mirror of https://github.com/openbsd/www.git
247 lines
8.4 KiB
HTML
247 lines
8.4 KiB
HTML
<!doctype html>
|
|
<html lang=en id=errata>
|
|
<meta charset=utf-8>
|
|
|
|
<title>OpenBSD 2.5 Errata</title>
|
|
<meta name="description" content="the OpenBSD CD errata page">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<link rel="stylesheet" type="text/css" href="openbsd.css">
|
|
<link rel="canonical" href="https://www.openbsd.org/errata25.html">
|
|
|
|
<!--
|
|
IMPORTANT REMINDER
|
|
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE
|
|
-->
|
|
|
|
|
|
<h2 id=OpenBSD>
|
|
<a href="index.html">
|
|
<i>Open</i><b>BSD</b></a>
|
|
2.5 Errata
|
|
</h2>
|
|
<hr>
|
|
|
|
For errata on a certain release, click below:<br>
|
|
<a href="errata20.html">2.0</a>,
|
|
<a href="errata21.html">2.1</a>,
|
|
<a href="errata22.html">2.2</a>,
|
|
<a href="errata23.html">2.3</a>,
|
|
<a href="errata24.html">2.4</a>,
|
|
<a href="errata26.html">2.6</a>,
|
|
<a href="errata27.html">2.7</a>,
|
|
<a href="errata28.html">2.8</a>,
|
|
<a href="errata29.html">2.9</a>,
|
|
<a href="errata30.html">3.0</a>,
|
|
<a href="errata31.html">3.1</a>,
|
|
<a href="errata32.html">3.2</a>,
|
|
<a href="errata33.html">3.3</a>,
|
|
<a href="errata34.html">3.4</a>,
|
|
<a href="errata35.html">3.5</a>,
|
|
<a href="errata36.html">3.6</a>,
|
|
<br>
|
|
<a href="errata37.html">3.7</a>,
|
|
<a href="errata38.html">3.8</a>,
|
|
<a href="errata39.html">3.9</a>,
|
|
<a href="errata40.html">4.0</a>,
|
|
<a href="errata41.html">4.1</a>,
|
|
<a href="errata42.html">4.2</a>,
|
|
<a href="errata43.html">4.3</a>,
|
|
<a href="errata44.html">4.4</a>,
|
|
<a href="errata45.html">4.5</a>,
|
|
<a href="errata46.html">4.6</a>,
|
|
<a href="errata47.html">4.7</a>,
|
|
<a href="errata48.html">4.8</a>,
|
|
<a href="errata49.html">4.9</a>,
|
|
<a href="errata50.html">5.0</a>,
|
|
<a href="errata51.html">5.1</a>,
|
|
<a href="errata52.html">5.2</a>,
|
|
<br>
|
|
<a href="errata53.html">5.3</a>,
|
|
<a href="errata54.html">5.4</a>,
|
|
<a href="errata55.html">5.5</a>,
|
|
<a href="errata56.html">5.6</a>,
|
|
<a href="errata57.html">5.7</a>,
|
|
<a href="errata58.html">5.8</a>,
|
|
<a href="errata59.html">5.9</a>,
|
|
<a href="errata60.html">6.0</a>,
|
|
<a href="errata61.html">6.1</a>,
|
|
<a href="errata62.html">6.2</a>,
|
|
<a href="errata63.html">6.3</a>,
|
|
<a href="errata64.html">6.4</a>,
|
|
<a href="errata65.html">6.5</a>,
|
|
<a href="errata66.html">6.6</a>,
|
|
<a href="errata67.html">6.7</a>,
|
|
<a href="errata68.html">6.8</a>,
|
|
<br>
|
|
<a href="errata69.html">6.9</a>,
|
|
<a href="errata70.html">7.0</a>,
|
|
<a href="errata71.html">7.1</a>,
|
|
<a href="errata72.html">7.2</a>,
|
|
<a href="errata73.html">7.3</a>.
|
|
<hr>
|
|
|
|
<p>
|
|
Patches for the OpenBSD base system are distributed as unified diffs.
|
|
Each patch contains usage instructions.
|
|
All the following patches are also available in one
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5.tar.gz">tar.gz file</a>
|
|
for convenience.
|
|
|
|
<p>
|
|
Patches for supported releases are also incorporated into the
|
|
<a href="stable.html">-stable branch</a>.
|
|
|
|
<hr>
|
|
|
|
<ul>
|
|
|
|
<li id="cron">
|
|
<strong>001: SECURITY FIX: Aug 30, 1999</strong>
|
|
<i>All architectures</i><br>
|
|
In cron(8), make sure argv[] is NULL terminated in the fake popen() and
|
|
run sendmail as the user, not as root.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/012_cron.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="miscfs">
|
|
<strong>002: SECURITY FIX: Aug 12, 1999</strong>
|
|
<i>All architectures</i><br>
|
|
The procfs and fdescfs filesystems had an overrun in their handling
|
|
of uio_offset in their readdir() routines. (These filesystems are not
|
|
enabled by default).
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/011_miscfs.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="profil">
|
|
<strong>003: SECURITY FIX: Aug 9, 1999</strong>
|
|
<i>All architectures</i><br>
|
|
Stop profiling (see profil(2)) when we execve() a new process.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/010_profil.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="ipsec_in_use">
|
|
<strong>004: SECURITY FIX: Aug 6, 1999</strong>
|
|
<i>All architectures</i><br>
|
|
Packets that should have been handled by IPsec may be transmitted
|
|
as cleartext. PF_KEY SA expirations may leak kernel resources.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/009_ipsec_in_use.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="rc">
|
|
<strong>005: SECURITY FIX: Aug 5, 1999</strong>
|
|
<i>All architectures</i><br>
|
|
In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1)
|
|
to use -execdir.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/008_rc.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="chflags">
|
|
<strong>006: SECURITY FIX: Jul 30, 1999</strong>
|
|
<i>All architectures</i><br>
|
|
Do not permit regular users to chflags(2) or fchflags(2) on character or
|
|
block devices which they may currently be the owner of.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/007_chflags.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="nroff">
|
|
<strong>007: SECURITY FIX: Jul 27, 1999</strong>
|
|
<i>All architectures</i><br>
|
|
Cause groff(1) to be invoked with the -S flag, when called by nroff(1),
|
|
to avoid various groff features which may be security issues. On the
|
|
whole, this is not really a security issue, but it was discussed on
|
|
BUGTRAQ as if it is.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/006_nroff.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="fts">
|
|
<strong>008: RELIABILITY FIX: May 19, 1999</strong>
|
|
<i>All architectures</i><br>
|
|
Programs using fts(3) could dump core when given a directory structure
|
|
with a very large number of entries.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/005_fts.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="tcpsack">
|
|
<strong>009: RELIABILITY FIX: May 19, 1999</strong>
|
|
<i>All architectures</i><br>
|
|
Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in
|
|
failure to retransmit correctly.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/004_tcpsack.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="ipsec1">
|
|
<strong>010: RELIABILITY FIX</strong>
|
|
<i>All architectures</i><br>
|
|
Retransmitted TCP packets could get corrupted when flowing over an
|
|
IPSEC ESP tunnel.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/003_espdata.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="bmap">
|
|
<strong>011: RELIABILITY FIX</strong>
|
|
<i>All architectures</i><br>
|
|
A local user can crash the system by reading a file larger than 64meg
|
|
from an ext2fs partition.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/002_bmap.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="pfkey">
|
|
<strong>012: RELIABILITY FIX</strong>
|
|
<i>All architectures</i><br>
|
|
PF_KEY socket operations leak internal kernel resources, so that a
|
|
system running an IPsec key management daemon like photurisd or isakmpd
|
|
will cause the networking subsystem to stop working after a finite amount
|
|
of time.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/common/001_pfkey.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="y2k">
|
|
<strong>013: Y2K FIX: Aug 30, 1999</strong><br>
|
|
This patch corrects various OpenBSD/i386 2.5 problems with Y2K. The 2.6
|
|
release (released at 1 Dec 1999) has this problem solved. This patch is
|
|
just a workaround.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/i386/014_y2k.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="brooktree">
|
|
<strong>014: RELIABILITY FIX</strong><br>
|
|
If a user opened the brooktree device on a system where it did not exist,
|
|
the kernel crashed.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/i386/013_brooktree.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
<li id="macutils">
|
|
<strong>015: INSTALL PROBLEM</strong><br>
|
|
The mac68k install utils were mistakenly left off the CD and out of
|
|
the FTP install directories. These tools have now been added to the
|
|
FTP install directories. See
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils">
|
|
https://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils</a>
|
|
<p>
|
|
|
|
<li id="powerpc_trap">
|
|
<strong>016: RELIABILITY FIX</strong><br>
|
|
Two problems in the powerpc kernel trap handling cause severe system
|
|
unreliability.
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.5/powerpc/001_trap.patch">
|
|
A source code patch exists which remedies this problem.</a>
|
|
<p>
|
|
|
|
</ul>
|
|
|
|
<hr>
|