=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata33.html,v retrieving revision 1.71 retrieving revision 1.72 diff -c -r1.71 -r1.72 *** www/errata33.html 2016/08/15 02:22:06 1.71 --- www/errata33.html 2016/10/16 19:11:29 1.72 *************** *** 70,76 ****

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

--- 70,76 ----

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

*************** *** 96,102 **** the client and allowing clients to check out files outside the CVS repository.
! A source code patch exists which remedies this problem.

--- 96,102 ---- the client and allowing clients to check out files outside the CVS repository.
! A source code patch exists which remedies this problem.

*************** *** 107,113 **** A remote attacker can use the bug to cause an OpenSSL application to crash; this may lead to a denial of service.
! A source code patch exists which remedies this problem.

--- 107,113 ---- A remote attacker can use the bug to cause an OpenSSL application to crash; this may lead to a denial of service.
! A source code patch exists which remedies this problem.

*************** *** 119,125 **** cause isakmpd to crash or to loop endlessly. This patch fixes these problems and removes some memory leaks.
! A source code patch exists which remedies this problem.

--- 119,125 ---- cause isakmpd to crash or to loop endlessly. This patch fixes these problems and removes some memory leaks.
! A source code patch exists which remedies this problem.

*************** *** 130,136 **** access module, using IP addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. This only affects sparc64.
! A source code patch exists which remedies this problem.

--- 130,136 ---- access module, using IP addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. This only affects sparc64.
! A source code patch exists which remedies this problem.

*************** *** 141,147 **** send out-of-order TCP segments and trick the system into using all available memory buffers.
! A source code patch exists which remedies this problem.

--- 141,147 ---- send out-of-order TCP segments and trick the system into using all available memory buffers.
! A source code patch exists which remedies this problem.

*************** *** 151,157 **** font.aliases files in XFree86. Thanks to ProPolice, these cannot be exploited to gain privileges, but they can cause the X server to abort.
! A source code patch exists which remedies this problem.

--- 151,157 ---- font.aliases files in XFree86. Thanks to ProPolice, these cannot be exploited to gain privileges, but they can cause the X server to abort.
! A source code patch exists which remedies this problem.

*************** *** 161,167 **** to cause a denial of service attack against hosts with reachable IPv6 TCP ports.
! A source code patch exists which remedies this problem.

--- 161,167 ---- to cause a denial of service attack against hosts with reachable IPv6 TCP ports.
! A source code patch exists which remedies this problem.

*************** *** 172,178 **** system call that could be used by an attacker to write to kernel memory under certain circumstances.
! A source code patch exists which remedies this problem.

--- 172,178 ---- system call that could be used by an attacker to write to kernel memory under certain circumstances.
! A source code patch exists which remedies this problem.

*************** *** 182,188 **** isakmpd(8) have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.
! A source code patch exists which remedies this problem.

--- 182,188 ---- isakmpd(8) have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.
! A source code patch exists which remedies this problem.

*************** *** 194,200 **** semop(2) functions certain arguments.
! A source code patch exists which remedies this problem.

--- 194,200 ---- semop(2) functions certain arguments.
! A source code patch exists which remedies this problem.

*************** *** 202,208 **** All architectures
It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
! A source code patch exists which remedies this problem.

--- 202,208 ---- All architectures
It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
! A source code patch exists which remedies this problem.

*************** *** 212,218 **** It is possible for a local user to execute arbitrary code resulting in escalation of privileges due to a stack overrun in compat_ibcs2(8).
! A source code patch exists which remedies this problem.

--- 212,218 ---- It is possible for a local user to execute arbitrary code resulting in escalation of privileges due to a stack overrun in compat_ibcs2(8).
! A source code patch exists which remedies this problem.

*************** *** 220,226 **** All architectures
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
! A source code patch exists which remedies this problem.

--- 220,226 ---- All architectures
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
! A source code patch exists which remedies this problem.

*************** *** 232,238 **** or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution).
! A source code patch exists which remedies this problem.

--- 232,238 ---- or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution).
! A source code patch exists which remedies this problem.

*************** *** 240,246 **** All architectures
It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
! A source code patch exists which remedies this problem.

--- 240,246 ---- All architectures
It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
! A source code patch exists which remedies this problem.

*************** *** 250,256 **** attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
! A source code patch exists which remedies this problem.

--- 250,256 ---- attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
! A source code patch exists which remedies this problem.

*************** *** 259,265 **** Three cases of potential access to freed memory have been found in pf(4). At least one of them could be used to panic pf with active scrub rules remotely.
! A source code patch exists which remedies this problem.

--- 259,265 ---- Three cases of potential access to freed memory have been found in pf(4). At least one of them could be used to panic pf with active scrub rules remotely.
! A source code patch exists which remedies this problem.

*************** *** 268,274 **** A buffer overflow in the address parsing in sendmail(8) may allow an attacker to gain root privileges.
! A source code patch exists which remedies this problem. NOTE: this is the second revision of the patch that fixes an additional problem. --- 268,274 ---- A buffer overflow in the address parsing in sendmail(8) may allow an attacker to gain root privileges.
! A source code patch exists which remedies this problem. NOTE: this is the second revision of the patch that fixes an additional problem. *************** *** 278,284 **** All architectures
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is unclear whether or not this bug is exploitable.
! A source code patch exists which remedies this problem. NOTE: this is the second revision of the patch that fixes an additional problem. --- 278,284 ---- All architectures
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is unclear whether or not this bug is exploitable.
! A source code patch exists which remedies this problem. NOTE: this is the second revision of the patch that fixes an additional problem. *************** *** 288,294 **** All architectures
Root may be able to reduce the security level by taking advantage of an integer overflow when the semaphore limits are made very large.
! A source code patch exists which remedies this problem.

--- 288,294 ---- All architectures
Root may be able to reduce the security level by taking advantage of an integer overflow when the semaphore limits are made very large.
! A source code patch exists which remedies this problem.

*************** *** 297,303 **** An improper bounds check in the semget(2) system call can allow a local user to cause a kernel panic.
! A source code patch exists which remedies this problem.

--- 297,303 ---- An improper bounds check in the semget(2) system call can allow a local user to cause a kernel panic.
! A source code patch exists which remedies this problem.

*************** *** 308,314 **** Since this same bug resulted in a root compromise in the wu-ftpd ftp server it is possible that this bug may allow an attacker to gain escalated privileges on OpenBSD.
! A source code patch exists which remedies this problem.

--- 308,314 ---- Since this same bug resulted in a root compromise in the wu-ftpd ftp server it is possible that this bug may allow an attacker to gain escalated privileges on OpenBSD.
! A source code patch exists which remedies this problem.