=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.529 retrieving revision 1.530 diff -c -r1.529 -r1.530 *** www/errata.html 2005/03/30 17:18:51 1.529 --- www/errata.html 2005/03/30 18:07:08 1.530 *************** *** 75,85 ****

014: SECURITY FIX: March 30, 2005 All architectures
Due to buffer overflows in ! telnet(1) ! , a malicious server or man-in-the-middle attack could allow execution of arbitrary code with the privileges of the user invoking ! telnet(1) ! .
A source code patch exists which remedies this problem.
--- 75,86 ----

014: SECURITY FIX: March 30, 2005 All architectures
Due to buffer overflows in ! telnet(1), ! a malicious server or man-in-the-middle attack could allow execution of arbitrary code with the privileges of the user invoking ! telnet(1). ! (Noone should use telnet anymore. Please use ! ssh(1).
A source code patch exists which remedies this problem.
*************** *** 88,94 ****

013: RELIABILITY FIX: March 30, 2005 All architectures
Bugs in the ! tcp(4) stack can lead to memory exhaustion or processing of TCP segments with invalid SACK options and cause a system crash.
--- 89,95 ----

012: SECURITY FIX: March 16, 2005 amd64 only
More stringent checking should be done in the ! copy(9) functions to prevent their misuse.
--- 100,106 ----

012: SECURITY FIX: March 16, 2005 amd64 only
More stringent checking should be done in the ! copy(9) functions to prevent their misuse.
*************** *** 109,115 ****

011: SECURITY FIX: February 28, 2005 i386 only
More stringent checking should be done in the ! copy(9) functions to prevent their misuse.
--- 110,116 ----

011: SECURITY FIX: February 28, 2005 i386 only
More stringent checking should be done in the ! copy(9) functions to prevent their misuse.
*************** *** 119,125 ****

010: RELIABILITY FIX: January 11, 2005 All architectures
A bug in the ! tcp(4) stack allows an invalid argument to be used in calculating the TCP retransmit timeout. By sending packets with specific values in the TCP timestamp option, an attacker can cause a system panic. --- 120,126 ----

008: RELIABILITY FIX: January 6, 2005 All architectures
The ! getcwd(3) library function contains a memory management error, which causes failure to retrieve the current working directory if the path is very long.
--- 146,152 ----

007: SECURITY FIX: December 14, 2004 All architectures
On systems running ! isakmpd(8) it is possible for a local user to cause kernel memory corruption and system panic by setting ! ipsec(4) credentials on a socket.
--- 157,166 ----

006: RELIABILITY FIX: November 21, 2004 All architectures
Fix for transmit side breakage on macppc and mbuf leaks with ! xl(4).
A source code patch exists which remedies this problem.
--- 170,176 ----

005: RELIABILITY FIX: November 21, 2004 All architectures
Wrong calculation of NAT-D payloads may cause interoperability problems between ! isakmpd(8) and other ISAKMP/IKE implementations.
--- 179,185 ----

004: RELIABILITY FIX: November 10, 2004 All architectures
Due to a bug in ! lynx(1) it is possible for pages such as this to cause ! lynx(1) to exhaust memory and then crash when parsing such pages.
--- 189,199 ----

003: RELIABILITY FIX: November 10, 2004 All architectures
! pppd(8) contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
--- 202,208 ----

001: RELIABILITY FIX: November 10, 2004 All architectures
Fix detection of tape blocksize during device open. Corrects problem with ! restore(8).
A source code patch exists which remedies this problem.
--- 223,229 ----

www@openbsd.org !
$OpenBSD: errata.html,v 1.529 2005/03/30 17:18:51 brad Exp $ --- 257,263 ----

www@openbsd.org !
$OpenBSD: errata.html,v 1.530 2005/03/30 18:07:08 deraadt Exp $