-
Notifications
You must be signed in to change notification settings - Fork 41
/
errata24.html
363 lines (327 loc) · 12.1 KB
/
errata24.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
<!doctype html>
<html lang=en id=errata>
<meta charset=utf-8>
<title>OpenBSD 2.4 Errata</title>
<meta name="description" content="the OpenBSD CD errata page">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/errata24.html">
<!--
IMPORTANT REMINDER
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE
-->
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
2.4 Errata
</h2>
<hr>
For errata on a certain release, click below:<br>
<a href="errata20.html">2.0</a>,
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata27.html">2.7</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>,
<a href="errata35.html">3.5</a>,
<a href="errata36.html">3.6</a>,
<br>
<a href="errata37.html">3.7</a>,
<a href="errata38.html">3.8</a>,
<a href="errata39.html">3.9</a>,
<a href="errata40.html">4.0</a>,
<a href="errata41.html">4.1</a>,
<a href="errata42.html">4.2</a>,
<a href="errata43.html">4.3</a>,
<a href="errata44.html">4.4</a>,
<a href="errata45.html">4.5</a>,
<a href="errata46.html">4.6</a>,
<a href="errata47.html">4.7</a>,
<a href="errata48.html">4.8</a>,
<a href="errata49.html">4.9</a>,
<a href="errata50.html">5.0</a>,
<a href="errata51.html">5.1</a>,
<a href="errata52.html">5.2</a>,
<br>
<a href="errata53.html">5.3</a>,
<a href="errata54.html">5.4</a>,
<a href="errata55.html">5.5</a>,
<a href="errata56.html">5.6</a>,
<a href="errata57.html">5.7</a>,
<a href="errata58.html">5.8</a>,
<a href="errata59.html">5.9</a>,
<a href="errata60.html">6.0</a>,
<a href="errata61.html">6.1</a>,
<a href="errata62.html">6.2</a>,
<a href="errata63.html">6.3</a>,
<a href="errata64.html">6.4</a>,
<a href="errata65.html">6.5</a>,
<a href="errata66.html">6.6</a>,
<a href="errata67.html">6.7</a>,
<a href="errata68.html">6.8</a>,
<br>
<a href="errata69.html">6.9</a>,
<a href="errata70.html">7.0</a>,
<a href="errata71.html">7.1</a>,
<a href="errata72.html">7.2</a>,
<a href="errata73.html">7.3</a>,
<a href="errata74.html">7.4</a>,
<a href="errata75.html">7.5</a>,
<a href="errata76.html">7.6</a>.
<hr>
<p>
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch contains usage instructions.
All the following patches are also available in one
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4.tar.gz">tar.gz file</a>
for convenience.
<p>
Patches for supported releases are also incorporated into the
<a href="stable.html">-stable branch</a>.
<hr>
<ul>
<li id="bmap">
<strong>001: RELIABILITY FIX</strong>
<i>All architectures</i><br>
A local user can crash the system by reading a file larger than 64meg
from an ext2fs partition.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/bmap.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="lnpanic">
<strong>002: RELIABILITY FIX</strong>
<i>All architectures</i><br>
A local user can crash the system because of a bug in the vfs layer.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/lnpanic.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="poll">
<strong>003: SECURITY FIX</strong>
<i>All architectures</i><br>
A machine crash is possible when playing with poll(2).
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/poll.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="nlink">
<strong>004: SECURITY FIX</strong>
<i>All architectures</i><br>
A machine crash is possible when playing with link(2) on FFS.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/nlink.patch">
A source code patch exists which remedies this problem.</a>
This is version four of the patch.
<p>
<li id="ping">
<strong>005: SECURITY FIX</strong>
<i>All architectures</i><br>
A buffer overflow existed in ping(8), which may have a security issue.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/ping.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="ipqrace">
<strong>006: SECURITY FIX</strong>
<i>All architectures</i><br>
A race condition in IP ipq handling could permit a remote crash.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/ipqrace.patch">
A source code patch exists which remedies this problem.</a>
<br>
It must be installed after <a href="errata24.html#maxqueue">the maxqueue patch</a>.
and <a href="errata24.html#tcpfix">the tcp decoding patch</a>.
<p>
<li id="accept">
<strong>007: SECURITY FIX</strong>
<i>All architectures</i><br>
A race condition existed between accept(2) and select(2) which could
permit an attacker to hang sockets from remote.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/accept.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="maxqueue">
<strong>008: SECURITY FIX</strong>
<i>All architectures</i><br>
IP fragment assembly can bog the machine excessively and cause problems.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/maxqueue.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="uio">
<strong>009: FUNCTIONALITY FIX</strong>
<i>All architectures</i><br>
The readv(2) and writev(2) system calls would not accept a <em>struct iovec</em>
with an <b>iov_len</b> of 0. This causes a db test in perl to fail.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/uio.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="rst">
<strong>010: SECURITY FIX</strong>
<i>All architectures</i><br>
TCP/IP RST handling was too sloppy.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/rst.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="kvm_mkdb">
<strong>011: FUNCTIONALITY FIX</strong>
<i>All architectures</i><br>
During bootup, kvm_mkdb may exit with the error "kvm_mkdb: cannot allocate
memory".
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/kvm_mkdb.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="nfs3_solaris7">
<strong>012: FUNCTIONALITY FIX</strong>
<i>All architectures</i><br>
A problem with writing to NFS version 3 mounted filesystems from Solaris 7
hosts exists. Attempts to create files will result in an error such as
"Inappropriate file type or format".
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/nfs3_solaris7.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="nfs3">
<strong>013: FUNCTIONALITY FIX</strong>
<i>All architectures</i><br>
A problem with NFS version 3 mounts on big endian machines (m68k, sparc
and powerpc) exists when mounting filesystems larger than 2gig. You
can see evidence of the bug by running df(1) and checking for negative
partition sizes.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/nfs3.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="termcap">
<strong>014: SECURITY FIX</strong>
<i>All architectures</i><br>
A security problem exists in the curses and ocurses libraries that affect
setuid programs linked with -lcurses or -locurses.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/termcap.patch">
A source code patch exists which remedies this problem.</a>
<br>
Precompiled versions of libcurses and libocurses exist for the
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/i386/curses.tar.gz">i386</a>
platform. Unpack it in /usr/lib.
<p>
<li id="terminfo">
<strong>015: FUNCTIONALITY FIX</strong>
<i>All architectures</i><br>
A workaround for an xterm problem that causes <b>vi</b> to not
restore the correct cursor position on exit.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/terminfo.src.patch">
A source code patch exists which remedies this problem.</a>
<br>
Alternately, you can also download a pre-compiled terminfo file to be
installed as <b>/usr/share/misc/terminfo.db</b>. For i386,
alpha and mips, use the
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/terminfo.db-LE.tar.gz">
little endian</a> version. For sparc, m68k and powerpc, use the
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/terminfo.db-BE.tar.gz">
big endian</a> version.
<p>
<li id="userdir">
<strong>016: FUNCTIONALITY FIX</strong>
<i>All architectures</i><br>
<b>userdir</b> support was accidentally left out of httpd(8).
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/userdir.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="bootpd">
<strong>017: SECURITY FIX</strong>
<i>All architectures</i><br>
A remotely exploitable problem exists in bootpd(8). bootpd is disabled
by default, but some people may actually be using it.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/bootpd.patch">
A source code patch exists which remedies this problem.</a>
This is the second version of the patch.
<p>
<li id="tcpfix">
<strong>018: SECURITY FIX</strong>
<i>All architectures</i><br>
A remote machine lockup problem exists in the TCP decoding code.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/tcpfix.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="tss">
<strong>019: SECURITY FIX</strong><br>
This is another fix for a kernel crash caused by the
<b>crashme</b> program.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/i386/tss.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="bootargv">
<strong>020: FUNCTIONALITY FIX</strong><br>
The kernel was using a fixed and hard-coded location for the arguments
vector passed from the <b>/boot</b> loader. This prevented
<b>/boot</b> from placing the boot arguments vector at any
other location, causing a kernel crash early in the autoconfiguration
stage. In 2.5, the bootblocks will be modified to use a new location.
Hence, if you wish old kernels to boot on a new bootblock, those
kernels will only work if they were linked with this patch.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/i386/bootargv.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="trctrap">
<strong>021: SECURITY FIX</strong><br>
i386 trace-trap handling when DDB was configured could cause a system
crash.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/i386/trctrap.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="installboot">
<strong>022: FUNCTIONALITY FIX</strong><br>
i386 installboot had a sign extension bug which prevented proper bootblock
initialization when the root filesystem was placed beyond 4GB.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/i386/installboot.patch">
A source code patch exists which remedies this problem.</a>
Unfortunately, updated 2.4 install floppies are not available. Just ensure
that your root filesystem is below 4GB, for now.
<p>
<li id="hme">
<strong>023: DRIVER FIX</strong><br>
The sparc hme(4) and be(4) drivers work poorly on some types of SS-20
machines. This is because those machines lie, saying they support 64-bit DMA
bursting. No sun4m machines support that.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/sparc/hme.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="le">
<strong>024: DRIVER FIX</strong><br>
The sparc le(4) driver does media changes incorrectly on one type of
sbus le(4) card.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/sparc/le.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="hp300X">
<strong>025: FUNCTIONALITY FIX</strong><br>
The Xhp as shipped does not have the execute permissions set. The fix is
'chmod 755 /usr/X11R6/bin/Xhp' if you have installed X.
<p>
</ul>
<hr>