong>
<i>All architectures</i><br>
The at(1) command was unable to parse some kinds of dates.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/015_aty2k.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="sslUSA">
<strong>016: SECURITY FIX: Dec 2, 1999</strong>
<i>All architectures</i><br>
A buffer overflow in the RSAREF code included in the
USA version of the libssl package (called <b>sslUSA</b>, is
possibly exploitable in isakmpd if SSL/RSA features
are enabled or used.<br>
<a href="https://www.openssh.com">OpenSSH</a> and httpd (with -DSSL) are not
vulnerable.<br>
<b>NOTE: International users using the ssl26 package are not affected.</b>
<p>
To check what package you are using, use
<pre>
<b>#</b> pkg_info sslUSA26
</pre>
The patched library says:<br>
"ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA"
<p>
Non-commercial USA users who installed the ssl package before December 3
should upgrade their <b>sslUSA26</b> package using:<br>
<pre>
<b>#</b> pkg_delete sslUSA26
<b>#</b> pkg_add -v sslUSA26.tar.gz
</pre>
Using the new <b>sslUSA26.tar.gz</b> files which have been placed
on the FTP mirrors.<br>
<a href="advisories/sslUSA">For more information, see the advisory</a>.<br>
<b>NOTE: this problem turned out to not be unexploitable in OpenSSH.</b>
<p>
<li id="fortran">
<strong>017: FUNCTIONALITY ADDITION: Nov 14, 1999</strong>
<i>All architectures</i><br>
Fortran doesn't work right. The file /usr/include/g2c.h is missing in the
release.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/008_fortran.patch">
A source code patch exists which remedies this problem.</a>
The patch fixes the source tree and describes how to properly add
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/g2c.h">
the include file</a> to your system.
<p>
<li id="procfs">
<strong>018: SECURITY FIX: Jan 20, 2000</strong>
<i>All architectures</i><br>
Systems running with procfs enabled and mounted are vulnerable
to having the stderr output of setuid processes directed onto
a pre-seeked descriptor onto the stack in their own procfs memory.<br>
Note that procfs is not mounted by default in OpenBSD.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/018_procfs.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="syslog">
<strong>020: LIBRARY IMPROVEMENT: Jan 26, 2000</strong>
<i>All architectures</i><br>
syslog(3) would not try to reopen the socket, thus, nightly newsyslog(8)
would cause syslogd(8) to not see new messages.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/020_syslog.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="nsphy">
<strong>019: DRIVER IMPROVEMENT: Jan 20, 2000</strong>
<i>All architectures</i><br>
Intel fxp cards with National Semiconductor PHYs (nsphy) have trouble
negotiating and maintaining 100Mb link integrity.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/019_nsphy.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="rzsz">
<strong>021: RZSZ SNOOPING: Jan 31, 2000</strong>
<i>All architectures</i><br>
The rzsz port was removed from the ports collection, as it collects and
sends user information to a designated email address, effectively spying on
you. <em>It is recommended that you remove this package if you installed
it</em>.
<p>
<li id="xlockmore">
<strong>022: SECURITY FIX: May 25, 2000</strong>
<i>All architectures</i><br>
xlockmore has a localhost attack against it which allows recovery of the encrypted
hash of the root password. The damage to systems using DES passwords from this
attack is pretty heavy, but to systems with a well-chosen root password under
blowfish encoding
(see <a href="https://man.openbsd.org/OpenBSD-2.6/crypt.3">
crypt(3)</a>)
the impact is much reduced.<br>
(Aside: We do not consider this a localhost root hole in the default install,
since we have not seen a fast blowfish cracker yet ;-)<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/022_xlockmore.patch">
A source code patch exists which remedies this problem.</a>
This is the 2nd patch designed to solve this problem.
<p>
<li id="ipf">
<strong>023: SECURITY FIX: May 25, 2000</strong>
<i>All architectures</i><br>
A misuse of ipf(8)
<i>keep-state</i> rules can result in firewall rules being
bypassed.
This patch also includes fixes for an unaligned timestamp issue,
and reliability fixes for ipmon and the in-kernel ftp proxy.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/023_ipf.patch">
A source code patch exists which remedies this problem.</a>
It updates ipf to version 3.3.16.
<p>
<li id="semconfig">
<strong>024: SECURITY FIX: May 26, 2000</strong>
<i>All architectures</i><br>
Kernel contained an undocumented system call used to lock semaphore operations
while they were being sampled by the ipcs(1) command. This locking could be
used as a local denial of service attack which would block the exiting of
processes which had semaphore resources allocated. Processes not using
semaphores are not affected, so the actual effect is very minimal.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/024_sysv_sem.patch">
A source code patch exists which remedies this problem.</a>
<p>
</ul>
<hr>