OpenBSD Errata

006_dhcpd: RELIABILITY FIX

Wed, 19 Nov 2008 00:00:00 -0500

Due to changes in the options handling this caused problems with some DHCP clients such as Solaris/OpenSolaris and some embedded routers not accepting DHCP offers.
A source code patch exists which remedies this problem.

005_pglistalloc: RELIABILITY FIX

Fri, 07 Nov 2008 00:00:00 -0500

A software bug could cause memory allocation to cause a kernel panic accessing an array out of its bounds, when physical memory is exhausted.
A source code patch exists which remedies this problem.

004_httpd: RELIABILITY FIX

Thu, 06 Nov 2008 00:00:00 -0500

Fix httpd(8)'s mod_proxy module which is broken on 64-bit architectures. Due to the bug this will result in child processes crashing when utilizing proxy rules during an HTTP session.
A source code patch exists which remedies this problem.

003_tcpinput: RELIABILITY FIX

Thu, 06 Nov 2008 00:00:00 -0500

Fix the IPv4 TCP/IP stack's TIME_WAIT socket recycling. Due to the bug this can result in TCP connections between two IPs being reset instead of accepted if being received on a socket in the TIME_WAIT state.
A source code patch exists which remedies this problem.

002_vr: RELIABILITY FIX

Sun, 02 Nov 2008 00:00:00 -0400

Due to a bug in the vr(4) driver it is possible for a system using the vr(4) driver to panic under heavy load if the RX path runs out of mbufs.
A source code patch exists which remedies this problem.

001_ndp: SECURITY FIX

Sun, 02 Nov 2008 00:00:00 -0400

The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor solicitation requests maybe allowing a nearby attacker to intercept traffic. The attacker must have IPv6 connectivity to the same router as their target for this vulnerability to be exploited. CVE-2008-2476.
A source code patch exists which remedies this problem.