===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata31.html,v
retrieving revision 1.64
retrieving revision 1.65
diff -c -r1.64 -r1.65
*** www/errata31.html 2014/10/02 14:34:45 1.64
--- www/errata31.html 2015/02/14 04:36:51 1.65
***************
*** 82,88 ****
! -
027: SECURITY FIX: March 31, 2003
All architectures
A buffer overflow in the address parsing in
--- 82,88 ----
! -
027: SECURITY FIX: March 31, 2003
All architectures
A buffer overflow in the address parsing in
***************
*** 91,97 ****
A source code patch exists which remedies this problem.
!
-
026: SECURITY FIX: March 24, 2003
All architectures
The cryptographic weaknesses in the Kerberos v4 protocol can be exploited
--- 91,97 ----
A source code patch exists which remedies this problem.
!
-
026: SECURITY FIX: March 24, 2003
All architectures
The cryptographic weaknesses in the Kerberos v4 protocol can be exploited
***************
*** 100,106 ****
A source code patch exists which remedies this problem.
!
-
025: SECURITY FIX: March 19, 2003
All architectures
OpenSSL is vulnerable to an extension of the ``Bleichenbacher'' attack designed
--- 100,106 ----
A source code patch exists which remedies this problem.
!
-
025: SECURITY FIX: March 19, 2003
All architectures
OpenSSL is vulnerable to an extension of the ``Bleichenbacher'' attack designed
***************
*** 109,115 ****
A source code patch exists which remedies this problem.
!
-
024: SECURITY FIX: March 18, 2003
All architectures
Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.
--- 109,115 ----
A source code patch exists which remedies this problem.
!
-
024: SECURITY FIX: March 18, 2003
All architectures
Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.
***************
*** 117,123 ****
A source code patch exists which remedies this problem.
!
-
023: SECURITY FIX: March 5, 2003
All architectures
A fix for an
--- 117,123 ----
A source code patch exists which remedies this problem.
!
-
023: SECURITY FIX: March 5, 2003
All architectures
A fix for an
***************
*** 127,133 ****
A source code patch exists which remedies this problem.
!
-
022: SECURITY FIX: March 3, 2003
All architectures
A buffer overflow in the envelope comments processing in
--- 127,133 ----
A source code patch exists which remedies this problem.
!
-
022: SECURITY FIX: March 3, 2003
All architectures
A buffer overflow in the envelope comments processing in
***************
*** 136,142 ****
A source code patch exists which remedies this problem.
!
-
021: SECURITY FIX: February 23, 2003
All architectures
In
--- 136,142 ----
A source code patch exists which remedies this problem.
!
-
021: SECURITY FIX: February 23, 2003
All architectures
In
***************
*** 146,152 ****
A source code patch exists which fixes these two issues.
!
-
020: SECURITY FIX: January 20, 2003
All architectures
A double free in
--- 146,152 ----
A source code patch exists which fixes these two issues.
!
-
020: SECURITY FIX: January 20, 2003
All architectures
A double free in
***************
*** 159,165 ****
A source code patch exists which remedies this problem.
!
-
019: SECURITY FIX: November 14, 2002
All architectures
A buffer overflow in
--- 159,165 ----
A source code patch exists which remedies this problem.
!
-
019: SECURITY FIX: November 14, 2002
All architectures
A buffer overflow in
***************
*** 170,176 ****
A source code patch exists which remedies this problem.
!
-
018: SECURITY FIX: November 6, 2002
All architectures
Incorrect argument checking in the
--- 170,176 ----
A source code patch exists which remedies this problem.
!
-
018: SECURITY FIX: November 6, 2002
All architectures
Incorrect argument checking in the
***************
*** 179,185 ****
A source code patch exists which remedies this problem.
!
-
017: SECURITY FIX: November 6, 2002
All architectures
An attacker can bypass the restrictions imposed by sendmail's restricted shell,
--- 179,185 ----
A source code patch exists which remedies this problem.
!
-
017: SECURITY FIX: November 6, 2002
All architectures
An attacker can bypass the restrictions imposed by sendmail's restricted shell,
***************
*** 188,194 ****
A source code patch exists which remedies this problem.
!
-
016: SECURITY FIX: October 21, 2002
All architectures
A buffer overflow can occur in the
--- 188,194 ----
A source code patch exists which remedies this problem.
!
-
016: SECURITY FIX: October 21, 2002
All architectures
A buffer overflow can occur in the
***************
*** 197,203 ****
A source code patch exists which remedies this problem.
!
-
015: SECURITY FIX: October 2, 2002
All architectures
Incorrect argument checking in the
--- 197,203 ----
A source code patch exists which remedies this problem.
!
-
015: SECURITY FIX: October 2, 2002
All architectures
Incorrect argument checking in the
***************
*** 205,211 ****
A source code patch exists which remedies this problem.
!
-
014: SECURITY FIX: August 11, 2002
All architectures
An insufficient boundary check in the
--- 205,211 ----
A source code patch exists which remedies this problem.
!
-
014: SECURITY FIX: August 11, 2002
All architectures
An insufficient boundary check in the
***************
*** 215,221 ****
A source code patch exists which remedies this problem.
!
-
013: SECURITY FIX: July 30, 2002
All architectures
Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the
--- 215,221 ----
A source code patch exists which remedies this problem.
!
-
013: SECURITY FIX: July 30, 2002
All architectures
Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the
***************
*** 228,234 ****
This is the second version of the patch.
!
-
012: SECURITY FIX: July 29, 2002
All architectures
A buffer overflow can occur in the
--- 228,234 ----
This is the second version of the patch.
!
-
012: SECURITY FIX: July 29, 2002
All architectures
A buffer overflow can occur in the
***************
*** 239,245 ****
This is the second version of the patch.
!
-
011: SECURITY FIX: July 29, 2002
All architectures
A race condition exists in the
--- 239,245 ----
This is the second version of the patch.
!
-
011: SECURITY FIX: July 29, 2002
All architectures
A race condition exists in the
***************
*** 248,254 ****
A source code patch exists which remedies this problem.
!
-
010: RELIABILITY FIX: July 5, 2002
All architectures
Receiving IKE payloads out of sequence can cause
--- 248,254 ----
A source code patch exists which remedies this problem.
!
-
010: RELIABILITY FIX: July 5, 2002
All architectures
Receiving IKE payloads out of sequence can cause
***************
*** 258,271 ****
This is the second version of the patch.
!
-
009: SECURITY FIX: June 27, 2002
All architectures
The kernel would let any user ktrace(2) set[ug]id processes.
A source code patch exists which remedies this problem.
!
-
008: SECURITY FIX: June 26, 2002
All architectures
A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd
--- 258,271 ----
This is the second version of the patch.
!
-
009: SECURITY FIX: June 27, 2002
All architectures
The kernel would let any user ktrace(2) set[ug]id processes.
A source code patch exists which remedies this problem.
!
-
008: SECURITY FIX: June 26, 2002
All architectures
A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd
***************
*** 273,286 ****
A source code patch exists which remedies this problem.
!
-
007: SECURITY FIX: June 25, 2002
All architectures
A potential buffer overflow in the DNS resolver has been found.
A source code patch exists which remedies this problem.
!
-
006: SECURITY FIX: June 24, 2002
All architectures
All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation
--- 273,286 ----
A source code patch exists which remedies this problem.
!
-
007: SECURITY FIX: June 25, 2002
All architectures
A potential buffer overflow in the DNS resolver has been found.
A source code patch exists which remedies this problem.
!
-
006: SECURITY FIX: June 24, 2002
All architectures
All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation
***************
*** 289,295 ****
3.4, and a patch for the vulnerable releases is available as part of the
security advisory.
!
-
005: SECURITY FIX: June 19, 2002
All architectures
A buffer overflow can occur during the interpretation of chunked
--- 289,295 ----
3.4, and a patch for the vulnerable releases is available as part of the
security advisory.
!
-
005: SECURITY FIX: June 19, 2002
All architectures
A buffer overflow can occur during the interpretation of chunked
***************
*** 297,303 ****
A source code patch exists which remedies this problem.
!
-
004: SECURITY FIX: May 22, 2002
All architectures
Under certain conditions, on systems using YP with netgroups in the
--- 297,303 ----
A source code patch exists which remedies this problem.
!
-
004: SECURITY FIX: May 22, 2002
All architectures
Under certain conditions, on systems using YP with netgroups in the
***************
*** 310,316 ****
A source code patch exists which remedies this problem.
!
-
003: SECURITY FIX: May 8, 2002
All architectures
A race condition exists where an attacker could fill the file descriptor
--- 310,316 ----
A source code patch exists which remedies this problem.
!
-
003: SECURITY FIX: May 8, 2002
All architectures
A race condition exists where an attacker could fill the file descriptor
***************
*** 319,332 ****
A source code patch exists which remedies this problem.
!
-
002: SECURITY FIX: April 25, 2002
All architectures
A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
A source code patch exists which remedies this problem.
!
-
001: SECURITY FIX: April 22, 2002
All architectures
A local user can gain super-user privileges due to a buffer overflow
--- 319,332 ----
A source code patch exists which remedies this problem.
!
-
002: SECURITY FIX: April 25, 2002
All architectures
A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
A source code patch exists which remedies this problem.
!
-
001: SECURITY FIX: April 22, 2002
All architectures
A local user can gain super-user privileges due to a buffer overflow