-
Notifications
You must be signed in to change notification settings - Fork 42
/
errata27.html
553 lines (503 loc) · 20.9 KB
/
errata27.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
<!doctype html>
<html lang=en id=errata>
<meta charset=utf-8>
<title>OpenBSD 2.7 Errata</title>
<meta name="description" content="the OpenBSD CD errata page">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/errata27.html">
<!--
IMPORTANT REMINDER
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE
-->
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
2.7 Errata
</h2>
<hr>
For errata on a certain release, click below:<br>
<a href="errata20.html">2.0</a>,
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>,
<a href="errata35.html">3.5</a>,
<a href="errata36.html">3.6</a>,
<br>
<a href="errata37.html">3.7</a>,
<a href="errata38.html">3.8</a>,
<a href="errata39.html">3.9</a>,
<a href="errata40.html">4.0</a>,
<a href="errata41.html">4.1</a>,
<a href="errata42.html">4.2</a>,
<a href="errata43.html">4.3</a>,
<a href="errata44.html">4.4</a>,
<a href="errata45.html">4.5</a>,
<a href="errata46.html">4.6</a>,
<a href="errata47.html">4.7</a>,
<a href="errata48.html">4.8</a>,
<a href="errata49.html">4.9</a>,
<a href="errata50.html">5.0</a>,
<a href="errata51.html">5.1</a>,
<a href="errata52.html">5.2</a>,
<br>
<a href="errata53.html">5.3</a>,
<a href="errata54.html">5.4</a>,
<a href="errata55.html">5.5</a>,
<a href="errata56.html">5.6</a>,
<a href="errata57.html">5.7</a>,
<a href="errata58.html">5.8</a>,
<a href="errata59.html">5.9</a>,
<a href="errata60.html">6.0</a>,
<a href="errata61.html">6.1</a>,
<a href="errata62.html">6.2</a>,
<a href="errata63.html">6.3</a>,
<a href="errata64.html">6.4</a>,
<a href="errata65.html">6.5</a>,
<a href="errata66.html">6.6</a>,
<a href="errata67.html">6.7</a>,
<a href="errata68.html">6.8</a>,
<br>
<a href="errata69.html">6.9</a>,
<a href="errata70.html">7.0</a>,
<a href="errata71.html">7.1</a>,
<a href="errata72.html">7.2</a>,
<a href="errata73.html">7.3</a>,
<a href="errata74.html">7.4</a>,
<a href="errata75.html">7.5</a>,
<a href="errata76.html">7.6</a>.
<hr>
<p>
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch contains usage instructions.
All the following patches are also available in one
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7.tar.gz">tar.gz file</a>
for convenience.
<p>
Patches for supported releases are also incorporated into the
<a href="stable.html">-stable branch</a>.
<hr>
<ul>
<li id="ipf">
<strong>001: SECURITY FIX: May 25, 2000</strong>
<i>All architectures</i><br>
A misuse of ipf(8)
<i>keep-state</i> rules can result in firewall rules being bypassed.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/001_ipf.patch">
A source code patch exists which remedies this problem.</a>
It updates ipf to version 3.3.16.
<p>
<li id="ef">
<strong>002: DRIVER FIX: May 26, 2000</strong>
<i>All architectures</i><br>
The
<a href="https://man.openbsd.org/OpenBSD-2.7/ef.4">ef(4)</a>
driver will complain when adding an address with ifconfig
(ifconfig: SIOCAIFADDR: Invalid argument).<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/002_ef.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="bridge">
<strong>003: SECURITY FIX: May 26, 2000</strong>
<i>All architectures</i><br>
It is possible to bypass the <i>learning</i> flag on an interface if frames
go directly to the machine acting as a
<a href="https://man.openbsd.org/OpenBSD-2.7/bridge.4">bridge</a>.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/003_bridge.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="route">
<strong>004: RELIABILITY FIX: May 29, 2000</strong>
<i>All architectures</i><br>
Certain routing table modifications by the superuser could cause a system panic.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/004_route.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="ipopts">
<strong>005: RELIABILITY FIX: May 29, 2000</strong>
<i>All architectures</i><br>
Parse IPv4 options more carefully. It is not yet clear if this can even be used
to crash the machine remote or locally.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/005_ipopts.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="uselogin">
<strong>006: SECURITY FIX: June 6, 2000</strong>
<i>All architectures</i><br>
The non-default UseLogin feature in <b>/etc/sshd_config</b> is broken and should not
be used. On other operating systems, it results in a hole.<br>
Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
<p>
<li id="cd9660">
<strong>007: RELIABILITY FIX: June 8, 2000</strong>
<i>All architectures</i><br>
NFS exporting of CD filesystems caused a system panic.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/007_cd9660.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="msdosfs">
<strong>008: RELIABILITY FIX: June 8, 2000</strong>
<i>All architectures</i><br>
Some operations in msdosfs could result in a system panic.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/008_msdosfs.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="isakmpd">
<strong>009: SECURITY FIX: June 9, 2000</strong>
<i>All architectures</i><br>
A serious bug in isakmpd(8) policy handling wherein policy
verification could be completely bypassed in isakmpd.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/009_isakmpd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="amiga_cd">
<strong>010: CD DISTRIBUTION ERROR: June 15, 2000</strong><br>
On the 2.7 CD media, the <b>amiga</b> distribution contains two pairs of archives
files for installation, ie:
<pre>
-rw-r--r-- 1 root mirftp 20191465 Apr 29 14:27 base27.tar.gz
-rw-r--r-- 1 root mirftp 20291753 May 13 19:33 base27.tgz
-rw-r--r-- 1 root mirftp 13699507 Apr 29 14:26 comp27.tar.gz
-rw-r--r-- 1 root mirftp 13748096 May 13 19:33 comp27.tgz
-rw-r--r-- 1 root mirftp 1005376 Apr 29 14:26 etc27.tar.gz
-rw-r--r-- 1 root mirftp 1010772 May 13 19:33 etc27.tgz
-rw-r--r-- 1 root mirftp 2755567 Apr 29 14:26 game27.tar.gz
-rw-r--r-- 1 root mirftp 2755624 May 13 19:33 game27.tgz
-rw-r--r-- 1 root mirftp 5002872 Apr 29 14:26 man27.tar.gz
-rw-r--r-- 1 root mirftp 5038896 May 13 19:33 man27.tgz
-rw-r--r-- 1 root mirftp 1684356 Apr 29 14:26 misc27.tar.gz
-rw-r--r-- 1 root mirftp 1684381 May 13 19:33 misc27.tgz
</pre>
The installation script will list ALL of these files. For proper
operation one should install the <b>*.tgz</b> versions, and deselect
the <b>*.tar.gz</b> versions.<br>
The FTP area sets do not suffer from this problem.
<p>
<li id="if_an">
<strong>011: DRIVER BUG: June 17, 2000</strong><br>
The <a href="https://man.openbsd.org/OpenBSD-2.7/an.4">an(4)</a>
Aironet Communications 4500/4800 IEEE 802.11DS driver has a bug which prevents
<a href="https://man.openbsd.org/OpenBSD-2.7/ancontrol.8">ancontrol(8)</a> from working correctly, instead causing a panic.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/i386/011_an.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="dhclient">
<strong>012: SECURITY FIX: June 24, 2000</strong>
<i>All architectures</i><br>
A serious bug in dhclient(8) could allow strings from a malicious dhcp
server to be executed in the shell as root.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/012_dhclient.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="libedit">
<strong>013: SECURITY FIX: June 28, 2000</strong>
<i>All architectures</i><br>
libedit would check for a <b>.editrc</b> file in the current directory.
That behaviour is not nice; this does not turn into a security problem in
any real world situation that we know of, but a patch is available anyways.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/013_libedit.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="pcvt">
<strong>014: DRIVER BUG: June 30, 2000</strong><br>
The PC console driver (PCVT) has two bugs. Display problems can result if
reverse video mode is turned on or off twice in a row. This patch also
fixes a problem with scrolling region handling that has been seen by many
users trying to use the BitchX irc client with the screen program.<br>
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/i386/014_pcvt.patch">
A source code patch exists which remedies this problem.</a>
This is the second revision of the patch.
<p>
<li id="ste">
<strong>015: DRIVER BUG: June 30, 2000</strong><br>
The <a href="https://man.openbsd.org/OpenBSD-2.7/ste.4">ste(4)</a>
driver supporting Ethernet cards based on the Sundance ST201 chipset
(i.e., the D-Link 550TX) has a bug which causes the machine to panic at
boot-time.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/i386/015_ste.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="xlhash">
<strong>016: DRIVER BUG: July 2, 2000</strong><br>
The <a href="https://man.openbsd.org/OpenBSD-2.7/xl.4">xl(4)</a>
driver supporting various 3com cards, had a bug which prevented the multicast
filter from working correctly on the 3c905B, thus preventing many IPv6 things
from working.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/i386/016_xlhash.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="screen">
<strong>017: INSTALLATION FIX: July 3, 2000</strong>
<i>All architectures</i><br>
The screen package shipped with 2.7 does not install itself properly. The
existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to
screen-3.9.5.tgz.old and a replacement package has been provided under the
name screen-3.9.5p1.tgz.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/ports/017_screen.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="mopd">
<strong>018: SECURITY FIX: July 5, 2000</strong>
<i>All architectures</i><br>
Mopd contained a buffer overflow.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/018_mopd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="ftpd2">
<strong>019: SECURITY FIX: July 5, 2000</strong>
<i>All architectures</i><br>
Just like pretty much all the other unix ftp daemons on the planet,
ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default.
The problem exists if anonymous ftp is enabled.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/019_ftpd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="pmax_msgbuf">
<strong>020: KERNEL BUG: July 10, 2000</strong><br>
As originally shipped, the pmax port would fail to install due to
<b>/kern/msgbuf</b> bugs.<br>
The necessary fixes have been merged,
and the binaries needed re-released on the FTP site.<br>
However, the 2.7 <b>srcsys.tar.gz</b> file has not been updated.<br>
If you recompile a kernel, you should use either the
<a href=stable.html>stable release source tree</a> or apply the
provided patch to a 2.7 source tree.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/pmax/020_pmax_msgbuf.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="X11_libs">
<strong>021: SECURITY FIX: July 14, 2000</strong>
<i>All architectures</i><br>
Various problems in X11 libraries have various side effects. We provide a
jumbo patch to fix them.<p>
<ul>
<li><a href="http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-05-15&[email protected]">
Nasty X Server Dos</a><br>
This is fixed by the patch to <b>xc/programs/Xsever/os/secauth.c</b>.
<li><a href="http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-15&[email protected]">
Various nasty libX11 holes</a><br>
This is covered by the patches to <b>xc/lib/X11</b>.
<li><a href="http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-15&[email protected]">
libICE DoS</a><br>
This is covered by the patches to <b>xc/lib/ICE</b>.
<li><a href="http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=Pine.LNX.4.10.10004161835150.863-100000@localhost">
Server overflow</a><br>
This is covered by the patches to <b>xc/programs/Xserver/xkb</b>.
<br>
Note that the default OpenBSD install is not vulnerable to this, since
the XFree86 Xwrapper already has tests for bad arguments.
</ul>
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/021_X11_libs.patch">
A source code patch exists which remedies this problem.</a>
<b>Note 1:</b> tcl/tk is required to build X11 from source.<br>
<b>Note 2:</b> When re-building use the command
'make DESTDIR=/ build' or you will get an error in the last
step of the build (makewhatis). If you forget to set DESTDIR you can
ignore the build error. The whatis database will be rebuilt the next
time /etc/weekly runs.
<p>
<li id="mac68k_arandom">
<strong>022: INSTALLATION FIX: July 14, 2000</strong>
<br>
The MacOS installer shipped with OpenBSD 2.7 does not correctly make all
devices, specifically it does not make the <code>/dev/arandom</code> device
needed for the userland crypto such as ssh to work. The problem shows itself
when ssh-keygen fails to make RSA or DSA keys, resulting in messages like
<b>RSA-generate_keys failed</b> or <b>DSA-generate_keys failed</b>.
<br>
To work around this, once your machine is up and running run the following
commands as root:
<pre>
# cd /dev
# ./MAKEDEV arandom
</pre>
<p>
After doing this (and possibly installing one of the ssl27 packages),
reboot your machine and it will generate ssh keys correctly.
<p>
<li id="xlock">
<strong>023: SECURITY FIX: Aug 16, 2000</strong>
<i>All architectures</i><br>
A format string vulnerability exists in xlock. As a workaround which disables
its functionality, do
<pre>
# chmod u-s /usr/X11R6/bin/xlock
</pre>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/023_xlock.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="ipsec">
<strong>024: SECURITY FIX: Sep 18, 2000</strong>
<i>All architectures</i><br>
Bad ESP/AH packets could cause a crash under certain conditions.
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/024_ipsec.patch"><br>
A source code patch exists which remedies this problem.</a>
<p>
<li id="pw_error">
<strong>025: SECURITY FIX: Oct 3, 2000</strong>
<i>All architectures</i><br>
A format string vulnerability exists in the pw_error(3) function. This
manifests itself as a security hole in the chpass utility. As a workaround
which disables its functionality, do
<pre>
# chmod u-s /usr/bin/chpass
</pre>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/025_pw_error.patch">
A source code patch exists which remedies this problem.</a>
For more details, see the
<a href="advisories/pw_error.txt">OpenBSD advisory</a>.
<p>
<li id="talkd">
<strong>026: SECURITY FIX: Oct 6, 2000</strong>
<i>All architectures</i><br>
A format string vulnerability exists in talkd(8). It is not clear
yet what the impact is.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/026_talkd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="curses">
<strong>027: SECURITY FIX: Oct 6, 2000</strong>
<i>All architectures</i><br>
libcurses honored terminal descriptions in the $HOME/.terminfo directory
as well as in the TERMCAP environment variable for setuid and setgid
applications.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/027_curses.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="format_strings">
<strong>028: SECURITY FIX: Oct 6, 2000</strong>
<i>All architectures</i><br>
There are printf-style format string bugs in several privileged programs.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="sendmail">
<strong>029: RELIABILITY FIX: Oct 9, 2000</strong>
<i>All architectures</i><br>
There is a non-exploitable buffer overflow in sendmail's test mode.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/029_sendmail.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="telnetd">
<strong>030: SECURITY FIX: Oct 10, 2000</strong>
<i>All architectures</i><br>
The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH
and TERMCAP (when it starts with a '/') environment variables.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/030_telnetd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="httpd">
<strong>031: SECURITY FIX: Oct 18, 2000</strong>
<i>All architectures</i><br>
Apache has several bugs in <code>mod_rewrite</code> and <code>mod_vhost_alias</code>
that could cause arbitrary files accessible to the www user on the server
to be exposed under certain configurations when these modules are used.
(These modules are not active by default).
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/031_httpd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="xtrans">
<strong>032: SECURITY FIX: Oct 26, 2000</strong>
<i>All architectures</i><br>
There are two possibly exploitable potential buffer overflows in the X11
libraries using the xtrans code. One of these vulnerabilities was
reported to the
<a href="http://www.securityfocus.com/archive/1/139436">BUGTRAQ</a>
mailing list.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/032_xtrans.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="execsubr">
<strong>033: RELIABILITY FIX: Nov 6, 2000</strong>
<i>All architectures</i><br>
Invalid fields in the exec header could cause a crash.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/033_execsubr.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="zsconsole">
<strong>034: RELIABILITY FIX: Nov 10, 2000</strong><br>
When running a sparc with a serial console, certain types of interrupts would
cause great grief.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/sparc/034_zsconsole.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="sshforwarding">
<strong>035: SECURITY FIX: Nov 10, 2000</strong>
<i>All architectures</i><br>
Hostile servers can force OpenSSH clients to do agent or X11 forwarding.
This problem is fixed as of OpenSSH 2.3.0.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/035_sshforwarding.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="qe">
<strong>036: RELIABILITY FIX: Nov 17, 2000</strong><br>
Configuring a qec+qe causes a NMI panic.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/sparc/036_qe.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="ftpd">
<strong>037: SECURITY FIX: Dec 4, 2000</strong>
<i>All architectures</i><br>
OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/037_ftpd.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="sudo">
<strong>039: SECURITY FIX: Feb 22, 2001</strong>
<i>All architectures</i><br>
There is an exploitable heap corruption bug in
<a href="https://man.openbsd.org/OpenBSD-2.7/sudo.8">sudo</a>.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/038_named.patch">
A source code patch exists which remedies this problem.</a>
<p>
<li id="readline">
<strong>040: SECURITY FIX: Mar 18, 2001</strong>
<i>All architectures</i><br>
The readline library shipped with OpenBSD allows history files creation
with a permissive
<a href="https://man.openbsd.org/OpenBSD-2.7/umask.2">umask(2)</a>.
This can lead to the leakage of sensitive information in applications
that use passwords and the like during user interaction (one such
application is mysql). Additionally, if the HOME environment variable
is not set, the current working directory is used; this patch disables
the history file if HOME is not set.<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/040_readline.patch">
A source code patch exists which remedies this problem.</a>
<p>
</ul>
<hr>