=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata33.html,v retrieving revision 1.39 retrieving revision 1.40 diff -c -r1.39 -r1.40 *** www/errata33.html 2010/03/08 21:53:37 1.39 --- www/errata33.html 2010/07/08 19:00:07 1.40 *************** *** 54,60 ****

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. --- 54,60 ----

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. *************** *** 79,85 **** the client and allowing clients to check out files outside the CVS repository.
! A source code patch exists which remedies this problem.

--- 79,85 ---- the client and allowing clients to check out files outside the CVS repository.
! A source code patch exists which remedies this problem.

*************** *** 90,96 **** A remote attacker can use the bug to cause an OpenSSL application to crash; this may lead to a denial of service.
! A source code patch exists which remedies this problem.

--- 90,96 ---- A remote attacker can use the bug to cause an OpenSSL application to crash; this may lead to a denial of service.
! A source code patch exists which remedies this problem.

*************** *** 102,108 **** cause isakmpd to crash or to loop endlessly. This patch fixes these problems and removes some memory leaks.
! A source code patch exists which remedies this problem.

--- 102,108 ---- cause isakmpd to crash or to loop endlessly. This patch fixes these problems and removes some memory leaks.
! A source code patch exists which remedies this problem.

*************** *** 113,119 **** access module, using IP addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. This only affects sparc64.
! A source code patch exists which remedies the problem.

--- 113,119 ---- access module, using IP addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. This only affects sparc64.
! A source code patch exists which remedies the problem.

*************** *** 124,130 **** send out-of-order TCP segments and trick the system into using all available memory buffers.
! A source code patch exists which remedies the problem.

--- 124,130 ---- send out-of-order TCP segments and trick the system into using all available memory buffers.
! A source code patch exists which remedies the problem.

*************** *** 134,140 **** font.aliases files in XFree86. Thanks to ProPolice, these cannot be exploited to gain privileges, but they can cause the X server to abort.
! A source code patch exists which remedies the problem.

--- 134,140 ---- font.aliases files in XFree86. Thanks to ProPolice, these cannot be exploited to gain privileges, but they can cause the X server to abort.
! A source code patch exists which remedies the problem.

*************** *** 143,149 **** to cause a denial of service attack against hosts with reachable IPv6 TCP ports.
! A source code patch exists which remedies the problem.

--- 143,149 ---- to cause a denial of service attack against hosts with reachable IPv6 TCP ports.
! A source code patch exists which remedies the problem.

*************** *** 153,159 **** system call that could be used by an attacker to write to kernel memory under certain circumstances.
! A source code patch exists which remedies the problem.

--- 153,159 ---- system call that could be used by an attacker to write to kernel memory under certain circumstances.
! A source code patch exists which remedies the problem.

*************** *** 162,168 **** isakmpd(8) have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.
! A source code patch exists which remedies these problems.

--- 162,168 ---- isakmpd(8) have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.
! A source code patch exists which remedies these problems.

*************** *** 173,193 **** semop(2) functions certain arguments.
! A source code patch exists which remedies the problem.

012: RELIABILITY FIX: November 20, 2003
It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
! A source code patch exists which remedies the problem.

010: RELIABILITY FIX: November 4, 2003
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
! A source code patch exists which remedies the problem.

--- 173,193 ---- semop(2) functions certain arguments.
! A source code patch exists which remedies the problem.

012: RELIABILITY FIX: November 20, 2003
It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
! A source code patch exists which remedies the problem.

*************** *** 198,211 **** or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution).
! A source code patch exists which remedies the problem.

008: RELIABILITY FIX: October 1, 2003
It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
! A source code patch exists which remedies the problem.

--- 198,211 ---- or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution).
! A source code patch exists which remedies the problem.

008: RELIABILITY FIX: October 1, 2003
It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
! A source code patch exists which remedies the problem.

*************** *** 214,220 **** attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
! A source code patch exists which remedies the problem.

--- 214,220 ---- attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
! A source code patch exists which remedies the problem.

*************** *** 222,228 **** Three cases of potential access to freed memory have been found in pf(4). At least one of them could be used to panic pf with active scrub rules remotely.
! A source code patch exists which remedies the problem.

--- 222,228 ---- Three cases of potential access to freed memory have been found in pf(4). At least one of them could be used to panic pf with active scrub rules remotely.
! A source code patch exists which remedies the problem.

*************** *** 230,236 **** A buffer overflow in the address parsing in sendmail(8) may allow an attacker to gain root privileges.
! A source code patch exists which remedies the problem.
NOTE: this is the second revision of the patch that fixes an additional problem. --- 230,236 ---- A buffer overflow in the address parsing in sendmail(8) may allow an attacker to gain root privileges.
! A source code patch exists which remedies the problem.
NOTE: this is the second revision of the patch that fixes an additional problem. *************** *** 239,245 **** 004: SECURITY FIX: September 16, 2003
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is unclear whether or not this bug is exploitable.
! A source code patch exists which remedies the problem.
NOTE: this is the second revision of the patch that fixes an additional problem. --- 239,245 ---- 004: SECURITY FIX: September 16, 2003
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is unclear whether or not this bug is exploitable.
! A source code patch exists which remedies the problem.
NOTE: this is the second revision of the patch that fixes an additional problem. *************** *** 248,254 **** 003: SECURITY FIX: September 10, 2003
Root may be able to reduce the security level by taking advantage of an integer overflow when the semaphore limits are made very large.
! A source code patch exists which remedies the problem.

--- 248,254 ---- 003: SECURITY FIX: September 10, 2003
Root may be able to reduce the security level by taking advantage of an integer overflow when the semaphore limits are made very large.
! A source code patch exists which remedies the problem.

*************** *** 256,262 **** An improper bounds check in the semget(2) system call can allow a local user to cause a kernel panic.
! A source code patch exists which remedies the problem.

--- 256,262 ---- An improper bounds check in the semget(2) system call can allow a local user to cause a kernel panic.
! A source code patch exists which remedies the problem.

*************** *** 266,272 **** Since this same bug resulted in a root compromise in the wu-ftpd ftp server it is possible that this bug may allow an attacker to gain escalated privileges on OpenBSD.
! A source code patch exists which remedies the problem.

--- 266,272 ---- Since this same bug resulted in a root compromise in the wu-ftpd ftp server it is possible that this bug may allow an attacker to gain escalated privileges on OpenBSD.
! A source code patch exists which remedies the problem.

*************** *** 279,285 **** It is possible for a local user to execute arbitrary code resulting in escalation of privileges due to a stack overrun in compat_ibcs2(8).
! A source code patch exists which remedies the problem.

--- 279,285 ---- It is possible for a local user to execute arbitrary code resulting in escalation of privileges due to a stack overrun in compat_ibcs2(8).
! A source code patch exists which remedies the problem.

*************** *** 377,383 ****

www@openbsd.org !
$OpenBSD: errata33.html,v 1.39 2010/03/08 21:53:37 deraadt Exp $ --- 377,383 ----

www@openbsd.org !
$OpenBSD: errata33.html,v 1.40 2010/07/08 19:00:07 sthen Exp $