www/errata23.html - diff

Return to errata23.html CVS log

Up to [local] / www

Diff for /www/errata23.html between version 1.66 and 1.67

version 1.66, 2014/10/02 14:34:45

version 1.67, 2015/02/14 04:36:51

Line 81

<hr>

<ul>

SECURITY FIX

All architectures

A remotely exploitable problem exists in bootpd(8). bootpd is disabled

Line 90

A source code patch exists which remedies this problem.</a>

This is the second version of the patch.

SECURITY FIX

All architectures

A remote machine lockup problem exists in the TCP decoding code.

A source code patch exists which remedies this problem.</a>

HARDWARE SUPPORT

All architectures

Some ATAPI cdroms which do not support the full mandatory command set,

Line 106

available here.</a>

SECURITY FIX

All architectures

Chpass(1) has a file descriptor leak which allows an

Line 114

A source code patch exists which remedies this problem.</a>

RELIABILITY FIX

All architectures

Calling readv(2) with iov_len < 0 or > INT_MAX would result in a

Line 122

A source code patch exists which remedies this problem.</a>

SECURITY FIX

All architectures

Inetd had a file descriptor leak. A patch is

available here.</a>

BUG FIX

All architectures

As shipped, unionfs had some serious problems.

A patch is available to solve this</a>.

SECURITY FIX

All architectures

Some non-allocated file descriptors have implied uses according to

Line 147

available here.</a>

SECURITY FIX

All architectures

A benign looking buffer overflow in the resolver routines was re-introduced

Line 156

available here.</a>

SECURITY FIX

All architectures

Vulnerabilities have been found in the X11, Xt, Xaw and Xmu

Line 172

The 2nd source patch</a> for these problems, specifically adapted to the

OpenBSD 2.3 X11 tree, is available now.

SECURITY FIX

All architectures

The kill(2) system call previously would permit a large set of signals to

Line 183

The fourth revision of a source code patch which solves the problem is

available.</a>

SECURITY FIX

All architectures

A possible new security problem exists if you rely on securelevels and

Line 194

A source code patch exists which remedies this problem.</a>

SECURITY FIX

All architectures

If IPSEC communication is attempted by starting photurisd(8) (which is

Line 203

A source code patch exists which remedies this problem.</a>

<li>SECURITY FIX

SECURITY FIX

All architectures

As stated in CERT advisory VB-98.04, there are buffer

overrun problems in xterm related to the input-Method,

Line 234

and

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/arc/Xawfix.tgz">arc</a>.

RELIABILITY FIX

The pctr(4) driver has bugs that permit any user to crash the machine,

if the CPU is not an Intel CPU. This problem has been properly fixed

Line 254

<li>SHA1 (ghostscript-5.10.tgz) = bd9374fa547ac0078d5207463d3b0a19d80d213c

</ul>

<li>RELIABILITY FIX

RELIABILITY FIX

The pcvt(4) console driver has a bug that can cause some keyboard

controllers to lock up when a key is pressed that toggles the status

of a keyboard LED (scroll lock, caps lock, etc). The problem is