=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata34.html,v retrieving revision 1.47 retrieving revision 1.48 diff -c -r1.47 -r1.48 *** www/errata34.html 2010/03/08 21:53:37 1.47 --- www/errata34.html 2010/07/08 19:00:07 1.48 *************** *** 54,60 ****
! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. --- 54,60 ----
! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. *************** *** 78,84 **** ipsec(4) credentials on a socket.
! A source code patch exists which remedies this problem.

  • --- 78,84 ---- ipsec(4) credentials on a socket.
    ! A source code patch exists which remedies this problem.

  • *************** *** 91,97 **** lynx(1) to exhaust memory and then crash when parsing such pages.
    ! A source code patch exists which remedies this problem.

  • --- 91,97 ---- lynx(1) to exhaust memory and then crash when parsing such pages.
    ! A source code patch exists which remedies this problem.

  • *************** *** 100,106 **** contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
    ! A source code patch exists which remedies this problem.

  • --- 100,106 ---- contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
    ! A source code patch exists which remedies this problem.

  • *************** *** 109,115 **** cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries.
    ! A source code patch exists which remedies this problem.

  • --- 109,115 ---- cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries.
    ! A source code patch exists which remedies this problem.

  • *************** *** 120,126 **** This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
    ! A source code patch exists which remedies this problem.

  • --- 120,126 ---- This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
    ! A source code patch exists which remedies this problem.

  • *************** *** 133,139 **** Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
    ! A source code patch exists which remedies this problem.

  • --- 133,139 ---- Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
    ! A source code patch exists which remedies this problem.

  • *************** *** 144,150 **** This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.
    ! A source code patch exists which remedies this problem.

    --- 144,150 ---- This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.
    ! A source code patch exists which remedies this problem.

    *************** *** 156,162 **** bridge(4) with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
    ! A source code patch exists which remedies this problem.

  • --- 156,162 ---- bridge(4) with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
    ! A source code patch exists which remedies this problem.

  • *************** *** 166,172 ****
    http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
    ! A source code patch exists which remedies this problem.

  • --- 166,172 ----
    http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
    ! A source code patch exists which remedies this problem.

  • *************** *** 175,181 **** encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up.
    ! A source code patch exists which remedies this problem.

  • --- 175,181 ---- encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up.
    ! A source code patch exists which remedies this problem.

  • *************** *** 188,194 **** CAN-2004-0488, CAN-2004-0492.
    ! A source code patch exists which remedies this problem.

  • --- 188,194 ---- CAN-2004-0488, CAN-2004-0492.
    ! A source code patch exists which remedies this problem.

  • *************** *** 200,206 **** is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
    ! A source code patch exists which remedies this problem.

  • --- 200,206 ---- is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
    ! A source code patch exists which remedies this problem.

  • *************** *** 210,216 **** server that allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
    ! A source code patch exists which remedies this problem.

  • --- 210,216 ---- server that allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
    ! A source code patch exists which remedies this problem.

  • *************** *** 226,232 **** Heimdal's announcement.
    A source code patch exists which remedies this problem.

  • --- 226,232 ---- Heimdal's announcement.
    A source code patch exists which remedies this problem.

  • *************** *** 238,244 **** malformed requests, enabling these clients to run arbitrary code with the same privileges as the CVS server program.
    ! A source code patch exists which remedies this problem.

  • --- 238,244 ---- malformed requests, enabling these clients to run arbitrary code with the same privileges as the CVS server program.
    ! A source code patch exists which remedies this problem.

  • *************** *** 246,252 **** 2004
    Check for integer overflow in procfs. Use of procfs is not recommended.
    ! A source code patch exists which remedies this problem.

  • --- 246,252 ---- 2004
    Check for integer overflow in procfs. Use of procfs is not recommended.
    ! A source code patch exists which remedies this problem.

  • *************** *** 254,260 **** 2004
    Reply to in-window SYN with a rate-limited ACK.
    ! A source code patch exists which remedies this problem.

  • --- 254,260 ---- 2004
    Reply to in-window SYN with a rate-limited ACK.
    ! A source code patch exists which remedies this problem.

  • *************** *** 264,270 **** gdt(4) controllers will lock up.
    ! A source code patch exists which remedies this problem.

  • --- 264,270 ---- gdt(4) controllers will lock up.
    ! A source code patch exists which remedies this problem.

  • *************** *** 277,283 **** the client and allowing clients to check out files outside the CVS repository.
    ! A source code patch exists which remedies this problem.

  • --- 277,283 ---- the client and allowing clients to check out files outside the CVS repository.
    ! A source code patch exists which remedies this problem.

  • *************** *** 288,294 **** A remote attacker can use the bug to cause an OpenSSL application to crash; this may lead to a denial of service.
    ! A source code patch exists which remedies this problem.

  • --- 288,294 ---- A remote attacker can use the bug to cause an OpenSSL application to crash; this may lead to a denial of service.
    ! A source code patch exists which remedies this problem.

  • *************** *** 300,306 **** cause isakmpd to crash or to loop endlessly. This patch fixes these problems and removes some memory leaks.
    ! A source code patch exists which remedies this problem.

  • --- 300,306 ---- cause isakmpd to crash or to loop endlessly. This patch fixes these problems and removes some memory leaks.
    ! A source code patch exists which remedies this problem.

  • *************** *** 311,317 **** access module, using IP addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. This only affects sparc64.
    ! A source code patch exists which remedies the problem.

  • --- 311,317 ---- access module, using IP addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. This only affects sparc64.
    ! A source code patch exists which remedies the problem.

  • *************** *** 322,328 **** send out-of-order TCP segments and trick the system into using all available memory buffers.
    ! A source code patch exists which remedies the problem.

  • --- 322,328 ---- send out-of-order TCP segments and trick the system into using all available memory buffers.
    ! A source code patch exists which remedies the problem.

  • *************** *** 332,338 **** font.aliases files in XFree86. Thanks to ProPolice, these cannot be exploited to gain privileges, but they can cause the X server to abort.
    ! A source code patch exists which remedies the problem.

  • --- 332,338 ---- font.aliases files in XFree86. Thanks to ProPolice, these cannot be exploited to gain privileges, but they can cause the X server to abort.
    ! A source code patch exists which remedies the problem.

  • *************** *** 341,347 **** to cause a denial of service attack against hosts with reachable IPv6 TCP ports.
    ! A source code patch exists which remedies the problem.

  • --- 341,347 ---- to cause a denial of service attack against hosts with reachable IPv6 TCP ports.
    ! A source code patch exists which remedies the problem.

  • *************** *** 351,357 **** system call that could be used by an attacker to write to kernel memory under certain circumstances.
    ! A source code patch exists which remedies the problem.

  • --- 351,357 ---- system call that could be used by an attacker to write to kernel memory under certain circumstances.
    ! A source code patch exists which remedies the problem.

  • *************** *** 362,368 **** includes a reliability fix for a filedescriptor leak that causes problems when a crypto card is installed.
    ! A source code patch exists which remedies these problems.

  • --- 362,368 ---- includes a reliability fix for a filedescriptor leak that causes problems when a crypto card is installed.
    ! A source code patch exists which remedies these problems.

  • *************** *** 373,379 **** semop(2) functions certain arguments.
    ! A source code patch exists which remedies the problem.

  • --- 373,379 ---- semop(2) functions certain arguments.
    ! A source code patch exists which remedies the problem.

  • *************** *** 381,394 **** It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
    ! A source code patch exists which remedies the problem.

  • 005: RELIABILITY FIX: November 4, 2003
    It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
    ! A source code patch exists which remedies the problem.

  • --- 381,394 ---- It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
    ! A source code patch exists which remedies the problem.

  • 005: RELIABILITY FIX: November 4, 2003
    It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
    ! A source code patch exists which remedies the problem.

  • *************** *** 399,412 **** or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution).
    ! A source code patch exists which remedies the problem.

  • 003: RELIABILITY FIX: November 1, 2003
    It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
    ! A source code patch exists which remedies the problem.

  • --- 399,412 ---- or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution).
    ! A source code patch exists which remedies the problem.

  • 003: RELIABILITY FIX: November 1, 2003
    It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
    ! A source code patch exists which remedies the problem.

  • *************** *** 415,421 **** attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
    ! A source code patch exists which remedies the problem.

  • --- 415,421 ---- attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
    ! A source code patch exists which remedies the problem.

  • *************** *** 423,432 **** The CD insert documentation has an incorrect example for package installation.
    Where it is written:

               ! # pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386

    It should instead read:

               ! # pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/

    The extra / at the end is important. We do not make patch files available for things printed on paper.

    --- 423,432 ---- The CD insert documentation has an incorrect example for package installation.
    Where it is written:

               ! # pkg_add http://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386

    It should instead read:

               ! # pkg_add http://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/

    The extra / at the end is important. We do not make patch files available for things printed on paper.

    *************** *** 444,450 **** sysctl(8) for this to happen.
    ! A source code patch exists which remedies the problem.

    --- 444,450 ---- sysctl(8) for this to happen.
    ! A source code patch exists which remedies the problem.

    *************** *** 542,548 ****

    OpenBSD www@openbsd.org !
    $OpenBSD: errata34.html,v 1.47 2010/03/08 21:53:37 deraadt Exp $ --- 542,548 ----
    OpenBSD www@openbsd.org !
    $OpenBSD: errata34.html,v 1.48 2010/07/08 19:00:07 sthen Exp $