=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata34.html,v retrieving revision 1.47 retrieving revision 1.48 diff -u -r1.47 -r1.48 --- www/errata34.html 2010/03/08 21:53:37 1.47 +++ www/errata34.html 2010/07/08 19:00:07 1.48 @@ -54,7 +54,7 @@
- + You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. @@ -78,7 +78,7 @@ ipsec(4) credentials on a socket.
- + A source code patch exists which remedies this problem.

  • @@ -91,7 +91,7 @@ lynx(1) to exhaust memory and then crash when parsing such pages.
    - + A source code patch exists which remedies this problem.

  • @@ -100,7 +100,7 @@ contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
    - + A source code patch exists which remedies this problem.

  • @@ -109,7 +109,7 @@ cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries.
    - + A source code patch exists which remedies this problem.

  • @@ -120,7 +120,7 @@ This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
    - + A source code patch exists which remedies this problem.

  • @@ -133,7 +133,7 @@ Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
    - + A source code patch exists which remedies this problem.

  • @@ -144,7 +144,7 @@ This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.
    - + A source code patch exists which remedies this problem.

    @@ -156,7 +156,7 @@ bridge(4) with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
    - + A source code patch exists which remedies this problem.

  • @@ -166,7 +166,7 @@
    http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
    - + A source code patch exists which remedies this problem.

  • @@ -175,7 +175,7 @@ encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up.
    - + A source code patch exists which remedies this problem.

  • @@ -188,7 +188,7 @@ CAN-2004-0488, CAN-2004-0492.
    - + A source code patch exists which remedies this problem.

  • @@ -200,7 +200,7 @@ is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
    - + A source code patch exists which remedies this problem.

  • @@ -210,7 +210,7 @@ server that allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
    - + A source code patch exists which remedies this problem.

  • @@ -226,7 +226,7 @@ Heimdal's announcement.
    +href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/022_kerberos.patch"> A source code patch exists which remedies this problem.

  • @@ -238,7 +238,7 @@ malformed requests, enabling these clients to run arbitrary code with the same privileges as the CVS server program.
    - + A source code patch exists which remedies this problem.

  • @@ -246,7 +246,7 @@ 2004
    Check for integer overflow in procfs. Use of procfs is not recommended.
    - + A source code patch exists which remedies this problem.

  • @@ -254,7 +254,7 @@ 2004
    Reply to in-window SYN with a rate-limited ACK.
    - + A source code patch exists which remedies this problem.

  • @@ -264,7 +264,7 @@ gdt(4) controllers will lock up.
    - + A source code patch exists which remedies this problem.

  • @@ -277,7 +277,7 @@ the client and allowing clients to check out files outside the CVS repository.
    - + A source code patch exists which remedies this problem.

  • @@ -288,7 +288,7 @@ A remote attacker can use the bug to cause an OpenSSL application to crash; this may lead to a denial of service.
    - + A source code patch exists which remedies this problem.

  • @@ -300,7 +300,7 @@ cause isakmpd to crash or to loop endlessly. This patch fixes these problems and removes some memory leaks.
    - + A source code patch exists which remedies this problem.

  • @@ -311,7 +311,7 @@ access module, using IP addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. This only affects sparc64.
    - + A source code patch exists which remedies the problem.

  • @@ -322,7 +322,7 @@ send out-of-order TCP segments and trick the system into using all available memory buffers.
    - + A source code patch exists which remedies the problem.

  • @@ -332,7 +332,7 @@ font.aliases files in XFree86. Thanks to ProPolice, these cannot be exploited to gain privileges, but they can cause the X server to abort.
    - + A source code patch exists which remedies the problem.

  • @@ -341,7 +341,7 @@ to cause a denial of service attack against hosts with reachable IPv6 TCP ports.
    - + A source code patch exists which remedies the problem.

  • @@ -351,7 +351,7 @@ system call that could be used by an attacker to write to kernel memory under certain circumstances.
    - + A source code patch exists which remedies the problem.

  • @@ -362,7 +362,7 @@ includes a reliability fix for a filedescriptor leak that causes problems when a crypto card is installed.
    - + A source code patch exists which remedies these problems.

  • @@ -373,7 +373,7 @@ semop(2) functions certain arguments.
    - + A source code patch exists which remedies the problem.

  • @@ -381,14 +381,14 @@ It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
    - + A source code patch exists which remedies the problem.

  • 005: RELIABILITY FIX: November 4, 2003
    It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
    - + A source code patch exists which remedies the problem.

  • @@ -399,14 +399,14 @@ or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution).
    - + A source code patch exists which remedies the problem.

  • 003: RELIABILITY FIX: November 1, 2003
    It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
    - + A source code patch exists which remedies the problem.

  • @@ -415,7 +415,7 @@ attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
    - + A source code patch exists which remedies the problem.

  • @@ -423,10 +423,10 @@ The CD insert documentation has an incorrect example for package installation.
    Where it is written:

               -# pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386

    +# pkg_add http://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386

    It should instead read:

               -# pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/

    +# pkg_add http://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/

    The extra / at the end is important. We do not make patch files available for things printed on paper.

    @@ -444,7 +444,7 @@ sysctl(8) for this to happen.
    - + A source code patch exists which remedies the problem.

    @@ -542,7 +542,7 @@

    OpenBSD www@openbsd.org -
    $OpenBSD: errata34.html,v 1.47 2010/03/08 21:53:37 deraadt Exp $ +
    $OpenBSD: errata34.html,v 1.48 2010/07/08 19:00:07 sthen Exp $