===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata25.html,v
retrieving revision 1.70
retrieving revision 1.71
diff -c -r1.70 -r1.71
*** www/errata25.html 2016/08/15 02:22:06 1.70
--- www/errata25.html 2016/10/16 19:11:29 1.71
***************
*** 70,76 ****
!
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
--- 70,76 ----
!
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
***************
*** 91,97 ****
All architectures
In cron(8), make sure argv[] is NULL terminated in the fake popen() and
run sendmail as the user, not as root.
!
A source code patch exists which remedies this problem.
--- 91,97 ----
All architectures
In cron(8), make sure argv[] is NULL terminated in the fake popen() and
run sendmail as the user, not as root.
!
A source code patch exists which remedies this problem.
***************
*** 100,113 ****
The procfs and fdescfs filesystems had an overrun in their handling
of uio_offset in their readdir() routines. (These filesystems are not
enabled by default).
!
A source code patch exists which remedies this problem.
SECURITY FIX: Aug 9, 1999
All architectures
Stop profiling (see profil(2)) when we execve() a new process.
!
A source code patch exists which remedies this problem.
--- 100,113 ----
The procfs and fdescfs filesystems had an overrun in their handling
of uio_offset in their readdir() routines. (These filesystems are not
enabled by default).
!
A source code patch exists which remedies this problem.
SECURITY FIX: Aug 9, 1999
All architectures
Stop profiling (see profil(2)) when we execve() a new process.
!
A source code patch exists which remedies this problem.
***************
*** 115,121 ****
All architectures
Packets that should have been handled by IPsec may be transmitted
as cleartext. PF_KEY SA expirations may leak kernel resources.
!
A source code patch exists which remedies this problem.
--- 115,121 ----
All architectures
Packets that should have been handled by IPsec may be transmitted
as cleartext. PF_KEY SA expirations may leak kernel resources.
!
A source code patch exists which remedies this problem.
***************
*** 123,129 ****
All architectures
In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1)
to use -execdir.
!
A source code patch exists which remedies this problem.
--- 123,129 ----
All architectures
In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1)
to use -execdir.
!
A source code patch exists which remedies this problem.
***************
*** 131,137 ****
All architectures
Do not permit regular users to chflags(2) or fchflags(2) on character or
block devices which they may currently be the owner of.
!
A source code patch exists which remedies this problem.
--- 131,137 ----
All architectures
Do not permit regular users to chflags(2) or fchflags(2) on character or
block devices which they may currently be the owner of.
!
A source code patch exists which remedies this problem.
***************
*** 141,147 ****
to avoid various groff features which may be security issues. On the
whole, this is not really a security issue, but it was discussed on
BUGTRAQ as if it is.
!
A source code patch exists which remedies this problem.
--- 141,147 ----
to avoid various groff features which may be security issues. On the
whole, this is not really a security issue, but it was discussed on
BUGTRAQ as if it is.
!
A source code patch exists which remedies this problem.
***************
*** 149,155 ****
All architectures
Programs using fts(3) could dump core when given a directory structure
with a very large number of entries.
!
A source code patch exists which remedies this problem.
--- 149,155 ----
All architectures
Programs using fts(3) could dump core when given a directory structure
with a very large number of entries.
!
A source code patch exists which remedies this problem.
***************
*** 157,163 ****
All architectures
Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in
failure to retransmit correctly.
!
A source code patch exists which remedies this problem.
--- 157,163 ----
All architectures
Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in
failure to retransmit correctly.
!
A source code patch exists which remedies this problem.
***************
*** 165,171 ****
All architectures
Retransmitted TCP packets could get corrupted when flowing over an
IPSEC ESP tunnel.
!
A source code patch exists which remedies this problem.
--- 165,171 ----
All architectures
Retransmitted TCP packets could get corrupted when flowing over an
IPSEC ESP tunnel.
!
A source code patch exists which remedies this problem.
***************
*** 173,179 ****
All architectures
A local user can crash the system by reading a file larger than 64meg
from an ext2fs partition.
!
A source code patch exists which remedies this problem.
--- 173,179 ----
All architectures
A local user can crash the system by reading a file larger than 64meg
from an ext2fs partition.
!
A source code patch exists which remedies this problem.
***************
*** 183,189 ****
system running an IPsec key management daemon like photurisd or isakmpd
will cause the networking subsystem to stop working after a finite amount
of time.
!
A source code patch exists which remedies this problem.
--- 183,189 ----
system running an IPsec key management daemon like photurisd or isakmpd
will cause the networking subsystem to stop working after a finite amount
of time.
!
A source code patch exists which remedies this problem.
***************
*** 191,204 ****
This patch corrects various OpenBSD/i386 2.5 problems with Y2K. The 2.6
release (released at 1 Dec 1999) has this problem solved. This patch is
just a workaround.
!
A source code patch exists which remedies this problem.
RELIABILITY FIX
If a user opened the brooktree device on a system where it did not exist,
the kernel crashed.
!
A source code patch exists which remedies this problem.
--- 191,204 ----
This patch corrects various OpenBSD/i386 2.5 problems with Y2K. The 2.6
release (released at 1 Dec 1999) has this problem solved. This patch is
just a workaround.
!
A source code patch exists which remedies this problem.
RELIABILITY FIX
If a user opened the brooktree device on a system where it did not exist,
the kernel crashed.
!
A source code patch exists which remedies this problem.
***************
*** 206,219 ****
The mac68k install utils were mistakenly left off the CD and out of
the FTP install directories. These tools have now been added to the
FTP install directories. See
!
! http://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils
RELIABILITY FIX
Two problems in the powerpc kernel trap handling cause severe system
unreliability.
!
A source code patch exists which remedies this problem.
--- 206,219 ----
The mac68k install utils were mistakenly left off the CD and out of
the FTP install directories. These tools have now been added to the
FTP install directories. See
!
! https://ftp.openbsd.org/pub/OpenBSD/2.5/mac68k/utils
RELIABILITY FIX
Two problems in the powerpc kernel trap handling cause severe system
unreliability.
!
A source code patch exists which remedies this problem.