=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata23.html,v retrieving revision 1.63 retrieving revision 1.64 diff -c -r1.63 -r1.64 *** www/errata23.html 2014/03/31 04:11:40 1.63 --- www/errata23.html 2014/03/31 16:02:48 1.64 *************** *** 77,83 ****

! SECURITY FIX All architectures
A remotely exploitable problem exists in bootpd(8). bootpd is disabled by default, but some people may actually be using it. --- 77,84 ----
- ! SECURITY FIX ! All architectures
  A remotely exploitable problem exists in bootpd(8). bootpd is disabled by default, but some people may actually be using it. *************** *** 85,97 **** This is the second version of the patch.
- ! SECURITY FIX All architectures
  A remote machine lockup problem exists in the TCP decoding code. A source code patch exists which remedies this problem.
- ! HARDWARE SUPPORT All architectures
  Some ATAPI cdroms which do not support the full mandatory command set, (e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. A patch is --- 86,100 ---- This is the second version of the patch.
- ! SECURITY FIX ! All architectures
  A remote machine lockup problem exists in the TCP decoding code. A source code patch exists which remedies this problem.
- ! HARDWARE SUPPORT ! All architectures
  Some ATAPI cdroms which do not support the full mandatory command set, (e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. A patch is *************** *** 99,131 **** available here.
- ! SECURITY FIX All architectures
  Chpass(1) has a file descriptor leak which allows an attacker to modify /etc/master.passwd. A source code patch exists which remedies this problem.
- ! RELIABILITY FIX All architectures
  Calling readv(2) with iov_len < 0 or > INT_MAX would result in a kernel panic. This is the third revision of this patch. A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  Inetd had a file descriptor leak. A patch is available here.
- ! BUG FIX All architectures
  As shipped, unionfs had some serious problems. A patch is available to solve this.
- ! SECURITY FIX All architectures
  Some non-allocated file descriptors have implied uses according to system libraries, and hence setuid and setgid processes should not be executed with these descriptors unallocated. A patch which forces --- 102,139 ---- available here.
- ! SECURITY FIX ! All architectures
  Chpass(1) has a file descriptor leak which allows an attacker to modify /etc/master.passwd. A source code patch exists which remedies this problem.
- ! RELIABILITY FIX ! All architectures
  Calling readv(2) with iov_len < 0 or > INT_MAX would result in a kernel panic. This is the third revision of this patch. A source code patch exists which remedies this problem.
- ! SECURITY FIX ! All architectures
  Inetd had a file descriptor leak. A patch is available here.
- ! BUG FIX ! All architectures
  As shipped, unionfs had some serious problems. A patch is available to solve this.
- ! SECURITY FIX ! All architectures
  Some non-allocated file descriptors have implied uses according to system libraries, and hence setuid and setgid processes should not be executed with these descriptors unallocated. A patch which forces *************** *** 135,141 **** available here.
- ! SECURITY FIX All architectures
  A benign looking buffer overflow in the resolver routines was re-introduced accidentally. The previously fixed behaviour is more correct. A patch to fix this is --- 143,150 ---- available here.
- ! SECURITY FIX ! All architectures
  A benign looking buffer overflow in the resolver routines was re-introduced accidentally. The previously fixed behaviour is more correct. A patch to fix this is *************** *** 143,149 **** available here.
- ! SECURITY FIX All architectures
  Vulnerabilities have been found in the X11, Xt, Xaw and Xmu libraries. These affect xterm and all other setuid-root programs that use these libraries. The problems are associated with buffer overflows --- 152,159 ---- available here.
- ! SECURITY FIX ! All architectures
  Vulnerabilities have been found in the X11, Xt, Xaw and Xmu libraries. These affect xterm and all other setuid-root programs that use these libraries. The problems are associated with buffer overflows *************** *** 158,164 **** OpenBSD 2.3 X11 tree, is available now.
- ! SECURITY FIX All architectures
  The kill(2) system call previously would permit a large set of signals to be delivered to setuid or setgid processes. If such processes were using those signals in dubious ways, this could have resulted in security --- 168,175 ---- OpenBSD 2.3 X11 tree, is available now.
- ! SECURITY FIX ! All architectures
  The kill(2) system call previously would permit a large set of signals to be delivered to setuid or setgid processes. If such processes were using those signals in dubious ways, this could have resulted in security *************** *** 168,174 **** available.
- ! SECURITY FIX All architectures
  A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices. The fix does not permit mmap'ing of immutable or append-only files which are otherwise --- 179,186 ---- available.
- ! SECURITY FIX ! All architectures
  A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices. The fix does not permit mmap'ing of immutable or append-only files which are otherwise *************** *** 178,184 **** A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  If IPSEC communication is attempted by starting photurisd(8) (which is disabled by default), a system crash may be evoked from remote if an attacker uses some classes of invalid packets. --- 190,197 ---- A source code patch exists which remedies this problem.
- ! SECURITY FIX ! All architectures
  If IPSEC communication is attempted by starting photurisd(8) (which is disabled by default), a system crash may be evoked from remote if an attacker uses some classes of invalid packets. *************** *** 186,192 **** A source code patch exists which remedies this problem.
  !
- SECURITY FIX All architectures
  As stated in CERT advisory VB-98.04, there are buffer overrun problems in xterm related to the input-Method, preeditType, and *Keymap resources. Additional buffer overruns exist in --- 199,206 ---- A source code patch exists which remedies this problem.
  !
- SECURITY FIX ! All architectures
  As stated in CERT advisory VB-98.04, there are buffer overrun problems in xterm related to the input-Method, preeditType, and *Keymap resources. Additional buffer overruns exist in