===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata26.html,v
retrieving revision 1.57
retrieving revision 1.58
diff -c -r1.57 -r1.58
*** www/errata26.html 2014/03/31 03:36:54 1.57
--- www/errata26.html 2014/03/31 04:11:40 1.58
***************
*** 142,153 ****
--- 142,198 ----
A source code patch exists which remedies this problem.
+
+ 017: FUNCTIONALITY ADDITION: Nov 14, 1999 All architectures
+ Fortran doesn't work right. The file /usr/include/g2c.h is missing in the
+ release.
+
+ A source code patch exists which remedies this problem.
+ The patch fixes the source tree and describes how to properly add
+
+ the include file to your system.
+
+
+ 016: SECURITY FIX: Dec 2, 1999 All architectures
+ A buffer overflow in the RSAREF code included in the
+ USA version of the libssl package (called sslUSA, is
+ possibly exploitable in isakmpd if SSL/RSA features
+ are enabled or used.
+ OpenSSH and httpd (with -DSSL) are not
+ vulnerable.
+ NOTE: International users using the ssl26 package are not affected.
+
+ To check what package you are using, use
+
+ # pkg_info sslUSA26
+
+ The patched library says:
+ "ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA"
+
+ Non-commercial USA users who installed the ssl package before December 3
+ should upgrade their sslUSA26 package using:
+
+ # pkg_delete sslUSA26
+ # pkg_add -v sslUSA26.tar.gz
+
+ Using the new sslUSA26.tar.gz files which have been placed
+ on the FTP mirrors.
+ For more information, see the advisory.
+ NOTE: this problem turned out to not be unexploitable in OpenSSH.
+
015: Y2K FIX: Jan 9, 2000 All architectures
The at(1) command was unable to parse some kinds of dates.
A source code patch exists which remedies this problem.
+
+ 014: Y2K FIX: Jan 3, 2000
+ A minor problem; the sparc eeprom(8) command is not Y2K compliant.
+
+ A source code patch exists which remedies this problem.
+ This is the second revision of the patch.
+
013: Y2K FIX: Jan 3, 2000 All architectures
A minor problem in the logging support for the adduser(8) command.
***************
*** 181,223 ****
Revision 1 of this jumbo source code patch exists.
!
! 016: SECURITY FIX: Dec 2, 1999 All architectures
! A buffer overflow in the RSAREF code included in the
! USA version of the libssl package (called sslUSA, is
! possibly exploitable in isakmpd if SSL/RSA features
! are enabled or used.
! OpenSSH and httpd (with -DSSL) are not
! vulnerable.
! NOTE: International users using the ssl26 package are not affected.
! To check what package you are using, use
!
! # pkg_info sslUSA26
!
! The patched library says:
! "ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA"
!
! Non-commercial USA users who installed the ssl package before December 3
! should upgrade their sslUSA26 package using:
!
! # pkg_delete sslUSA26
! # pkg_add -v sslUSA26.tar.gz
!
! Using the new sslUSA26.tar.gz files which have been placed
! on the FTP mirrors.
! For more information, see the advisory.
! NOTE: this problem turned out to not be unexploitable in OpenSSH.
!
!
! 017: FUNCTIONALITY ADDITION: Nov 14, 1999 All architectures
! Fortran doesn't work right. The file /usr/include/g2c.h is missing in the
! release.
!
A source code patch exists which remedies this problem.
- The patch fixes the source tree and describes how to properly add
-
- the include file to your system.
005: FUNCTIONALITY ADDITION: Nov 11, 1999 All architectures
--- 226,242 ----
Revision 1 of this jumbo source code patch exists.
!
! 007: RELIABILITY FIX: Nov 12, 1999 m68k architectures
! All m68k kernels can possibly be crashed by a user.
!
! A source code patch exists which remedies this problem.
!
! 006: RELIABILITY FIX: Nov 13, 1999 alpha only
! The alpha kernel can possibly be crashed by a user.
!
A source code patch exists which remedies this problem.
005: FUNCTIONALITY ADDITION: Nov 11, 1999 All architectures
***************
*** 228,233 ****
--- 247,258 ----
Revision 4 of this jumbo source code patch exists.
NOTE: /etc/sshd_config and /etc/ssh_config may need changes.
+
+ 004: RELIABILITY FIX: Nov 12, 1999 sparc only
+ The sparc kernel can be crashed by a user.
+
+ A source code patch exists which remedies this problem.
+
003: FUNCTIONALITY FIX: Nov 10, 1999 All architectures
m4 is quite broken in the 2.6 release.
***************
*** 245,324 ****
001: RELIABILITY FIX: Nov 8, 1999 All architectures
A race condition in newsyslog(8) can cause errors in log file rotation.
- A source code patch exists which remedies this problem.
-
-
-
-
-
mac68k
-
-
-
-
sparc
-
-
-
-
amiga
-
-
-
-
alpha
-
-
-
-
hp300
-
-
-
-
mvme68k
-
--- 270,275 ----