-
Notifications
You must be signed in to change notification settings - Fork 42
/
Copy patherrata43.html
268 lines (244 loc) · 10.7 KB
/
errata43.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>OpenBSD 4.3 Errata</title>
<meta name="description" content="the OpenBSD CD errata page">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/errata43.html">
</head>
<!--
IMPORTANT REMINDER
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE
-->
<body bgcolor="#ffffff" text="#000000" link="#23238E">
<h2>
<a href="index.html">
<font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a>
<font color="#e00000">4.3 Errata</font>
</h2>
<hr>
For errata on a certain release, click below:<br>
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata27.html">2.7</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>,
<a href="errata35.html">3.5</a>,
<a href="errata36.html">3.6</a>,
<br>
<a href="errata37.html">3.7</a>,
<a href="errata38.html">3.8</a>,
<a href="errata39.html">3.9</a>,
<a href="errata40.html">4.0</a>,
<a href="errata41.html">4.1</a>,
<a href="errata42.html">4.2</a>,
<a href="errata44.html">4.4</a>,
<a href="errata45.html">4.5</a>,
<a href="errata46.html">4.6</a>,
<a href="errata47.html">4.7</a>,
<a href="errata48.html">4.8</a>,
<a href="errata49.html">4.9</a>,
<a href="errata50.html">5.0</a>,
<a href="errata51.html">5.1</a>,
<a href="errata52.html">5.2</a>,
<a href="errata53.html">5.3</a>,
<br>
<a href="errata54.html">5.4</a>,
<a href="errata55.html">5.5</a>,
<a href="errata56.html">5.6</a>,
<a href="errata57.html">5.7</a>,
<a href="errata58.html">5.8</a>,
<a href="errata59.html">5.9</a>,
<a href="errata60.html">6.0</a>,
<a href="errata61.html">6.1</a>.
<hr>
<p>
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch contains usage instructions.
All the following patches are also available in one
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3.tar.gz">tar.gz file</a>
for convenience.
<p>
Patches for supported releases are also incorporated into the
<a href="stable.html">-stable branch</a>.
<hr>
<ul>
<li id="p013_pf">
<font color="#009000"><strong>013: RELIABILITY FIX: April 11, 2009</strong></font>
<i>All architectures</i><br>
When pf attempts to perform translation on a specially crafted IP datagram,
a null pointer dereference will occur, resulting in a kernel panic.
In certain configurations this may be triggered by a remote attacker.
<br>
Restricting translation rules to protocols that are specific to the IP version
in use, is an effective workaround until the patch can be installed. As an
example, for IPv4 nat/binat/rdr rules you can use:
<pre>
nat/rdr ... inet proto { tcp udp icmp } ...
</pre>
Or for IPv6 nat/binat/rdr rules you can use:
<pre>
nat/rdr ... inet6 proto { tcp udp icmp6 } ...
</pre>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p012_openssl">
<font color="#009000"><strong>012: RELIABILITY FIX: April 8, 2009</strong></font>
<i>All architectures</i><br>
The OpenSSL ASN.1 handling code could be forced to perform invalid memory
accesses through the use of certain invalid strings
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590">CVE-2009-0590</a>)
or under certain error conditions triggerable by invalid ASN.1 structures
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789">CVE-2009-0789</a>).
These vulnerabilities could be exploited to achieve a
denial-of-service. A more detailed description of these problems is available
in the
<a href="http://www.openssl.org/news/secadv_20090325.txt">OpenSSL security advisory</a>, but note that the other issue described there "Incorrect Error
Checking During CMS verification" relates to code not enabled in OpenBSD.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/012_openssl.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p011_sudo">
<font color="#009000"><strong>011: SECURITY FIX: February 22, 2009</strong></font>
<i>All architectures</i><br>
sudo(8) may allow a user listed in the sudoers file to run a command
as a different user than their access rule specifies when a Unix
group is used in the RunAs portion of the rule. The bug only manifests
when the user being granted privileges is also a member of the group
in the RunAs portion of the rule.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/011_sudo.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p010_bgpd">
<font color="#009000"><strong>010: RELIABILITY FIX: February 18, 2009</strong></font>
<i>All architectures</i><br>
bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
the process to terminate because of the resulting corrupt path.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/010_bgpd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p009_bgpd">
<font color="#009000"><strong>009: RELIABILITY FIX: January 30, 2009</strong></font>
<i>All architectures</i><br>
Upon reception of an invalid update with 4-byte AS attributes, bgpd -
adhering to the RFCs - closed the session to the neighbor.
This error in the specification allowed 3rd parties to close remote BGP
sessions.
In the worst case Internet connectivity could be lost.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/009_bgpd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p008_bind">
<font color="#009000"><strong>008: SECURITY FIX: January 14, 2009</strong></font>
<i>All architectures</i><br>
named(8) did not correctly check the return value of a DSA verification
function, potentially allowing bypass of verification of DNSSEC DSA
signatures.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025">CVE-2009-0025</a>.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/008_bind.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p007_openssl">
<font color="#009000"><strong>007: SECURITY FIX: January 9, 2009</strong></font>
<i>All architectures</i><br>
The OpenSSL libraries did not correctly check the return value from
certain verification functions, allowing validation to be bypassed and
permitting a remote attacker to conduct a "man in the middle attack"
against SSL/TLS connections if the server is configured with a DSA or ECDSA
certificate.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077">CVE-2008-5077</a>.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/007_openssl.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p006_ndp">
<font color="#009000"><strong>006: SECURITY FIX: October 2, 2008</strong></font>
<i>All architectures</i><br>
The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
solicitation requests maybe allowing a nearby attacker to intercept traffic.
The attacker must have IPv6 connectivity to the same router as their target for
this vulnerability to be exploited.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476">CVE-2008-2476</a>.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/006_ndp.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p005_pcb">
<font color="#009000"><strong>005: RELIABILITY FIX: July 29, 2008</strong></font>
<i>All architectures</i><br>
Some kinds of IPv6 usage would leak kernel memory (in particular, this path
was exercised by the named(8) patch for port randomization). Since INET6 is
enabled by default, this condition affects all systems.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/005_pcb.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p004_bind">
<font color="#009000"><strong>004: SECURITY FIX: July 23, 2008</strong></font>
<i>All architectures</i><br>
<strong>2nd revision, July 23, 2008</strong><br>
A vulnerability has been found with BIND. An attacker could use this vulnerability
to poison the cache of a recursive resolving name server.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447">CVE-2008-1447</a>.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/004_bind.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p003_xorg">
<font color="#009000"><strong>003: SECURITY FIX: July 15, 2008</strong></font>
<i>All architectures</i><br>
Multiple vulnerabilities have been discovered in X.Org.<br>
RENDER Extension heap buffer overflow,
RENDER Extension crash,
RENDER Extension memory corruption,
MIT-SHM arbitrary memory read,
RECORD and Security extensions memory corruption.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360">CVE-2008-2360</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361">CVE-2008-2361</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362">CVE-2008-2362</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379">CVE-2008-1379</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377">CVE-2008-1377</a>.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/003_xorg.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p002_openssh2">
<font color="#009000"><strong>002: SECURITY FIX: April 3, 2008</strong></font>
<i>All architectures</i><br>
Avoid possible hijacking of X11-forwarded connections with sshd(8)
by refusing to listen on a port unless all address families bind
successfully.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/002_openssh2.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p001_openssh">
<font color="#009000"><strong>001: SECURITY FIX: March 30, 2008</strong></font>
<i>All architectures</i><br>
sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) <em>ForceCommand</em>
directive was in effect, allowing users with write access to this file to
execute arbitrary commands. This behaviour was documented, but was an unsafe
default and an extra hassle for administrators.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/001_openssh.patch">
A source code patch exists which remedies this problem.</a>
<p>
</ul>
<hr>
</body>
</html>