===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata33.html,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -r1.71 -r1.72
--- www/errata33.html 2016/08/15 02:22:06 1.71
+++ www/errata33.html 2016/10/16 19:11:29 1.72
@@ -70,7 +70,7 @@
-
+
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
@@ -96,7 +96,7 @@
the client and allowing clients to check out files outside the CVS
repository.
-
+
A source code patch exists which remedies this problem.
@@ -107,7 +107,7 @@
A remote attacker can use the bug to cause an OpenSSL application to crash;
this may lead to a denial of service.
-
+
A source code patch exists which remedies this problem.
@@ -119,7 +119,7 @@
cause isakmpd to crash or to loop endlessly. This patch fixes these problems
and removes some memory leaks.
-
+
A source code patch exists which remedies this problem.
@@ -130,7 +130,7 @@
access module, using IP addresses without a netmask on big endian 64-bit
platforms causes the rules to fail to match. This only affects sparc64.
-
+
A source code patch exists which remedies this problem.
@@ -141,7 +141,7 @@
send out-of-order TCP segments and trick the system into using all
available memory buffers.
-
+
A source code patch exists which remedies this problem.
@@ -151,7 +151,7 @@
font.aliases files in XFree86. Thanks to ProPolice, these cannot be
exploited to gain privileges, but they can cause the X server to abort.
-
+
A source code patch exists which remedies this problem.
@@ -161,7 +161,7 @@
to cause a denial of service attack against hosts with reachable IPv6
TCP ports.
-
+
A source code patch exists which remedies this problem.
@@ -172,7 +172,7 @@
system call that could be used by an attacker to write to kernel memory
under certain circumstances.
-
+
A source code patch exists which remedies this problem.
@@ -182,7 +182,7 @@
isakmpd(8)
have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.
-
+
A source code patch exists which remedies this problem.
@@ -194,7 +194,7 @@
semop(2) functions
certain arguments.
-
+
A source code patch exists which remedies this problem.
@@ -202,7 +202,7 @@
All architectures
It is possible for a local user to cause a crash via
sysctl(3) with certain arguments.
-
+
A source code patch exists which remedies this problem.
@@ -212,7 +212,7 @@
It is possible for a local user to execute arbitrary code resulting in escalation of
privileges due to a stack overrun in
compat_ibcs2(8).
-
+
A source code patch exists which remedies this problem.
@@ -220,7 +220,7 @@
All architectures
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
-
+
A source code patch exists which remedies this problem.
@@ -232,7 +232,7 @@
or potentially run arbitrary code as the user www (although it
is believed that ProPolice will prevent code execution).
-
+
A source code patch exists which remedies this problem.
@@ -240,7 +240,7 @@
All architectures
It is possible for a local user to cause a system panic by flooding it with spoofed ARP
requests.
-
+
A source code patch exists which remedies this problem.
@@ -250,7 +250,7 @@
attacker to mount a denial of service attack against applications linked with
ssl(3).
This does not affect OpenSSH.
-
+
A source code patch exists which remedies this problem.
@@ -259,7 +259,7 @@
Three cases of potential access to freed memory have been found in
pf(4).
At least one of them could be used to panic pf with active scrub rules remotely.
-
+
A source code patch exists which remedies this problem.
@@ -268,7 +268,7 @@
A buffer overflow in the address parsing in
sendmail(8)
may allow an attacker to gain root privileges.
-
+
A source code patch exists which remedies this problem.
NOTE: this is the second revision of the patch that fixes an additional
problem.
@@ -278,7 +278,7 @@
All architectures
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.
It is unclear whether or not this bug is exploitable.
-
+
A source code patch exists which remedies this problem.
NOTE: this is the second revision of the patch that fixes an additional
problem.
@@ -288,7 +288,7 @@
All architectures
Root may be able to reduce the security level by taking advantage of
an integer overflow when the semaphore limits are made very large.
-
+
A source code patch exists which remedies this problem.
@@ -297,7 +297,7 @@
An improper bounds check in the
semget(2)
system call can allow a local user to cause a kernel panic.
-
+
A source code patch exists which remedies this problem.
@@ -308,7 +308,7 @@
Since this same bug resulted in a root compromise in the wu-ftpd ftp server
it is possible that this bug may allow an attacker to gain escalated privileges
on OpenBSD.
-
+
A source code patch exists which remedies this problem.