=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata34.html,v retrieving revision 1.79 retrieving revision 1.80 diff -c -r1.79 -r1.80 *** www/errata34.html 2016/08/15 02:22:06 1.79 --- www/errata34.html 2016/10/16 19:11:29 1.80 *************** *** 68,74 ****
! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

--- 68,74 ----

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

*************** *** 94,100 **** ipsec(4) credentials on a socket.
! A source code patch exists which remedies this problem.

  • --- 94,100 ---- ipsec(4) credentials on a socket.
    ! A source code patch exists which remedies this problem.

  • *************** *** 108,114 **** lynx(1) to exhaust memory and then crash when parsing such pages.
    ! A source code patch exists which remedies this problem.

  • --- 108,114 ---- lynx(1) to exhaust memory and then crash when parsing such pages.
    ! A source code patch exists which remedies this problem.

  • *************** *** 118,124 **** contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
    ! A source code patch exists which remedies this problem.

  • --- 118,124 ---- contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
    ! A source code patch exists which remedies this problem.

  • *************** *** 128,134 **** cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries.
    ! A source code patch exists which remedies this problem.

  • --- 128,134 ---- cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries.
    ! A source code patch exists which remedies this problem.

  • *************** *** 140,146 **** This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
    ! A source code patch exists which remedies this problem.

  • --- 140,146 ---- This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
    ! A source code patch exists which remedies this problem.

  • *************** *** 154,160 **** Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
    ! A source code patch exists which remedies this problem.

  • --- 154,160 ---- Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
    ! A source code patch exists which remedies this problem.

  • *************** *** 166,172 **** This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.
    ! A source code patch exists which remedies this problem.

    --- 166,172 ---- This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.
    ! A source code patch exists which remedies this problem.

    *************** *** 179,185 **** bridge(4) with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
    ! A source code patch exists which remedies this problem.

  • --- 179,185 ---- bridge(4) with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
    ! A source code patch exists which remedies this problem.

  • *************** *** 190,196 ****
    http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
    ! A source code patch exists which remedies this problem.

  • --- 190,196 ----
    http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
    ! A source code patch exists which remedies this problem.

  • *************** *** 200,206 **** encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up.
    ! A source code patch exists which remedies this problem.

  • --- 200,206 ---- encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up.
    ! A source code patch exists which remedies this problem.

  • *************** *** 214,220 **** CAN-2004-0488, CAN-2004-0492.
    ! A source code patch exists which remedies this problem.

  • --- 214,220 ---- CAN-2004-0488, CAN-2004-0492.
    ! A source code patch exists which remedies this problem.

  • *************** *** 227,233 **** is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
    ! A source code patch exists which remedies this problem.

  • --- 227,233 ---- is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
    ! A source code patch exists which remedies this problem.

  • *************** *** 238,244 **** server that allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
    ! A source code patch exists which remedies this problem.

  • --- 238,244 ---- server that allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
    ! A source code patch exists which remedies this problem.

  • *************** *** 253,259 **** more details see Heimdal's announcement.
    ! A source code patch exists which remedies this problem.

  • --- 253,259 ---- more details see Heimdal's announcement.
    ! A source code patch exists which remedies this problem.

  • *************** *** 265,271 **** malformed requests, enabling these clients to run arbitrary code with the same privileges as the CVS server program.
    ! A source code patch exists which remedies this problem.

  • --- 265,271 ---- malformed requests, enabling these clients to run arbitrary code with the same privileges as the CVS server program.
    ! A source code patch exists which remedies this problem.

  • *************** *** 273,279 ****   All architectures
    Check for integer overflow in procfs. Use of procfs is not recommended.
    ! A source code patch exists which remedies this problem.

  • --- 273,279 ----   All architectures
    Check for integer overflow in procfs. Use of procfs is not recommended.
    ! A source code patch exists which remedies this problem.

  • *************** *** 281,287 ****   All architectures
    Reply to in-window SYN with a rate-limited ACK.
    ! A source code patch exists which remedies this problem.

  • --- 281,287 ----   All architectures
    Reply to in-window SYN with a rate-limited ACK.
    ! A source code patch exists which remedies this problem.

  • *************** *** 291,297 **** gdt(4) controllers will lock up.
    ! A source code patch exists which remedies this problem.

  • --- 291,297 ---- gdt(4) controllers will lock up.
    ! A source code patch exists which remedies this problem.

  • *************** *** 304,310 **** the client and allowing clients to check out files outside the CVS repository.
    ! A source code patch exists which remedies this problem.

  • --- 304,310 ---- the client and allowing clients to check out files outside the CVS repository.
    ! A source code patch exists which remedies this problem.

  • *************** *** 315,321 **** A remote attacker can use the bug to cause an OpenSSL application to crash; this may lead to a denial of service.
    ! A source code patch exists which remedies this problem.

  • --- 315,321 ---- A remote attacker can use the bug to cause an OpenSSL application to crash; this may lead to a denial of service.
    ! A source code patch exists which remedies this problem.

  • *************** *** 327,333 **** cause isakmpd to crash or to loop endlessly. This patch fixes these problems and removes some memory leaks.
    ! A source code patch exists which remedies this problem.

  • --- 327,333 ---- cause isakmpd to crash or to loop endlessly. This patch fixes these problems and removes some memory leaks.
    ! A source code patch exists which remedies this problem.

  • *************** *** 338,344 **** access module, using IP addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. This only affects sparc64.
    ! A source code patch exists which remedies this problem.

  • --- 338,344 ---- access module, using IP addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. This only affects sparc64.
    ! A source code patch exists which remedies this problem.

  • *************** *** 349,355 **** send out-of-order TCP segments and trick the system into using all available memory buffers.
    ! A source code patch exists which remedies this problem.

  • --- 349,355 ---- send out-of-order TCP segments and trick the system into using all available memory buffers.
    ! A source code patch exists which remedies this problem.

  • *************** *** 359,365 **** font.aliases files in XFree86. Thanks to ProPolice, these cannot be exploited to gain privileges, but they can cause the X server to abort.
    ! A source code patch exists which remedies this problem.

  • --- 359,365 ---- font.aliases files in XFree86. Thanks to ProPolice, these cannot be exploited to gain privileges, but they can cause the X server to abort.
    ! A source code patch exists which remedies this problem.

  • *************** *** 369,375 **** to cause a denial of service attack against hosts with reachable IPv6 TCP ports.
    ! A source code patch exists which remedies this problem.

  • --- 369,375 ---- to cause a denial of service attack against hosts with reachable IPv6 TCP ports.
    ! A source code patch exists which remedies this problem.

  • *************** *** 380,386 **** system call that could be used by an attacker to write to kernel memory under certain circumstances.
    ! A source code patch exists which remedies this problem.

  • --- 380,386 ---- system call that could be used by an attacker to write to kernel memory under certain circumstances.
    ! A source code patch exists which remedies this problem.

  • *************** *** 392,398 **** includes a reliability fix for a filedescriptor leak that causes problems when a crypto card is installed.
    ! A source code patch exists which remedies this problem.

  • --- 392,398 ---- includes a reliability fix for a filedescriptor leak that causes problems when a crypto card is installed.
    ! A source code patch exists which remedies this problem.

  • *************** *** 404,410 **** semop(2) functions certain arguments.
    ! A source code patch exists which remedies this problem.

  • --- 404,410 ---- semop(2) functions certain arguments.
    ! A source code patch exists which remedies this problem.

  • *************** *** 413,419 **** It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
    ! A source code patch exists which remedies this problem.

  • --- 413,419 ---- It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
    ! A source code patch exists which remedies this problem.

  • *************** *** 426,432 **** sysctl(8) for this to happen.
    ! A source code patch exists which remedies this problem.

  • --- 426,432 ---- sysctl(8) for this to happen.
    ! A source code patch exists which remedies this problem.

  • *************** *** 434,440 ****   All architectures
    It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
    ! A source code patch exists which remedies this problem.

  • --- 434,440 ----   All architectures
    It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
    ! A source code patch exists which remedies this problem.

  • *************** *** 446,452 **** or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution).
    ! A source code patch exists which remedies this problem.

  • --- 446,452 ---- or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution).
    ! A source code patch exists which remedies this problem.

  • *************** *** 454,460 ****   All architectures
    It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
    ! A source code patch exists which remedies this problem.

  • --- 454,460 ----   All architectures
    It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
    ! A source code patch exists which remedies this problem.

  • *************** *** 464,470 **** attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
    ! A source code patch exists which remedies this problem.

  • --- 464,470 ---- attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
    ! A source code patch exists which remedies this problem.

  • *************** *** 473,482 **** The CD insert documentation has an incorrect example for package installation.
    Where it is written:

               ! # pkg_add http://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386

    It should instead read:

               ! # pkg_add http://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/

    The extra / at the end is important. We do not make patch files available for things printed on paper.

    --- 473,482 ---- The CD insert documentation has an incorrect example for package installation.
    Where it is written:

               ! # pkg_add https://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386

    It should instead read:

               ! # pkg_add https://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/

    The extra / at the end is important. We do not make patch files available for things printed on paper.