=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata24.html,v retrieving revision 1.46 retrieving revision 1.47 diff -c -r1.46 -r1.47 *** www/errata24.html 2010/03/08 21:53:37 1.46 --- www/errata24.html 2010/07/08 19:00:07 1.47 *************** *** 53,59 ****

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. --- 53,59 ----

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. *************** *** 69,106 **** RELIABILITY FIX
A local user can crash the system by reading a file larger than 64meg from an ext2fs partition. ! A source code patch exists which remedies this problem.

RELIABILITY FIX
A local user can crash the system because of a bug in the vfs layer. ! A source code patch exists which remedies this problem.

SECURITY FIX
A machine crash is possible when playing with poll(2). ! A source code patch exists which remedies this problem.

SECURITY FIX
A machine crash is possible when playing with link(2) on FFS. ! A source code patch exists which remedies this problem. This is version four of the patch.

SECURITY FIX
A buffer overflow existed in ping(8), which may have a security issue. ! A source code patch exists which remedies this problem.

SECURITY FIX
A race condition in IP ipq handling could permit a remote crash. ! A source code patch exists which remedies this problem. It must be installed after the maxqueue patch. and the tcp decoding patch. --- 69,106 ---- RELIABILITY FIX
A local user can crash the system by reading a file larger than 64meg from an ext2fs partition. ! A source code patch exists which remedies this problem.

RELIABILITY FIX
A local user can crash the system because of a bug in the vfs layer. ! A source code patch exists which remedies this problem.

SECURITY FIX
A machine crash is possible when playing with poll(2). ! A source code patch exists which remedies this problem.

SECURITY FIX
A machine crash is possible when playing with link(2) on FFS. ! A source code patch exists which remedies this problem. This is version four of the patch.

SECURITY FIX
A buffer overflow existed in ping(8), which may have a security issue. ! A source code patch exists which remedies this problem.

SECURITY FIX
A race condition in IP ipq handling could permit a remote crash. ! A source code patch exists which remedies this problem. It must be installed after the maxqueue patch. and the tcp decoding patch. *************** *** 109,141 **** SECURITY FIX
A race condition existed between accept(2) and select(2) which could permit an attacker to hang sockets from remote. ! A source code patch exists which remedies this problem.

SECURITY FIX
IP fragment assembly can bog the machine excessively and cause problems. ! A source code patch exists which remedies this problem.

FUNCTIONALITY FIX
The readv(2) and writev(2) system calls would not accept a struct iovec with an iov_len of 0. This causes a db test in perl to fail. ! A source code patch exists which remedies this problem.

SECURITY FIX
TCP/IP RST handling was too sloppy. ! A source code patch exists which remedies this problem.

FUNCTIONALITY FIX
During bootup, kvm_mkdb may exit with the error "kvm_mkdb: cannot allocate memory". ! A source code patch exists which remedies this problem.

--- 109,141 ---- SECURITY FIX
A race condition existed between accept(2) and select(2) which could permit an attacker to hang sockets from remote. ! A source code patch exists which remedies this problem.

SECURITY FIX
IP fragment assembly can bog the machine excessively and cause problems. ! A source code patch exists which remedies this problem.

SECURITY FIX
TCP/IP RST handling was too sloppy. ! A source code patch exists which remedies this problem.

FUNCTIONALITY FIX
During bootup, kvm_mkdb may exit with the error "kvm_mkdb: cannot allocate memory". ! A source code patch exists which remedies this problem.

*************** *** 143,149 **** A problem with writing to NFS version 3 mounted filesystems from Solaris 7 hosts exists. Attempts to create files will result in an error such as "Inappropriate file type or format". ! A source code patch exists which remedies this problem.

--- 143,149 ---- A problem with writing to NFS version 3 mounted filesystems from Solaris 7 hosts exists. Attempts to create files will result in an error such as "Inappropriate file type or format". ! A source code patch exists which remedies this problem.

*************** *** 152,204 **** and powerpc) exists when mounting filesystems larger than 2gig. You can see evidence of the bug by running df(1) and checking for negative partition sizes. ! A source code patch exists which remedies this problem.

SECURITY FIX
A security problem exists in the curses and ocurses libraries that affect setuid programs linked with -lcurses or -locurses. ! A source code patch exists which remedies this problem.
Precompiled versions of libcurses and libocurses exist for the ! i386 platform. Unpack it in /usr/lib.

FUNCTIONALITY FIX
A workaround for an xterm problem that causes vi to not restore the correct cursor position on exit. ! A source code patch exists which remedies this problem.
Alternately, you can also download a pre-compiled terminfo file to be installed as /usr/share/misc/terminfo.db. For i386, alpha and mips, use the ! little endian version. For sparc, m68k and powerpc, use the ! big endian version.

FUNCTIONALITY FIX
userdir support was accidentally left out of httpd(8). ! A source code patch exists which remedies this problem.

SECURITY FIX
A remotely exploitable problem exists in bootpd(8). bootpd is disabled by default, but some people may actually be using it. ! A source code patch exists which remedies this problem, this is the second version of the patch.

SECURITY FIX
A remote machine lockup problem exists in the TCP decoding code. ! A source code patch exists which remedies this problem.

--- 152,204 ---- and powerpc) exists when mounting filesystems larger than 2gig. You can see evidence of the bug by running df(1) and checking for negative partition sizes. ! A source code patch exists which remedies this problem.

FUNCTIONALITY FIX
userdir support was accidentally left out of httpd(8). ! A source code patch exists which remedies this problem.

SECURITY FIX
A remote machine lockup problem exists in the TCP decoding code. ! A source code patch exists which remedies this problem.

*************** *** 209,215 **** SECURITY FIX
This is another fix for a kernel crash caused by the crashme program. ! A source code patch exists which remedies this problem.

--- 209,215 ---- SECURITY FIX
This is another fix for a kernel crash caused by the crashme program. ! A source code patch exists which remedies this problem.

*************** *** 221,241 **** stage. In 2.5, the bootblocks will be modified to use a new location. Hence, if you wish old kernels to boot on a new bootblock, those kernels will only work if they were linked with this patch. ! A source code patch exists which remedies this problem.

SECURITY FIX
i386 trace-trap handling when DDB was configured could cause a system crash. ! A source code patch exists which remedies this problem.

FUNCTIONALITY FIX
i386 installboot had a sign extension bug which prevented proper bootblock initialization when the root filesystem was placed beyond 4GB. ! A source code patch exists which remedies this problem.
Unfortunately, updated 2.4 install floppies are not available. Just ensure that your root filesystem is below 4GB, for now. --- 221,241 ---- stage. In 2.5, the bootblocks will be modified to use a new location. Hence, if you wish old kernels to boot on a new bootblock, those kernels will only work if they were linked with this patch. ! A source code patch exists which remedies this problem.

SECURITY FIX
i386 trace-trap handling when DDB was configured could cause a system crash. ! A source code patch exists which remedies this problem.

FUNCTIONALITY FIX
i386 installboot had a sign extension bug which prevented proper bootblock initialization when the root filesystem was placed beyond 4GB. ! A source code patch exists which remedies this problem.
Unfortunately, updated 2.4 install floppies are not available. Just ensure that your root filesystem is below 4GB, for now. *************** *** 256,269 **** The sparc hme(4) and be(4) drivers work poorly on some types of SS-20 machines. This is because those machines lie, saying they support 64-bit DMA bursting. No sun4m machines support that. ! A source code patch exists which remedies this problem.

DRIVER FIX
The sparc le(4) driver does media changes incorrectly on one type of sbus le(4) card. ! A source code patch exists which remedies this problem.

--- 256,269 ---- The sparc hme(4) and be(4) drivers work poorly on some types of SS-20 machines. This is because those machines lie, saying they support 64-bit DMA bursting. No sun4m machines support that. ! A source code patch exists which remedies this problem.

DRIVER FIX
The sparc le(4) driver does media changes incorrectly on one type of sbus le(4) card. ! A source code patch exists which remedies this problem.

*************** *** 354,360 ****

www@openbsd.org !
$OpenBSD: errata24.html,v 1.46 2010/03/08 21:53:37 deraadt Exp $ --- 354,360 ----

www@openbsd.org !
$OpenBSD: errata24.html,v 1.47 2010/07/08 19:00:07 sthen Exp $