===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata33.html,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- www/errata33.html 2019/05/27 22:55:19 1.81
+++ www/errata33.html 2019/05/28 16:32:42 1.82
@@ -84,125 +84,113 @@
--
-022: SECURITY FIX: May 5, 2004
+
+
-
+001: SECURITY FIX: August 4, 2003
All architectures
-Pathname validation problems have been found in
-cvs(1),
-allowing malicious clients to create files outside the repository, allowing
-malicious servers to overwrite files outside the local CVS tree on
-the client and allowing clients to check out files outside the CVS
-repository.
-
-
+An off-by-one error exists in the C library function
+realpath(3).
+Since this same bug resulted in a root compromise in the wu-ftpd ftp server
+it is possible that this bug may allow an attacker to gain escalated privileges
+on OpenBSD.
+
A source code patch exists which remedies this problem.
-
-
-021: RELIABILITY FIX: March 17, 2004
+
+
-
+002: RELIABILITY FIX: August 20, 2003
All architectures
-A missing check for a NULL-pointer dereference has been found in
-ssl(3).
-A remote attacker can use the bug to cause an OpenSSL application to crash;
-this may lead to a denial of service.
-
-
+An improper bounds check in the
+semget(2)
+system call can allow a local user to cause a kernel panic.
+
A source code patch exists which remedies this problem.
-
-
-020: RELIABILITY FIX: March 17, 2004
+
+
-
+003: SECURITY FIX: September 10, 2003
All architectures
-Defects in the payload validation and processing functions of
-isakmpd(8)
-have been discovered. An attacker could send malformed ISAKMP messages and
-cause isakmpd to crash or to loop endlessly. This patch fixes these problems
-and removes some memory leaks.
-
-
+Root may be able to reduce the security level by taking advantage of
+an integer overflow when the semaphore limits are made very large.
+
A source code patch exists which remedies this problem.
-
-
-019: SECURITY FIX: March 13, 2004
+
+
-
+004: SECURITY FIX: September 16, 2003
All architectures
-Due to a bug in the parsing of Allow/Deny rules for
-httpd(8)'s
-access module, using IP addresses without a netmask on big endian 64-bit
-platforms causes the rules to fail to match. This only affects sparc64.
-
-
+All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.
+It is unclear whether or not this bug is exploitable.
+
A source code patch exists which remedies this problem.
+NOTE: this is the second revision of the patch that fixes an additional
+problem.
-
-
-018: RELIABILITY FIX: March 8, 2004
+
+
-
+005: SECURITY FIX: September 17, 2003
All architectures
-OpenBSD's TCP/IP stack did not impose limits on how many out-of-order
-TCP segments are queued in the system. An attacker could
-send out-of-order TCP segments and trick the system into using all
-available memory buffers.
-
-
+A buffer overflow in the address parsing in
+sendmail(8)
+may allow an attacker to gain root privileges.
+
A source code patch exists which remedies this problem.
+NOTE: this is the second revision of the patch that fixes an additional
+problem.
-
-
-017: RELIABILITY FIX: February 14, 2004
+
+
-
+006: SECURITY FIX: September 24, 2003
All architectures
-Several buffer overflows exist in the code parsing
-font.aliases files in XFree86. Thanks to ProPolice, these cannot be
-exploited to gain privileges, but they can cause the X server to abort.
-
-
+Three cases of potential access to freed memory have been found in
+pf(4).
+At least one of them could be used to panic pf with active scrub rules remotely.
+
A source code patch exists which remedies this problem.
-
-
-016: SECURITY FIX: February 8, 2004
+
+
-
+007: SECURITY FIX: October 1, 2003
All architectures
-An IPv6 MTU handling problem exists that could be used by an attacker
-to cause a denial of service attack against hosts with reachable IPv6
-TCP ports.
-
-
+The use of certain ASN.1 encodings or malformed public keys may allow an
+attacker to mount a denial of service attack against applications linked with
+ssl(3).
+This does not affect OpenSSH.
+
A source code patch exists which remedies this problem.
-
-
-015: SECURITY FIX: February 5, 2004
+
+
-
+008: RELIABILITY FIX: October 1, 2003
All architectures
-A reference counting bug exists in the
-shmat(2)
-system call that could be used by an attacker to write to kernel memory
-under certain circumstances.
-
-
+It is possible for a local user to cause a system panic by flooding it with spoofed ARP
+requests.
+
A source code patch exists which remedies this problem.
-
-
-014: SECURITY FIX: January 15, 2004
+
+
-
+009: RELIABILITY FIX: October 29, 2003
All architectures
-Several message handling flaws in
-isakmpd(8)
-have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.
+A user with write permission to httpd.conf or a .htaccess
+file can crash
+httpd(8)
+or potentially run arbitrary code as the user www (although it
+is believed that ProPolice will prevent code execution).
-
+
A source code patch exists which remedies this problem.
-
-
-013: RELIABILITY FIX: November 20, 2003
+
+
-
+010: RELIABILITY FIX: November 4, 2003
All architectures
-An improper bounds check makes it possible for a local user to cause a crash
-by passing the
-semctl(2) and
-semop(2) functions
-certain arguments.
+It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
-
+
A source code patch exists which remedies this problem.
-
-
-012: RELIABILITY FIX: November 20, 2003
- All architectures
-It is possible for a local user to cause a crash via
-sysctl(3) with certain arguments.
-
-A source code patch exists which remedies this problem.
-
+
-
011: SECURITY FIX: November 17, 2003
i386 only
@@ -212,100 +200,134 @@
A source code patch exists which remedies this problem.
-
-
-010: RELIABILITY FIX: November 4, 2003
+
+
-
+012: RELIABILITY FIX: November 20, 2003
All architectures
-It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
+It is possible for a local user to cause a crash via
+sysctl(3) with certain arguments.
+
+A source code patch exists which remedies this problem.
+
+
+
-
+013: RELIABILITY FIX: November 20, 2003
+ All architectures
+An improper bounds check makes it possible for a local user to cause a crash
+by passing the
+semctl(2) and
+semop(2) functions
+certain arguments.
-
+
A source code patch exists which remedies this problem.
-
-
-009: RELIABILITY FIX: October 29, 2003
+
+
-
+014: SECURITY FIX: January 15, 2004
All architectures
-A user with write permission to httpd.conf or a .htaccess
-file can crash
-httpd(8)
-or potentially run arbitrary code as the user www (although it
-is believed that ProPolice will prevent code execution).
+Several message handling flaws in
+isakmpd(8)
+have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.
-
+
A source code patch exists which remedies this problem.
-
-
-008: RELIABILITY FIX: October 1, 2003
+
+
-
+015: SECURITY FIX: February 5, 2004
All architectures
-It is possible for a local user to cause a system panic by flooding it with spoofed ARP
-requests.
-
+A reference counting bug exists in the
+shmat(2)
+system call that could be used by an attacker to write to kernel memory
+under certain circumstances.
+
+
A source code patch exists which remedies this problem.
-
-
-007: SECURITY FIX: October 1, 2003
+
+
-
+016: SECURITY FIX: February 8, 2004
All architectures
-The use of certain ASN.1 encodings or malformed public keys may allow an
-attacker to mount a denial of service attack against applications linked with
-ssl(3).
-This does not affect OpenSSH.
-
+An IPv6 MTU handling problem exists that could be used by an attacker
+to cause a denial of service attack against hosts with reachable IPv6
+TCP ports.
+
+
A source code patch exists which remedies this problem.
-
-
-006: SECURITY FIX: September 24, 2003
+
+
-
+017: RELIABILITY FIX: February 14, 2004
All architectures
-Three cases of potential access to freed memory have been found in
-pf(4).
-At least one of them could be used to panic pf with active scrub rules remotely.
-
+Several buffer overflows exist in the code parsing
+font.aliases files in XFree86. Thanks to ProPolice, these cannot be
+exploited to gain privileges, but they can cause the X server to abort.
+
+
A source code patch exists which remedies this problem.
-
-
-005: SECURITY FIX: September 17, 2003
+
+
-
+018: RELIABILITY FIX: March 8, 2004
All architectures
-A buffer overflow in the address parsing in
-sendmail(8)
-may allow an attacker to gain root privileges.
-
+OpenBSD's TCP/IP stack did not impose limits on how many out-of-order
+TCP segments are queued in the system. An attacker could
+send out-of-order TCP segments and trick the system into using all
+available memory buffers.
+
+
A source code patch exists which remedies this problem.
-NOTE: this is the second revision of the patch that fixes an additional
-problem.
-
-
-004: SECURITY FIX: September 16, 2003
+
+
-
+019: SECURITY FIX: March 13, 2004
All architectures
-All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.
-It is unclear whether or not this bug is exploitable.
-
+Due to a bug in the parsing of Allow/Deny rules for
+httpd(8)'s
+access module, using IP addresses without a netmask on big endian 64-bit
+platforms causes the rules to fail to match. This only affects sparc64.
+
+
A source code patch exists which remedies this problem.
-NOTE: this is the second revision of the patch that fixes an additional
-problem.
-
-
-003: SECURITY FIX: September 10, 2003
+
+
-
+020: RELIABILITY FIX: March 17, 2004
All architectures
-Root may be able to reduce the security level by taking advantage of
-an integer overflow when the semaphore limits are made very large.
-
+Defects in the payload validation and processing functions of
+isakmpd(8)
+have been discovered. An attacker could send malformed ISAKMP messages and
+cause isakmpd to crash or to loop endlessly. This patch fixes these problems
+and removes some memory leaks.
+
+
A source code patch exists which remedies this problem.
-
-
-002: RELIABILITY FIX: August 20, 2003
+
+
-
+021: RELIABILITY FIX: March 17, 2004
All architectures
-An improper bounds check in the
-semget(2)
-system call can allow a local user to cause a kernel panic.
-
+A missing check for a NULL-pointer dereference has been found in
+ssl(3).
+A remote attacker can use the bug to cause an OpenSSL application to crash;
+this may lead to a denial of service.
+
+
A source code patch exists which remedies this problem.
-
-
-001: SECURITY FIX: August 4, 2003
+
+
-
+022: SECURITY FIX: May 5, 2004
All architectures
-An off-by-one error exists in the C library function
-realpath(3).
-Since this same bug resulted in a root compromise in the wu-ftpd ftp server
-it is possible that this bug may allow an attacker to gain escalated privileges
-on OpenBSD.
-
+Pathname validation problems have been found in
+cvs(1),
+allowing malicious clients to create files outside the repository, allowing
+malicious servers to overwrite files outside the local CVS tree on
+the client and allowing clients to check out files outside the CVS
+repository.
+
+
A source code patch exists which remedies this problem.