OpenBSD 3.6 errata

=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.533 retrieving revision 1.534 diff -c -r1.533 -r1.534 *** www/errata.html 2005/04/28 21:04:36 1.533 --- www/errata.html 2005/05/17 16:21:21 1.534 *************** *** 1,7 **** ! OpenBSD 3.6 errata --- 1,7 ---- ! OpenBSD 3.7 errata *************** *** 15,21 ****

! This is the OpenBSD 3.6 release errata & patch list:

--- 15,21 ----

! This is the OpenBSD 3.7 release errata & patch list:

*************** *** 38,48 **** 3.2, 3.3, 3.4, ! 3.5.

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. --- 38,49 ---- 3.2, 3.3, 3.4, ! 3.5, ! 3.6.

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. *************** *** 54,255 **** consult the OpenBSD FAQ.

! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !

! 016: SECURITY FIX: April 28, 2005 All architectures
! Fix a buffer overflow, memory leaks, and NULL pointer dereference in ! cvs(1) ! . None of these issues are known to be exploitable. ! CAN-2005-0753 ! . !
! ! A source code patch exists which remedies this problem.
!
! !
! 015: RELIABILITY FIX: April 4, 2005 All architectures
! Handle an edge condition in ! tcp(4) ! timestamps. !
! ! A source code patch exists which remedies this problem.
!
! !
! 014: SECURITY FIX: March 30, 2005 All architectures
! Due to buffer overflows in ! telnet(1), ! a malicious server or man-in-the-middle attack could allow execution of ! arbitrary code with the privileges of the user invoking ! telnet(1). ! Noone should use telnet anymore. Please use ! ssh(1). !
! ! A source code patch exists which remedies this problem.
!
! !
! 013: RELIABILITY FIX: March 30, 2005 All architectures
! Bugs in the ! tcp(4) ! stack can lead to memory exhaustion or processing of TCP segments with ! invalid SACK options and cause a system crash. !
! ! A source code patch exists which remedies this problem.
!
! !
! 012: SECURITY FIX: March 16, 2005 amd64 only
! More stringent checking should be done in the ! copy(9) ! functions to prevent their misuse. !
! ! A source code patch exists which remedies this problem.
!
! !
! 011: SECURITY FIX: February 28, 2005 i386 only
! More stringent checking should be done in the ! copy(9) ! functions to prevent their misuse. !
! ! A source code patch exists which remedies this problem.
!
! !
! 010: RELIABILITY FIX: January 11, 2005 All architectures
! A bug in the ! tcp(4) ! stack allows an invalid argument to be used in calculating the TCP ! retransmit timeout. By sending packets with specific values in the TCP ! timestamp option, an attacker can cause a system panic. !
! ! A source code patch exists which remedies this problem.
!
! !
! 009: SECURITY FIX: January 12, 2005 All architectures
! httpd(8) ! 's mod_include module fails to properly validate the length of ! user supplied tag strings prior to copying them to a local buffer, ! causing a buffer overflow. !
! This would require enabling the XBitHack directive or server-side ! includes and making use of a malicious document. !
! ! A source code patch exists which remedies this problem.
!
! !
! 008: RELIABILITY FIX: January 6, 2005 All architectures
! The ! getcwd(3) ! library function contains a memory management error, which causes failure ! to retrieve the current working directory if the path is very long. !
! ! A source code patch exists which remedies this problem.
!
! !
! 007: SECURITY FIX: December 14, 2004 All architectures
! On systems running ! isakmpd(8) ! it is possible for a local user to cause kernel memory corruption ! and system panic by setting ! ipsec(4) ! credentials on a socket. !
! ! A source code patch exists which remedies this problem.
!
! !
! 006: RELIABILITY FIX: November 21, 2004 All architectures
! Fix for transmit side breakage on macppc and mbuf leaks with ! xl(4). !
! ! A source code patch exists which remedies this problem.
!
! !
! 005: RELIABILITY FIX: November 21, 2004 All architectures
! Wrong calculation of NAT-D payloads may cause interoperability problems between ! isakmpd(8) ! and other ISAKMP/IKE implementations. !
! ! A source code patch exists which remedies this problem.
! !
!
! 004: RELIABILITY FIX: November 10, 2004 All architectures
! Due to a bug in ! lynx(1) ! it is possible for pages such as ! this ! to cause ! lynx(1) ! to exhaust memory and then crash when parsing such pages. !
! ! A source code patch exists which remedies this problem.
!
! !
! 003: RELIABILITY FIX: November 10, 2004 All architectures
! pppd(8) ! contains a bug that allows an attacker to crash his own connection, but it cannot ! be used to deny service to other users. !
! ! A source code patch exists which remedies this problem.
!
! !
! 002: RELIABILITY FIX: November 10, 2004 All architectures
! BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in ! cases where IPv6 connectivity is non-existent. This results in unneccessary timeouts and ! thus slow DNS queries. !
! ! A source code patch exists which remedies this problem.
!
! !
! 001: RELIABILITY FIX: November 10, 2004 All architectures
! Fix detection of tape blocksize during device open. Corrects problem with ! restore(8). !
! ! A source code patch exists which remedies this problem.
!

--- 55,62 ---- consult the OpenBSD FAQ.

! There are no security patches for 3.7 at this time.
*************** *** 273,285 **** 3.2, 3.3, 3.4, ! 3.5.

www@openbsd.org !
$OpenBSD: errata.html,v 1.533 2005/04/28 21:04:36 brad Exp $ --- 80,93 ---- 3.2, 3.3, 3.4, ! 3.5, ! 3.6.

www@openbsd.org !
$OpenBSD: errata.html,v 1.534 2005/05/17 16:21:21 deraadt Exp $