===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata33.html,v
retrieving revision 1.39
retrieving revision 1.40
diff -c -r1.39 -r1.40
*** www/errata33.html 2010/03/08 21:53:37 1.39
--- www/errata33.html 2010/07/08 19:00:07 1.40
***************
*** 54,60 ****
!
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
--- 54,60 ----
!
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
***************
*** 79,85 ****
the client and allowing clients to check out files outside the CVS
repository.
!
A source code patch exists which remedies this problem.
--- 79,85 ----
the client and allowing clients to check out files outside the CVS
repository.
!
A source code patch exists which remedies this problem.
***************
*** 90,96 ****
A remote attacker can use the bug to cause an OpenSSL application to crash;
this may lead to a denial of service.
!
A source code patch exists which remedies this problem.
--- 90,96 ----
A remote attacker can use the bug to cause an OpenSSL application to crash;
this may lead to a denial of service.
!
A source code patch exists which remedies this problem.
***************
*** 102,108 ****
cause isakmpd to crash or to loop endlessly. This patch fixes these problems
and removes some memory leaks.
!
A source code patch exists which remedies this problem.
--- 102,108 ----
cause isakmpd to crash or to loop endlessly. This patch fixes these problems
and removes some memory leaks.
!
A source code patch exists which remedies this problem.
***************
*** 113,119 ****
access module, using IP addresses without a netmask on big endian 64-bit
platforms causes the rules to fail to match. This only affects sparc64.
!
A source code patch exists which remedies the problem.
--- 113,119 ----
access module, using IP addresses without a netmask on big endian 64-bit
platforms causes the rules to fail to match. This only affects sparc64.
!
A source code patch exists which remedies the problem.
***************
*** 124,130 ****
send out-of-order TCP segments and trick the system into using all
available memory buffers.
!
A source code patch exists which remedies the problem.
--- 124,130 ----
send out-of-order TCP segments and trick the system into using all
available memory buffers.
!
A source code patch exists which remedies the problem.
***************
*** 134,140 ****
font.aliases files in XFree86. Thanks to ProPolice, these cannot be
exploited to gain privileges, but they can cause the X server to abort.
!
A source code patch exists which remedies the problem.
--- 134,140 ----
font.aliases files in XFree86. Thanks to ProPolice, these cannot be
exploited to gain privileges, but they can cause the X server to abort.
!
A source code patch exists which remedies the problem.
***************
*** 143,149 ****
to cause a denial of service attack against hosts with reachable IPv6
TCP ports.
!
A source code patch exists which remedies the problem.
--- 143,149 ----
to cause a denial of service attack against hosts with reachable IPv6
TCP ports.
!
A source code patch exists which remedies the problem.
***************
*** 153,159 ****
system call that could be used by an attacker to write to kernel memory
under certain circumstances.
!
A source code patch exists which remedies the problem.
--- 153,159 ----
system call that could be used by an attacker to write to kernel memory
under certain circumstances.
!
A source code patch exists which remedies the problem.
***************
*** 162,168 ****
isakmpd(8)
have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.
!
A source code patch exists which remedies these problems.
--- 162,168 ----
isakmpd(8)
have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.
!
A source code patch exists which remedies these problems.
***************
*** 173,193 ****
semop(2) functions
certain arguments.
!
A source code patch exists which remedies the problem.
012: RELIABILITY FIX: November 20, 2003
It is possible for a local user to cause a crash via
sysctl(3) with certain arguments.
!
A source code patch exists which remedies the problem.
010: RELIABILITY FIX: November 4, 2003
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
!
A source code patch exists which remedies the problem.
--- 173,193 ----
semop(2) functions
certain arguments.
!
A source code patch exists which remedies the problem.
012: RELIABILITY FIX: November 20, 2003
It is possible for a local user to cause a crash via
sysctl(3) with certain arguments.
!
A source code patch exists which remedies the problem.
010: RELIABILITY FIX: November 4, 2003
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
!
A source code patch exists which remedies the problem.
***************
*** 198,211 ****
or potentially run arbitrary code as the user www (although it
is believed that ProPolice will prevent code execution).
!
A source code patch exists which remedies the problem.
008: RELIABILITY FIX: October 1, 2003
It is possible for a local user to cause a system panic by flooding it with spoofed ARP
requests.
!
A source code patch exists which remedies the problem.
--- 198,211 ----
or potentially run arbitrary code as the user www (although it
is believed that ProPolice will prevent code execution).
!
A source code patch exists which remedies the problem.
008: RELIABILITY FIX: October 1, 2003
It is possible for a local user to cause a system panic by flooding it with spoofed ARP
requests.
!
A source code patch exists which remedies the problem.
***************
*** 214,220 ****
attacker to mount a denial of service attack against applications linked with
ssl(3).
This does not affect OpenSSH.
!
A source code patch exists which remedies the problem.
--- 214,220 ----
attacker to mount a denial of service attack against applications linked with
ssl(3).
This does not affect OpenSSH.
!
A source code patch exists which remedies the problem.
***************
*** 222,228 ****
Three cases of potential access to freed memory have been found in
pf(4).
At least one of them could be used to panic pf with active scrub rules remotely.
!
A source code patch exists which remedies the problem.
--- 222,228 ----
Three cases of potential access to freed memory have been found in
pf(4).
At least one of them could be used to panic pf with active scrub rules remotely.
!
A source code patch exists which remedies the problem.
***************
*** 230,236 ****
A buffer overflow in the address parsing in
sendmail(8)
may allow an attacker to gain root privileges.
!
A source code patch exists which remedies the problem.
NOTE: this is the second revision of the patch that fixes an additional
problem.
--- 230,236 ----
A buffer overflow in the address parsing in
sendmail(8)
may allow an attacker to gain root privileges.
!
A source code patch exists which remedies the problem.
NOTE: this is the second revision of the patch that fixes an additional
problem.
***************
*** 239,245 ****
004: SECURITY FIX: September 16, 2003
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.
It is unclear whether or not this bug is exploitable.
! A
source code patch exists which remedies the problem.
NOTE: this is the second revision of the patch that fixes an additional
problem.
--- 239,245 ----
004: SECURITY FIX: September 16, 2003
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.
It is unclear whether or not this bug is exploitable.
! A
source code patch exists which remedies the problem.
NOTE: this is the second revision of the patch that fixes an additional
problem.
***************
*** 248,254 ****
003: SECURITY FIX: September 10, 2003
Root may be able to reduce the security level by taking advantage of
an integer overflow when the semaphore limits are made very large.
!
A source code patch exists which remedies the problem.
--- 248,254 ----
003: SECURITY FIX: September 10, 2003
Root may be able to reduce the security level by taking advantage of
an integer overflow when the semaphore limits are made very large.
!
A source code patch exists which remedies the problem.
***************
*** 256,262 ****
An improper bounds check in the
semget(2)
system call can allow a local user to cause a kernel panic.
!
A source code patch exists which remedies the problem.
--- 256,262 ----
An improper bounds check in the
semget(2)
system call can allow a local user to cause a kernel panic.
!
A source code patch exists which remedies the problem.
***************
*** 266,272 ****
Since this same bug resulted in a root compromise in the wu-ftpd ftp server
it is possible that this bug may allow an attacker to gain escalated privileges
on OpenBSD.
!
A source code patch exists which remedies the problem.
--- 266,272 ----
Since this same bug resulted in a root compromise in the wu-ftpd ftp server
it is possible that this bug may allow an attacker to gain escalated privileges
on OpenBSD.
!
A source code patch exists which remedies the problem.
***************
*** 279,285 ****
It is possible for a local user to execute arbitrary code resulting in escalation of
privileges due to a stack overrun in
compat_ibcs2(8).
!
A source code patch exists which remedies the problem.
--- 279,285 ----
It is possible for a local user to execute arbitrary code resulting in escalation of
privileges due to a stack overrun in
compat_ibcs2(8).
!
A source code patch exists which remedies the problem.
***************
*** 377,383 ****
www@openbsd.org
!
$OpenBSD: errata33.html,v 1.39 2010/03/08 21:53:37 deraadt Exp $