=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata25.html,v retrieving revision 1.70 retrieving revision 1.71 diff -c -r1.70 -r1.71 *** www/errata25.html 2016/08/15 02:22:06 1.70 --- www/errata25.html 2016/10/16 19:11:29 1.71 *************** *** 70,76 ****

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

--- 70,76 ----

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

*************** *** 91,97 **** All architectures
In cron(8), make sure argv[] is NULL terminated in the fake popen() and run sendmail as the user, not as root. ! A source code patch exists which remedies this problem.

--- 91,97 ---- All architectures
In cron(8), make sure argv[] is NULL terminated in the fake popen() and run sendmail as the user, not as root. ! A source code patch exists which remedies this problem.

*************** *** 100,113 **** The procfs and fdescfs filesystems had an overrun in their handling of uio_offset in their readdir() routines. (These filesystems are not enabled by default). ! A source code patch exists which remedies this problem.

SECURITY FIX: Aug 9, 1999 All architectures
Stop profiling (see profil(2)) when we execve() a new process. ! A source code patch exists which remedies this problem.

--- 100,113 ---- The procfs and fdescfs filesystems had an overrun in their handling of uio_offset in their readdir() routines. (These filesystems are not enabled by default). ! A source code patch exists which remedies this problem.

SECURITY FIX: Aug 9, 1999 All architectures
Stop profiling (see profil(2)) when we execve() a new process. ! A source code patch exists which remedies this problem.

*************** *** 115,121 **** All architectures
Packets that should have been handled by IPsec may be transmitted as cleartext. PF_KEY SA expirations may leak kernel resources. ! A source code patch exists which remedies this problem.

--- 115,121 ---- All architectures
Packets that should have been handled by IPsec may be transmitted as cleartext. PF_KEY SA expirations may leak kernel resources. ! A source code patch exists which remedies this problem.

*************** *** 123,129 **** All architectures
In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1) to use -execdir. ! A source code patch exists which remedies this problem.

--- 123,129 ---- All architectures
In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1) to use -execdir. ! A source code patch exists which remedies this problem.

*************** *** 131,137 **** All architectures
Do not permit regular users to chflags(2) or fchflags(2) on character or block devices which they may currently be the owner of. ! A source code patch exists which remedies this problem.

--- 131,137 ---- All architectures
Do not permit regular users to chflags(2) or fchflags(2) on character or block devices which they may currently be the owner of. ! A source code patch exists which remedies this problem.

*************** *** 141,147 **** to avoid various groff features which may be security issues. On the whole, this is not really a security issue, but it was discussed on BUGTRAQ as if it is. ! A source code patch exists which remedies this problem.

--- 141,147 ---- to avoid various groff features which may be security issues. On the whole, this is not really a security issue, but it was discussed on BUGTRAQ as if it is. ! A source code patch exists which remedies this problem.

*************** *** 149,155 **** All architectures
Programs using fts(3) could dump core when given a directory structure with a very large number of entries. ! A source code patch exists which remedies this problem.

--- 149,155 ---- All architectures
Programs using fts(3) could dump core when given a directory structure with a very large number of entries. ! A source code patch exists which remedies this problem.

*************** *** 157,163 **** All architectures
Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in failure to retransmit correctly. ! A source code patch exists which remedies this problem.

--- 157,163 ---- All architectures
Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in failure to retransmit correctly. ! A source code patch exists which remedies this problem.

*************** *** 165,171 **** All architectures
Retransmitted TCP packets could get corrupted when flowing over an IPSEC ESP tunnel. ! A source code patch exists which remedies this problem.

--- 165,171 ---- All architectures
Retransmitted TCP packets could get corrupted when flowing over an IPSEC ESP tunnel. ! A source code patch exists which remedies this problem.

*************** *** 173,179 **** All architectures
A local user can crash the system by reading a file larger than 64meg from an ext2fs partition. ! A source code patch exists which remedies this problem.

--- 173,179 ---- All architectures
A local user can crash the system by reading a file larger than 64meg from an ext2fs partition. ! A source code patch exists which remedies this problem.

*************** *** 183,189 **** system running an IPsec key management daemon like photurisd or isakmpd will cause the networking subsystem to stop working after a finite amount of time. ! A source code patch exists which remedies this problem.

--- 183,189 ---- system running an IPsec key management daemon like photurisd or isakmpd will cause the networking subsystem to stop working after a finite amount of time. ! A source code patch exists which remedies this problem.

*************** *** 191,204 **** This patch corrects various OpenBSD/i386 2.5 problems with Y2K. The 2.6 release (released at 1 Dec 1999) has this problem solved. This patch is just a workaround. ! A source code patch exists which remedies this problem.

RELIABILITY FIX
If a user opened the brooktree device on a system where it did not exist, the kernel crashed. ! A source code patch exists which remedies this problem.

--- 191,204 ---- This patch corrects various OpenBSD/i386 2.5 problems with Y2K. The 2.6 release (released at 1 Dec 1999) has this problem solved. This patch is just a workaround. ! A source code patch exists which remedies this problem.

RELIABILITY FIX
If a user opened the brooktree device on a system where it did not exist, the kernel crashed. ! A source code patch exists which remedies this problem.

*************** *** 206,219 **** The mac68k install utils were mistakenly left off the CD and out of the FTP install directories. These tools have now been added to the FTP install directories. See ! ! http://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils

RELIABILITY FIX
Two problems in the powerpc kernel trap handling cause severe system unreliability. ! A source code patch exists which remedies this problem.

--- 206,219 ---- The mac68k install utils were mistakenly left off the CD and out of the FTP install directories. These tools have now been added to the FTP install directories. See ! ! https://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils

RELIABILITY FIX
Two problems in the powerpc kernel trap handling cause severe system unreliability. ! A source code patch exists which remedies this problem.