=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata31.html,v retrieving revision 1.55 retrieving revision 1.56 diff -c -r1.55 -r1.56 *** www/errata31.html 2013/10/26 15:21:13 1.55 --- www/errata31.html 2014/02/27 17:26:45 1.56 *************** *** 57,63 **** 5.1, 5.2, 5.3, ! 5.4.
--- 57,64 ---- 5.1, 5.2, 5.3, ! 5.4, ! 5.5.
*************** *** 126,132 ****

  • 021: SECURITY FIX: February 23, 2003
    ! In ssl(8) an information leak can occur via timing by performing a MAC computation even if incorrect block cipher padding has been found, this is a countermeasure. Also, check for negative sizes in memory allocation routines.
    --- 127,133 ----

  • 021: SECURITY FIX: February 23, 2003
    ! In ssl(8) an information leak can occur via timing by performing a MAC computation even if incorrect block cipher padding has been found, this is a countermeasure. Also, check for negative sizes in memory allocation routines.
    *************** *** 148,154 ****
  • 019: SECURITY FIX: November 14, 2002
    A buffer overflow in ! named(8) could allow an attacker to execute code with the privileges of named. On OpenBSD, named runs as a non-root user in a chrooted environment which mitigates the effects of this bug.
    --- 149,155 ----
  • 019: SECURITY FIX: November 14, 2002
    A buffer overflow in ! named(8) could allow an attacker to execute code with the privileges of named. On OpenBSD, named runs as a non-root user in a chrooted environment which mitigates the effects of this bug.
    *************** *** 157,163 ****

  • 018: SECURITY FIX: November 6, 2002
    ! Incorrect argument checking in the getrlimit(2) system call may allow an attacker to crash the kernel.
    A --- 158,164 ----

  • 018: SECURITY FIX: November 6, 2002
    ! Incorrect argument checking in the getrlimit(2) system call may allow an attacker to crash the kernel.
    A *************** *** 180,186 ****

  • 015: SECURITY FIX: October 2, 2002
    ! Incorrect argument checking in the setitimer(2) system call may allow an attacker to write to kernel memory.
    A source code patch exists which remedies the problem.

    --- 181,187 ----

  • 015: SECURITY FIX: October 2, 2002
    ! Incorrect argument checking in the setitimer(2) system call may allow an attacker to write to kernel memory.
    A source code patch exists which remedies the problem.

    *************** *** 195,204 ****

  • 013: SECURITY FIX: July 30, 2002
    ! Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the ! ssl(8) ! library, as in the ASN.1 parser code in the ! crypto(3) library, all of them being potentially remotely exploitable.
    A source code patch exists which remedies the problem.
    --- 196,205 ----

  • 013: SECURITY FIX: July 30, 2002
    ! Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the ! ssl(8) ! library, as in the ASN.1 parser code in the ! crypto(3) library, all of them being potentially remotely exploitable.
    A source code patch exists which remedies the problem.
    *************** *** 206,213 ****

  • 012: SECURITY FIX: July 29, 2002
    ! A buffer overflow can occur in the ! xdr_array(3) RPC code, leading to possible remote crash.
    A source code patch exists which remedies the problem.
    --- 207,214 ----

  • 012: SECURITY FIX: July 29, 2002
    ! A buffer overflow can occur in the ! xdr_array(3) RPC code, leading to possible remote crash.
    A source code patch exists which remedies the problem.
    *************** *** 215,222 ****

  • 011: SECURITY FIX: July 29, 2002
    ! A race condition exists in the ! pppd(8) daemon which may cause it to alter the file permissions of an arbitrary file.
    A source code patch exists which remedies the problem.

    --- 216,223 ----

  • 011: SECURITY FIX: July 29, 2002
    ! A race condition exists in the ! pppd(8) daemon which may cause it to alter the file permissions of an arbitrary file.
    A source code patch exists which remedies the problem.

    *************** *** 356,364 ****

    ! OpenBSD www@openbsd.org !
    $OpenBSD: errata31.html,v 1.55 2013/10/26 15:21:13 deraadt Exp $ --- 357,365 ----
    ! OpenBSD www@openbsd.org !
    $OpenBSD: errata31.html,v 1.56 2014/02/27 17:26:45 deraadt Exp $