http://www.vantronix.com/ OpenBSD Release Errata .vantronix en daily 1 1970-01-01T00:00+00:00 http://www.vantronix.com/ http://www.vantronix.com/pix/vantronix.png http://www.vantronix.com/support/errata/#errata39-023 OpenBSD 2007-04-26 An unhandled AltiVec assist exception can cause a kernel panic. A source code patch exists which remedies this problem. (http://www.openbsd.org/errata39.html#023_altivec) http://www.vantronix.com/support/errata/#errata39-022 OpenBSD 2007-04-23 IPv6 type 0 route headers can be used to mount a DoS attack against hosts and networks. This is a design flaw in IPv6 and not a bug in OpenBSD. A source code patch exists which remedies this problem. (http://www.openbsd.org/errata39.html#022_route6) http://www.vantronix.com/support/errata/#errata39-021 OpenBSD 2007-04-04 Multiple vulnerabilities have been discovered in X.Org. XC-MISC extension ProcXCMiscGetXIDList memory corruption vulnerability, BDFFont parsing integer overflow vulnerability, fonts.dir file parsing integer overflow vulnerability, multiple integer overflows in the XGetPixel() and XInitImage functions in ImUtil.c. CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667. (http://www.openbsd.org/errata39.html#021_xorg) http://www.vantronix.com/support/errata/#errata39-020 OpenBSD 2007-03-07 2nd revision, March 17, 2007 Incorrect mbuf handling for ICMP6 packets. Using pf(4) to avoid the problem packets is an effective workaround until the patch can be installed. Use "block in inet6" in /etc/pf.conf (http://www.openbsd.org/errata39.html#m_dup1) http://www.vantronix.com/support/errata/#errata39-019 OpenBSD 2007-02-04 A US daylight saving time rules change takes effect in 2007. (http://www.openbsd.org/errata39.html#timezone) http://www.vantronix.com/support/errata/#errata39-018 OpenBSD 2007-01-16 Under some circumstances, processing an ICMP6 echo request would cause the kernel to enter an infinite loop. (http://www.openbsd.org/errata39.html#icmp6) http://www.vantronix.com/support/errata/#errata39-016 OpenBSD 2006-11-19 The ELF ld.so(1) fails to properly sanitize the environment. There is a potential localhost security problem in cases we have not found yet. This patch applies to all ELF-based systems (m68k, m88k, and vax are a.out-based systems). (http://www.openbsd.org/errata39.html#ldso) http://www.vantronix.com/support/errata/#errata39-015 OpenBSD 2006-10-12 Fix 2 security bugs found in OpenSSH. A pre-authentication denial of service (found by Tavis Ormandy) that would cause sshd(8) to spin until the login grace time expired. An unsafe signal handler (found by Mark Dowd) that is vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. CVE-2006-4924, CVE-2006-5051 (http://www.openbsd.org/errata39.html#ssh) http://www.vantronix.com/support/errata/#errata39-014 OpenBSD 2006-10-07 Fix for an integer overflow in systrace(4)'s STRIOCREPLACE support, found by Chris Evans. This could be exploited for DoS, limited kmem reads or local privilege escalation. (http://www.openbsd.org/errata39.html#systrace) http://www.vantronix.com/support/errata/#errata39-013 OpenBSD 2006-10-07 Several problems have been found in OpenSSL. While parsing certain invalid ASN.1 structures an error condition is mishandled, possibly resulting in an infinite loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL pointer may be dereferenced in the SSL version 2 client code. In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used. CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-2940 (http://www.openbsd.org/errata39.html#openssl2) http://www.vantronix.com/support/errata/#errata39-012 OpenBSD 2006-10-07 httpd(8) does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks. CVE-2006-3918 (http://www.openbsd.org/errata39.html#httpd2) http://www.vantronix.com/support/errata/#errata39-011 OpenBSD 2006-09-08 Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for an attacker to construct an invalid signature which OpenSSL would accept as a valid PKCS#1 v1.5 signature. CVE-2006-4339 (http://www.openbsd.org/errata39.html#openssl) http://www.vantronix.com/support/errata/#errata39-010 OpenBSD 2006-09-08 Two Denial of Service issues have been found with BIND. An attacker who can perform recursive lookups on a DNS server and is able to send a sufficiently large number of recursive queries, or is able to get the DNS server to return more than one SIG(covered) RRsets can stop the functionality of the DNS service. An attacker querying an authoritative DNS server serving a RFC 2535 DNSSEC zone may be able to crash the DNS server. CVE-2006-4095 CVE-2006-4096 (http://www.openbsd.org/errata39.html#bind) http://www.vantronix.com/support/errata/#errata39-009 OpenBSD 2006-09-02 Due to the failure to correctly validate LCP configuration option lengths, it is possible for an attacker to send LCP packets via an sppp(4) connection causing the kernel to panic. CVE-2006-4304 (http://www.openbsd.org/errata39.html#sppp) http://www.vantronix.com/support/errata/#errata39-008 OpenBSD 2006-08-25 A problem in isakmpd(8) caused IPsec to run partly without replay protection. If isakmpd(8) was acting as responder during SA negotiation, SA's with a replay window of size 0 were created. An attacker could reinject sniffed IPsec packets, which will be accepted without checking the replay counter. (http://www.openbsd.org/errata39.html#isakmpd) http://www.vantronix.com/support/errata/#errata39-007 OpenBSD 2006-08-25 It is possible to cause the kernel to panic when more than the default number of sempahores have been allocated. (http://www.openbsd.org/errata39.html#sem) http://www.vantronix.com/support/errata/#errata39-006 OpenBSD 2006-08-25 Due to an off-by-one error in dhcpd(8), it is possible to cause dhcpd(8) to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option. CVE-2006-3122 (http://www.openbsd.org/errata39.html#dhcpd) http://www.vantronix.com/support/errata/#errata39-005 OpenBSD 2006-08-25 A potential denial of service problem has been found in sendmail. A message with really long header lines could trigger a use-after-free bug causing sendmail to crash. (http://www.openbsd.org/errata39.html#sendmail3) http://www.vantronix.com/support/errata/#errata39-004 OpenBSD 2006-07-30 httpd(8)'s mod_rewrite has a potentially exploitable off-by-one buffer overflow. The buffer overflow may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. The default install is not affected by the buffer overflow. CVE-2006-3747 (http://www.openbsd.org/errata39.html#httpd) http://www.vantronix.com/support/errata/#errata39-003 OpenBSD 2006-06-15 A potential denial of service problem has been found in sendmail. A malformed MIME message could trigger excessive recursion which will lead to stack exhaustion. This denial of service attack only affects delivery of mail from the queue and delivery of a malformed message. Other incoming mail is still accepted and delivered. However, mail messages in the queue may not be reattempted if a malformed MIME message exists. (http://www.openbsd.org/errata39.html#sendmail2) http://www.vantronix.com/support/errata/#errata39-002 OpenBSD 2006-05-02 A security vulnerability has been found in the X.Org server -- CVE-2006-1526. Clients authorized to connect to the X server are able to crash it and to execute malicious code within the X server. (http://www.openbsd.org/errata39.html#xorg) http://www.vantronix.com/support/errata/#errata39-001 OpenBSD 2006-03-25 A race condition has been reported to exist in the handling by sendmail of asynchronous signals. A remote attacker may be able to execute arbitrary code with the privileges of the user running sendmail, typically root. This is the second revision of this patch. (http://www.openbsd.org/errata39.html#sendmail)