.vantronix - .vantronix | secure systems GmbH (en)

.vantronix Products

Become a Partner

OpenBSD inside

Service & Support

OpenSourceTag 2006

Intelligent Networking

Errata

Security-, bug-, and maintenance-fixes are published in the .vantronix release errata. It is also possible to subscribe to the .vantronix ChangeLog and OpenBSD Errata XML feeds provided as RDF Site Summary files.

ChangeLog

4.0p6-012 MEDIUM CRITICAL UPDATE
3.9p5-015 CRITICAL UPDATE
3.9p5-012 MEDIUM CRITICAL UPDATE
3.9p5-011 CRITICAL UPDATE
3.9p5-005 CRITICAL UPDATE
3.9p5 MAINTENANCE UPDATE
3.9p4 MAINTENANCE UPDATE
3.9p3-004 CRITICAL UPDATE

2007-05-12	4.0p6-012 MEDIUM CRITICAL UPDATE
Sync with OpenBSD errata fixes, fix IPv6 security problems (already installed): SECURITY FIX 012, SECURITY FIX 010. RELIABILITY FIX 008. (Reyk Floeter)
2006-10-16	3.9p5-015 CRITICAL UPDATE
Upgrade to OpenSSH 4.4, sync with OpenBSD errata fixes: SECURITY FIX 015, SECURITY FIX 014. SECURITY FIX 013. (Reyk Floeter)
2006-09-28	3.9p5-012 MEDIUM CRITICAL UPDATE
httpd(8) did not sanitize the Expect header from an HTTP request when it was reflected back in an error message, which might allowed cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests. CVE-2006-3918 Addendum: OpenBSD errata fix is now available: SECURITY FIX 012. (Reyk Floeter)
2006-09-09	3.9p5-011 CRITICAL UPDATE
Sync with OpenBSD errata fixes: SECURITY FIX 011, SECURITY FIX 010. (Reyk Floeter)
2006-09-02	3.9p5-005 CRITICAL UPDATE
Sync with OpenBSD errata fixes: SECURITY FIX 009, SECURITY FIX 008, SECURITY FIX 007, SECURITY FIX 006, SECURITY FIX 005. (Reyk Floeter)
2006-08-08	3.9p5 MAINTENANCE UPDATE
Fix crash with "write export network" (closes #2006080310000012), add "service register" command for custom services, add "service pflog-agent" command for pflogd, special handling for network interfaces pflog0 and enc0, add "time zone" command and display the time zone in "show time", fix "interface shutdown" node handler. (Reyk Floeter)
2006-08-02	3.9p4 MAINTENANCE UPDATE
pf tables fixes (user configuration was denied due to a wrong flag). (Reyk Floeter)
2006-07-30	3.9p3-004 CRITICAL UPDATE
Sync with OpenBSD errata fix: SECURITY FIX 004. CLI maintenance updates: Add hostate-server, host-state and show host-states. (Reyk Floeter)

OpenBSD 4.0 Release Errata

2007-10-10	SECURITY FIX 017 (All architectures)
The SSL_get_shared_ciphers() function in OpenSSL contains an off-by-one overflow. (OpenBSD)
2007-10-08	SECURITY FIX 016 (All architectures)
Malicious DHCP clients could cause dhcpd(8) to corrupt its stack A DHCP client that claimed to require a maximum message size less than the minimum IP MTU could cause dhcpd(8) to overwrite stack memory. (OpenBSD)
2007-07-09	SECURITY FIX 015 (All Architectures)
Fix possible heap overflow in file(1), aka CVE-2007-1536. A source code patch exists which remedies this problem. (OpenBSD)
2007-05-09	STABILITY FIX 014 (All Architectures)
A malicious client can cause a division by zero. A source code patch exists which remedies this problem. (OpenBSD)
2007-04-26	STABILITY FIX 013 (PowerPC)
An unhandled AltiVec assist exception can cause a kernel panic. A source code patch exists which remedies this problem. (OpenBSD)
2007-04-23	SECURITY FIX 012 (All architectures)
IPv6 type 0 route headers can be used to mount a DoS attack against hosts and networks. This is a design flaw in IPv6 and not a bug in OpenBSD. A source code patch exists which remedies this problem. (OpenBSD)
2007-04-04	SECURITY FIX 011 (All architectures)
Multiple vulnerabilities have been discovered in X.Org. XC-MISC extension ProcXCMiscGetXIDList memory corruption vulnerability, BDFFont parsing integer overflow vulnerability, fonts.dir file parsing integer overflow vulnerability, multiple integer overflows in the XGetPixel() and XInitImage functions in ImUtil.c. CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667. (OpenBSD)
2007-03-07	SECURITY FIX 010 (All architectures)
2nd revision, March 17, 2007 Incorrect mbuf handling for ICMP6 packets. Using pf(4) to avoid the problem packets is an effective workaround until the patch can be installed. Use "block in inet6" in /etc/pf.conf (OpenBSD)
2007-02-04	INTEROPERABILITY FIX 009 (All architectures)
A US daylight saving time rules change takes effect in 2007. (OpenBSD)
2007-01-16	RELIABILITY FIX 008 (All architectures)
Under some circumstances, processing an ICMP6 echo request would cause the kernel to enter an infinite loop. (OpenBSD)
2006-12-04	FTP DISTRIBUTION ERROR 006 (All architectures)
The src.tar.gz and ports.tar.gz archives released on FTP were created incorrectly, a week after the 4.0 release. The archives on the CD sets are correct; this only affects people who downloaded them from a mirror. (OpenBSD)
2006-11-19	SECURITY FIX 005 (All architectures)
The ELF ld.so(1) fails to properly sanitize the environment. There is a potential localhost security problem in cases we have not found yet. This patch applies to all ELF-based systems (m68k, m88k, and vax are a.out-based systems). (OpenBSD)
2006-11-07	RELIABILITY FIX 004 (All architectures)
Due to a bug in the arc(4) RAID driver the driver will not properly synchronize the cache to the logical volumes upon system shut down. The result being that the mounted file systems within the logical volumes will not be properly marked as being clean and fsck will be run for the subsequent boot up. (OpenBSD)
2006-11-04	SECURITY FIX 003 (All architectures)
Fix for an integer overflow in systrace(4)'s STRIOCREPLACE support, found by Chris Evans. This could be exploited for DoS, limited kmem reads or local privilege escalation. (OpenBSD)
2006-11-04	SECURITY FIX 002 (All architectures)
Several problems have been found in OpenSSL. While parsing certain invalid ASN.1 structures an error condition is mishandled, possibly resulting in an infinite loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL pointer may be dereferenced in the SSL version 2 client code. In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used. CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-2940 (OpenBSD)
2006-11-04	SECURITY FIX 001 (All architectures)
httpd(8) does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks. CVE-2006-3918 (OpenBSD)

OpenBSD 3.9 Release Errata

2007-04-26	STABILITY FIX 023 (PowerPC)
An unhandled AltiVec assist exception can cause a kernel panic. A source code patch exists which remedies this problem. (OpenBSD)
2007-04-23	SECURITY FIX 022 (All architectures)
IPv6 type 0 route headers can be used to mount a DoS attack against hosts and networks. This is a design flaw in IPv6 and not a bug in OpenBSD. A source code patch exists which remedies this problem. (OpenBSD)
2007-04-04	SECURITY FIX 021 (All architectures)
Multiple vulnerabilities have been discovered in X.Org. XC-MISC extension ProcXCMiscGetXIDList memory corruption vulnerability, BDFFont parsing integer overflow vulnerability, fonts.dir file parsing integer overflow vulnerability, multiple integer overflows in the XGetPixel() and XInitImage functions in ImUtil.c. CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667. (OpenBSD)
2007-03-07	SECURITY FIX 020 (All architectures)
2nd revision, March 17, 2007 Incorrect mbuf handling for ICMP6 packets. Using pf(4) to avoid the problem packets is an effective workaround until the patch can be installed. Use "block in inet6" in /etc/pf.conf (OpenBSD)
2007-02-04	INTEROPERABILITY FIX 019 (All architectures)
A US daylight saving time rules change takes effect in 2007. (OpenBSD)
2007-01-16	RELIABILITY FIX 018 (All architectures)
Under some circumstances, processing an ICMP6 echo request would cause the kernel to enter an infinite loop. (OpenBSD)
2006-11-19	SECURITY FIX 016 (All architectures)
The ELF ld.so(1) fails to properly sanitize the environment. There is a potential localhost security problem in cases we have not found yet. This patch applies to all ELF-based systems (m68k, m88k, and vax are a.out-based systems). (OpenBSD)
2006-10-12	SECURITY FIX 015 (All architectures)
Fix 2 security bugs found in OpenSSH. A pre-authentication denial of service (found by Tavis Ormandy) that would cause sshd(8) to spin until the login grace time expired. An unsafe signal handler (found by Mark Dowd) that is vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. CVE-2006-4924, CVE-2006-5051 (OpenBSD)
2006-10-07	SECURITY FIX 014 (All architectures)
Fix for an integer overflow in systrace(4)'s STRIOCREPLACE support, found by Chris Evans. This could be exploited for DoS, limited kmem reads or local privilege escalation. (OpenBSD)
2006-10-07	SECURITY FIX 013 (All architectures)
Several problems have been found in OpenSSL. While parsing certain invalid ASN.1 structures an error condition is mishandled, possibly resulting in an infinite loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL pointer may be dereferenced in the SSL version 2 client code. In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used. CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-2940 (OpenBSD)
2006-10-07	SECURITY FIX 012 (All architectures)
httpd(8) does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks. CVE-2006-3918 (OpenBSD)
2006-09-08	SECURITY FIX 011 (All architectures)
Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for an attacker to construct an invalid signature which OpenSSL would accept as a valid PKCS#1 v1.5 signature. CVE-2006-4339 (OpenBSD)
2006-09-08	SECURITY FIX 010 (All architectures)
Two Denial of Service issues have been found with BIND. An attacker who can perform recursive lookups on a DNS server and is able to send a sufficiently large number of recursive queries, or is able to get the DNS server to return more than one SIG(covered) RRsets can stop the functionality of the DNS service. An attacker querying an authoritative DNS server serving a RFC 2535 DNSSEC zone may be able to crash the DNS server. CVE-2006-4095 CVE-2006-4096 (OpenBSD)
2006-09-02	SECURITY FIX 009 (All architectures)
Due to the failure to correctly validate LCP configuration option lengths, it is possible for an attacker to send LCP packets via an sppp(4) connection causing the kernel to panic. CVE-2006-4304 (OpenBSD)
2006-08-25	SECURITY FIX 008 (All architectures)
A problem in isakmpd(8) caused IPsec to run partly without replay protection. If isakmpd(8) was acting as responder during SA negotiation, SA's with a replay window of size 0 were created. An attacker could reinject sniffed IPsec packets, which will be accepted without checking the replay counter. (OpenBSD)
2006-08-25	SECURITY FIX 007 (All architectures)
It is possible to cause the kernel to panic when more than the default number of sempahores have been allocated. (OpenBSD)
2006-08-25	SECURITY FIX 006 (All architectures)
Due to an off-by-one error in dhcpd(8), it is possible to cause dhcpd(8) to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option. CVE-2006-3122 (OpenBSD)
2006-08-25	SECURITY FIX 005 (All architectures)
A potential denial of service problem has been found in sendmail. A message with really long header lines could trigger a use-after-free bug causing sendmail to crash. (OpenBSD)
2006-07-30	SECURITY FIX 004 (All architectures)
httpd(8)'s mod_rewrite has a potentially exploitable off-by-one buffer overflow. The buffer overflow may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. The default install is not affected by the buffer overflow. CVE-2006-3747 (OpenBSD)
2006-06-15	SECURITY FIX 003 (All architectures)
A potential denial of service problem has been found in sendmail. A malformed MIME message could trigger excessive recursion which will lead to stack exhaustion. This denial of service attack only affects delivery of mail from the queue and delivery of a malformed message. Other incoming mail is still accepted and delivered. However, mail messages in the queue may not be reattempted if a malformed MIME message exists. (OpenBSD)
2006-05-02	SECURITY FIX 002 (All architectures)
A security vulnerability has been found in the X.Org server -- CVE-2006-1526. Clients authorized to connect to the X server are able to crash it and to execute malicious code within the X server. (OpenBSD)
2006-03-25	SECURITY FIX 001 (All architectures)
A race condition has been reported to exist in the handling by sendmail of asynchronous signals. A remote attacker may be able to execute arbitrary code with the privileges of the user running sendmail, typically root. This is the second revision of this patch. (OpenBSD)

deutsch

english