=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata26.html,v retrieving revision 1.57 retrieving revision 1.58 diff -c -r1.57 -r1.58 *** www/errata26.html 2014/03/31 03:36:54 1.57 --- www/errata26.html 2014/03/31 04:11:40 1.58 *************** *** 142,153 **** --- 142,198 ---- A source code patch exists which remedies this problem.

+ 017: FUNCTIONALITY ADDITION: Nov 14, 1999 All architectures
+ Fortran doesn't work right. The file /usr/include/g2c.h is missing in the + release.
+ + A source code patch exists which remedies this problem. + The patch fixes the source tree and describes how to properly add + + the include file to your system. +

+ 016: SECURITY FIX: Dec 2, 1999 All architectures
+ A buffer overflow in the RSAREF code included in the + USA version of the libssl package (called sslUSA, is + possibly exploitable in isakmpd if SSL/RSA features + are enabled or used.
+ OpenSSH and httpd (with -DSSL) are not + vulnerable.
+ NOTE: International users using the ssl26 package are not affected. +

+ To check what package you are using, use +

+ # pkg_info sslUSA26
+

+ The patched library says:
+ "ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA" +

+ Non-commercial USA users who installed the ssl package before December 3 + should upgrade their sslUSA26 package using:
+

+ # pkg_delete sslUSA26
+ # pkg_add -v sslUSA26.tar.gz
+

+ Using the new sslUSA26.tar.gz files which have been placed + on the FTP mirrors.
+ For more information, see the advisory.
+ NOTE: this problem turned out to not be unexploitable in OpenSSH. +

015: Y2K FIX: Jan 9, 2000 All architectures
The at(1) command was unable to parse some kinds of dates.
A source code patch exists which remedies this problem.

+ 014: Y2K FIX: Jan 3, 2000
+ A minor problem; the sparc eeprom(8) command is not Y2K compliant.
+ + A source code patch exists which remedies this problem. + This is the second revision of the patch. +

013: Y2K FIX: Jan 3, 2000 All architectures
A minor problem in the logging support for the adduser(8) command.
*************** *** 181,223 ****
Revision 1 of this jumbo source code patch exists.

! 016: SECURITY FIX: Dec 2, 1999 All architectures
! A buffer overflow in the RSAREF code included in the ! USA version of the libssl package (called sslUSA, is ! possibly exploitable in isakmpd if SSL/RSA features ! are enabled or used.
! OpenSSH and httpd (with -DSSL) are not ! vulnerable.
! NOTE: International users using the ssl26 package are not affected.

! To check what package you are using, use !

! # pkg_info sslUSA26
!

! The patched library says:
! "ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA" !

! Non-commercial USA users who installed the ssl package before December 3 ! should upgrade their sslUSA26 package using:
!

! # pkg_delete sslUSA26
! # pkg_add -v sslUSA26.tar.gz
!

! Using the new sslUSA26.tar.gz files which have been placed ! on the FTP mirrors.
! For more information, see the advisory.
! NOTE: this problem turned out to not be unexploitable in OpenSSH. !

! 017: FUNCTIONALITY ADDITION: Nov 14, 1999 All architectures
! Fortran doesn't work right. The file /usr/include/g2c.h is missing in the ! release.
! A source code patch exists which remedies this problem. - The patch fixes the source tree and describes how to properly add - - the include file to your system.

005: FUNCTIONALITY ADDITION: Nov 11, 1999 All architectures
--- 226,242 ----
Revision 1 of this jumbo source code patch exists.

! 007: RELIABILITY FIX: Nov 12, 1999 m68k architectures
! All m68k kernels can possibly be crashed by a user.
! ! A source code patch exists which remedies this problem.

! 006: RELIABILITY FIX: Nov 13, 1999 alpha only
! The alpha kernel can possibly be crashed by a user.
! A source code patch exists which remedies this problem.

005: FUNCTIONALITY ADDITION: Nov 11, 1999 All architectures
*************** *** 228,233 **** --- 247,258 ---- Revision 4 of this jumbo source code patch exists.
NOTE: /etc/sshd_config and /etc/ssh_config may need changes.

+ 004: RELIABILITY FIX: Nov 12, 1999 sparc only
+ The sparc kernel can be crashed by a user.
+ + A source code patch exists which remedies this problem. +

003: FUNCTIONALITY FIX: Nov 10, 1999 All architectures
m4 is quite broken in the 2.6 release.
*************** *** 245,324 **** 001: RELIABILITY FIX: Nov 8, 1999 All architectures
A race condition in newsyslog(8) can cause errors in log file rotation.
- A source code patch exists which remedies this problem. -

- -

mac68k

- - 007: RELIABILITY FIX: Nov 12, 1999
- All m68k kernels can possibly be crashed by a user.
- - A source code patch exists which remedies this problem. -
-

- -

sparc

- 014: Y2K FIX: Jan 3, 2000
- A minor problem; the sparc eeprom(8) command is not Y2K compliant.
- - A source code patch exists which remedies this problem. - This is the second revision of the patch. -
-
- 004: RELIABILITY FIX: Nov 12, 1999
- The sparc kernel can be crashed by a user.
- - A source code patch exists which remedies this problem. -
-

- -

amiga

- 007: RELIABILITY FIX: Nov 12, 1999
- All m68k kernels can possibly be crashed by a user.
- - A source code patch exists which remedies this problem. -
-

- -

alpha

- 006: RELIABILITY FIX: Nov 13, 1999
- The alpha kernel can possibly be crashed by a user.
- - A source code patch exists which remedies this problem. -
-

- -

hp300

- 007: RELIABILITY FIX: Nov 12, 1999
- All m68k kernels can possibly be crashed by a user.
- - A source code patch exists which remedies this problem. -
-

- -

mvme68k

- 007: RELIABILITY FIX: Nov 12, 1999
- All m68k kernels can possibly be crashed by a user.
- A source code patch exists which remedies this problem.

--- 270,275 ----