===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata25.html,v
retrieving revision 1.41
retrieving revision 1.42
diff -c -r1.41 -r1.42
*** www/errata25.html 2010/03/08 21:53:37 1.41
--- www/errata25.html 2010/07/08 19:00:07 1.42
***************
*** 53,59 ****
!
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
--- 53,59 ----
!
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
***************
*** 69,75 ****
SECURITY FIX: Aug 30, 1999
In cron(8), make sure argv[] is NULL terminated in the fake popen() and
run sendmail as the user, not as root.
!
A source code patch exists which remedies this problem.
--- 69,75 ----
SECURITY FIX: Aug 30, 1999
In cron(8), make sure argv[] is NULL terminated in the fake popen() and
run sendmail as the user, not as root.
!
A source code patch exists which remedies this problem.
***************
*** 77,89 ****
The procfs and fdescfs filesystems had an overrun in their handling
of uio_offset in their readdir() routines. (These filesystems are not
enabled by default).
!
A source code patch exists which remedies this problem.
SECURITY FIX: Aug 9, 1999
Stop profiling (see profil(2)) when we execve() a new process.
!
A source code patch exists which remedies this problem.
--- 77,89 ----
The procfs and fdescfs filesystems had an overrun in their handling
of uio_offset in their readdir() routines. (These filesystems are not
enabled by default).
!
A source code patch exists which remedies this problem.
SECURITY FIX: Aug 9, 1999
Stop profiling (see profil(2)) when we execve() a new process.
!
A source code patch exists which remedies this problem.
***************
*** 91,111 ****
Packets that should have been handled by IPsec may be transmitted
as cleartext. PF_KEY SA expirations may leak kernel resources.
A source code patch exists which remedies this problem.
SECURITY FIX: Aug 5, 1999
In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1)
to use -execdir.
!
A source code patch exists which remedies this problem.
SECURITY FIX: Jul 30, 1999
Do not permit regular users to chflags(2) or fchflags(2) on character or
block devices which they may currently be the owner of.
!
A source code patch exists which remedies this problem.
--- 91,111 ----
Packets that should have been handled by IPsec may be transmitted
as cleartext. PF_KEY SA expirations may leak kernel resources.
A source code patch exists which remedies this problem.
SECURITY FIX: Aug 5, 1999
In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1)
to use -execdir.
!
A source code patch exists which remedies this problem.
SECURITY FIX: Jul 30, 1999
Do not permit regular users to chflags(2) or fchflags(2) on character or
block devices which they may currently be the owner of.
!
A source code patch exists which remedies this problem.
***************
*** 114,148 ****
to avoid various groff features which may be security issues. On the
whole, this is not really a security issue, but it was discussed on
BUGTRAQ as if it is.
!
A source code patch exists which remedies this problem.
RELIABILITY FIX: May 19, 1999
Programs using fts(3) could dump core when given a directory structure
with a very large number of entries.
!
A source code patch exists which remedies this problem.
RELIABILITY FIX: May 19, 1999
Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in
failure to retransmit correctly.
!
A source code patch exists which remedies this problem.
RELIABILITY FIX
Retransmitted TCP packets could get corrupted when flowing over an
IPSEC ESP tunnel.
!
A source code patch exists which remedies this problem.
RELIABILITY FIX
A local user can crash the system by reading a file larger than 64meg
from an ext2fs partition.
!
A source code patch exists which remedies this problem.
--- 114,148 ----
to avoid various groff features which may be security issues. On the
whole, this is not really a security issue, but it was discussed on
BUGTRAQ as if it is.
!
A source code patch exists which remedies this problem.
RELIABILITY FIX: May 19, 1999
Programs using fts(3) could dump core when given a directory structure
with a very large number of entries.
!
A source code patch exists which remedies this problem.
RELIABILITY FIX: May 19, 1999
Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in
failure to retransmit correctly.
!
A source code patch exists which remedies this problem.
RELIABILITY FIX
Retransmitted TCP packets could get corrupted when flowing over an
IPSEC ESP tunnel.
!
A source code patch exists which remedies this problem.
RELIABILITY FIX
A local user can crash the system by reading a file larger than 64meg
from an ext2fs partition.
!
A source code patch exists which remedies this problem.
***************
*** 151,157 ****
system running an IPsec key management daemon like photurisd or isakmpd
will cause the networking subsystem to stop working after a finite amount
of time.
!
A source code patch exists which remedies this problem.
--- 151,157 ----
system running an IPsec key management daemon like photurisd or isakmpd
will cause the networking subsystem to stop working after a finite amount
of time.
!
A source code patch exists which remedies this problem.
***************
*** 163,176 ****
This patch corrects various OpenBSD/i386 2.5 problems with Y2K. The 2.6
release (released at 1 Dec 1999) has this problem solved. This patch is
just a workaround.
!
A source code patch exists which remedies this problem.
RELIABILITY FIX
If a user opened the brooktree device on a system where it did not exist,
the kernel crashed.
!
A source code patch exists which remedies this problem.
--- 163,176 ----
This patch corrects various OpenBSD/i386 2.5 problems with Y2K. The 2.6
release (released at 1 Dec 1999) has this problem solved. This patch is
just a workaround.
!
A source code patch exists which remedies this problem.
RELIABILITY FIX
If a user opened the brooktree device on a system where it did not exist,
the kernel crashed.
!
A source code patch exists which remedies this problem.
***************
*** 182,189 ****
The mac68k install utils were mistakenly left off the CD and out of
the FTP install directories. These tools have now been added to the
FTP install directories. See
!
! ftp://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils
--- 182,189 ----
The mac68k install utils were mistakenly left off the CD and out of
the FTP install directories. These tools have now been added to the
FTP install directories. See
!
! http://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils
***************
*** 236,242 ****
RELIABILITY FIX
Two problems in the powerpc kernel trap handling cause severe system
unreliability.
!
A source code patch exists which remedies these problems.
--- 236,242 ----
RELIABILITY FIX
Two problems in the powerpc kernel trap handling cause severe system
unreliability.
!
A source code patch exists which remedies these problems.
***************
*** 279,285 ****
www@openbsd.org
!
$OpenBSD: errata25.html,v 1.41 2010/03/08 21:53:37 deraadt Exp $