Custom Search

Saturday, November 22, 2003

Getting Used to Patching

Getting used to patching now, I guess. Not as scary as
it was in the beginning. Applied 2 patches tonight to
my old Toshiba laptop, still running OpenBSD 3.3, & I
know it won't be too long before I'll have to upgrade
the system when 3.5 comes out, but for now I'm putting
it off. They have moved from a.out to ELF & I hate the
thought of uninstalling so much stuff including the Bash
shell and then having to reinstall it all. I'll probably
wipe everything out & start over, & then get my old saved
stuff, email & so forth from backup. Below is the stuff I
copied from

http://www.securitytracker.com/alerts/2003/Nov/1008271.html

concerning the 2 patches applied tonight:

OpenBSD semctl() and semop() Bugs Let Local Users Crash
the System

Version(s): OpenBSD 3.3, 3.4
Description: A buffer overflow vulnerability was reported
in the OpenBSD in semctl() and semop() functions. A local
user can cause the kernel to crash.

It is reported that a local user can supply specially
crafted arguments to the semctl(2) or semop(2) system
calls to cause the system to crash. The flaw is reportedly
due to improper bounds checking in 'sysv_sem.c'.
Impact: A local user can cause the system to crash.
Solution: OpenBSD has issued the following fixes:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/008_
sem.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_
sem.patch
Vendor URL: www.openbsd.org/ (Links to External Site)
Cause: Boundary error
Underlying OS: UNIX (OpenBSD)
OS Comments: 3.3, 3.4
Message History: None.
========================
Date: Fri, 21 Nov 2003 00:15:18 -0500
Subject: OpenBSD bugs

 > 008: RELIABILITY FIX: November 20, 2003
 > An improper bounds check makes it possible for
a local user to cause a crash by passing the semctl(2)
and semop(2) functions certain arguments.
 > A source code patch exists which remedies the
problem.

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/008_
sem.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_
sem.patch

 > 007: RELIABILITY FIX: November 20, 2003
 > It is possible for a local user to cause a crash
via sysctl(3) with certain arguments.
 > A source code patch exists which remedies the
problem.

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/007_
uvm.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_
uvm.patch