=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata25.html,v retrieving revision 1.41 retrieving revision 1.42 diff -c -r1.41 -r1.42 *** www/errata25.html 2010/03/08 21:53:37 1.41 --- www/errata25.html 2010/07/08 19:00:07 1.42 *************** *** 53,59 ****
! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. --- 53,59 ----
! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. *************** *** 69,75 **** SECURITY FIX: Aug 30, 1999
In cron(8), make sure argv[] is NULL terminated in the fake popen() and run sendmail as the user, not as root. ! A source code patch exists which remedies this problem.

  • --- 69,75 ---- SECURITY FIX: Aug 30, 1999
    In cron(8), make sure argv[] is NULL terminated in the fake popen() and run sendmail as the user, not as root. ! A source code patch exists which remedies this problem.

  • *************** *** 77,89 **** The procfs and fdescfs filesystems had an overrun in their handling of uio_offset in their readdir() routines. (These filesystems are not enabled by default). ! A source code patch exists which remedies this problem.

  • SECURITY FIX: Aug 9, 1999
    Stop profiling (see profil(2)) when we execve() a new process. ! A source code patch exists which remedies this problem.

  • --- 77,89 ---- The procfs and fdescfs filesystems had an overrun in their handling of uio_offset in their readdir() routines. (These filesystems are not enabled by default). ! A source code patch exists which remedies this problem.

  • SECURITY FIX: Aug 9, 1999
    Stop profiling (see profil(2)) when we execve() a new process. ! A source code patch exists which remedies this problem.

  • *************** *** 91,111 **** Packets that should have been handled by IPsec may be transmitted as cleartext. PF_KEY SA expirations may leak kernel resources. A source code patch exists which remedies this problem.

  • SECURITY FIX: Aug 5, 1999
    In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1) to use -execdir. ! A source code patch exists which remedies this problem.

  • SECURITY FIX: Jul 30, 1999
    Do not permit regular users to chflags(2) or fchflags(2) on character or block devices which they may currently be the owner of. ! A source code patch exists which remedies this problem.

  • --- 91,111 ---- Packets that should have been handled by IPsec may be transmitted as cleartext. PF_KEY SA expirations may leak kernel resources. A source code patch exists which remedies this problem.

  • SECURITY FIX: Aug 5, 1999
    In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1) to use -execdir. ! A source code patch exists which remedies this problem.

  • SECURITY FIX: Jul 30, 1999
    Do not permit regular users to chflags(2) or fchflags(2) on character or block devices which they may currently be the owner of. ! A source code patch exists which remedies this problem.

  • *************** *** 114,148 **** to avoid various groff features which may be security issues. On the whole, this is not really a security issue, but it was discussed on BUGTRAQ as if it is. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX: May 19, 1999
    Programs using fts(3) could dump core when given a directory structure with a very large number of entries. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX: May 19, 1999
    Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in failure to retransmit correctly. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    Retransmitted TCP packets could get corrupted when flowing over an IPSEC ESP tunnel. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    A local user can crash the system by reading a file larger than 64meg from an ext2fs partition. ! A source code patch exists which remedies this problem.

  • --- 114,148 ---- to avoid various groff features which may be security issues. On the whole, this is not really a security issue, but it was discussed on BUGTRAQ as if it is. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX: May 19, 1999
    Programs using fts(3) could dump core when given a directory structure with a very large number of entries. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX: May 19, 1999
    Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in failure to retransmit correctly. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    Retransmitted TCP packets could get corrupted when flowing over an IPSEC ESP tunnel. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    A local user can crash the system by reading a file larger than 64meg from an ext2fs partition. ! A source code patch exists which remedies this problem.

  • *************** *** 151,157 **** system running an IPsec key management daemon like photurisd or isakmpd will cause the networking subsystem to stop working after a finite amount of time. ! A source code patch exists which remedies this problem.

    --- 151,157 ---- system running an IPsec key management daemon like photurisd or isakmpd will cause the networking subsystem to stop working after a finite amount of time. ! A source code patch exists which remedies this problem.

    *************** *** 163,176 **** This patch corrects various OpenBSD/i386 2.5 problems with Y2K. The 2.6 release (released at 1 Dec 1999) has this problem solved. This patch is just a workaround. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    If a user opened the brooktree device on a system where it did not exist, the kernel crashed. ! A source code patch exists which remedies this problem.

    --- 163,176 ---- This patch corrects various OpenBSD/i386 2.5 problems with Y2K. The 2.6 release (released at 1 Dec 1999) has this problem solved. This patch is just a workaround. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    If a user opened the brooktree device on a system where it did not exist, the kernel crashed. ! A source code patch exists which remedies this problem.

    *************** *** 182,189 **** The mac68k install utils were mistakenly left off the CD and out of the FTP install directories. These tools have now been added to the FTP install directories. See ! ! ftp://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils

    --- 182,189 ---- The mac68k install utils were mistakenly left off the CD and out of the FTP install directories. These tools have now been added to the FTP install directories. See ! ! http://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils

    *************** *** 236,242 **** RELIABILITY FIX
    Two problems in the powerpc kernel trap handling cause severe system unreliability. ! A source code patch exists which remedies these problems.

    --- 236,242 ---- RELIABILITY FIX
    Two problems in the powerpc kernel trap handling cause severe system unreliability. ! A source code patch exists which remedies these problems.

    *************** *** 279,285 ****

    OpenBSD www@openbsd.org !
    $OpenBSD: errata25.html,v 1.41 2010/03/08 21:53:37 deraadt Exp $ --- 279,285 ----
    OpenBSD www@openbsd.org !
    $OpenBSD: errata25.html,v 1.42 2010/07/08 19:00:07 sthen Exp $