=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata34.html,v retrieving revision 1.58 retrieving revision 1.59 diff -u -r1.58 -r1.59 --- www/errata34.html 2014/03/28 03:04:30 1.58 +++ www/errata34.html 2014/03/31 03:12:47 1.59 @@ -6,7 +6,6 @@ - @@ -65,13 +64,16 @@ You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. +

-

The patches below are available in CVS via the +The patches below are available in CVS via the OPENBSD_3_4 patch branch. -

+ For more detailed information on how to install patches to OpenBSD, please consult the OpenBSD FAQ. +

+

@@ -87,7 +89,7 @@ credentials on a socket.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.

  • 034: RELIABILITY FIX: November 10, 2004
    @@ -100,7 +102,7 @@ to exhaust memory and then crash when parsing such pages.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 033: RELIABILITY FIX: November 10, 2004
    @@ -109,7 +111,7 @@ be used to deny service to other users.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 032: RELIABILITY FIX: November 10, 2004
    @@ -118,7 +120,7 @@ thus slow DNS queries.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 031: SECURITY FIX: September 20, 2004
    @@ -129,7 +131,7 @@ attacker. Note that OpenBSD does not ship with radius authentication enabled.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 030: SECURITY FIX: September 16, 2004
    @@ -142,7 +144,7 @@ an application that handles XPM images, if they could escape ProPolice.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 029: SECURITY FIX: September 10, 2004
    @@ -153,7 +155,7 @@ dbm file.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • @@ -165,7 +167,7 @@ with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 027: RELIABILITY FIX: August 25, 2004
    @@ -175,7 +177,7 @@ http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 026: RELIABILITY FIX: Jul 25, 2004
    @@ -184,7 +186,7 @@ manifested itself as a FPU related crash on boot up.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 025: SECURITY FIX: June 12, 2004
    @@ -197,7 +199,7 @@ CAN-2004-0492.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 024: SECURITY FIX: June 10, 2004
    @@ -209,7 +211,7 @@ tunnels at will.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 023: SECURITY FIX: June 9, 2004
    @@ -219,13 +221,12 @@ code with the same privileges as the CVS server program.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -022: SECURITY FIX: May 30, -2004
    -A flaw in the Kerberos V kdc(8) +022: SECURITY FIX: May 30, 2004
    +A flaw in the Kerberos V +kdc(8) server could result in the administrator of a Kerberos realm having the ability to impersonate any principal in any other realm which has established a cross-realm trust with their realm. The flaw is due to @@ -233,13 +234,11 @@ more details see Heimdal's announcement.
    - -A source code patch exists which remedies this problem.
    + +A source code patch exists which remedies this problem.

  • -021: SECURITY FIX: May 20, -2004
    +021: SECURITY FIX: May 20, 2004
    A heap overflow in the cvs(1) server has been discovered that can be exploited by clients sending @@ -247,37 +246,33 @@ with the same privileges as the CVS server program.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -020: SECURITY FIX: May 13, -2004
    +020: SECURITY FIX: May 13, 2004
    Check for integer overflow in procfs. Use of procfs is not recommended.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -019: RELIABILITY FIX: May 6, -2004
    +019: RELIABILITY FIX: May 6, 2004
    Reply to in-window SYN with a rate-limited ACK.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -018: RELIABILITY FIX: May 5, -2004
    +018: RELIABILITY FIX: May 5, 2004
    Under load "recent model" gdt(4) controllers will lock up.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -017: SECURITY FIX: May 5, -2004
    +017: SECURITY FIX: May 5, 2004
    Pathname validation problems have been found in cvs(1), allowing malicious clients to create files outside the repository, allowing @@ -286,22 +281,20 @@ repository.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -016: RELIABILITY FIX: March 17, -2004
    +016: RELIABILITY FIX: March 17, 2004
    A missing check for a NULL-pointer dereference has been found in ssl(3). A remote attacker can use the bug to cause an OpenSSL application to crash; this may lead to a denial of service.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -015: RELIABILITY FIX: March 17, -2004
    +015: RELIABILITY FIX: March 17, 2004
    Defects in the payload validation and processing functions of isakmpd(8) have been discovered. An attacker could send malformed ISAKMP messages and @@ -309,39 +302,36 @@ and removes some memory leaks.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -014: SECURITY FIX: March 13, -2004
    +014: SECURITY FIX: March 13, 2004
    Due to a bug in the parsing of Allow/Deny rules for httpd(8)'s access module, using IP addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. This only affects sparc64.
    -A source code patch exists which remedies the problem.
    +A source code patch exists which remedies this problem.

  • -013: RELIABILITY FIX: March 8, -2004
    +013: RELIABILITY FIX: March 8, 2004
    OpenBSD's TCP/IP stack did not impose limits on how many out-of-order TCP segments are queued in the system. An attacker could send out-of-order TCP segments and trick the system into using all available memory buffers.
    -A source code patch exists which remedies the problem.
    +A source code patch exists which remedies this problem.

  • -012: RELIABILITY FIX: February 14, -2004
    +012: RELIABILITY FIX: February 14, 2004
    Several buffer overflows exist in the code parsing font.aliases files in XFree86. Thanks to ProPolice, these cannot be exploited to gain privileges, but they can cause the X server to abort.
    -A source code patch exists which remedies the problem.
    +A source code patch exists which remedies this problem.

  • 011: SECURITY FIX: February 8, 2004
    @@ -350,7 +340,7 @@ TCP ports.
    -A source code patch exists which remedies the problem.
    +A source code patch exists which remedies this problem.

  • 010: SECURITY FIX: February 5, 2004
    @@ -360,7 +350,7 @@ under certain circumstances.
    -A source code patch exists which remedies the problem.
    +A source code patch exists which remedies this problem.

  • 009: SECURITY FIX: January 13, 2004
    @@ -371,7 +361,7 @@ installed.
    -A source code patch exists which remedies these problems.
    +A source code patch exists which remedies this problem.

  • 008: RELIABILITY FIX: November 20, 2003
    @@ -382,7 +372,7 @@ certain arguments.
    -A source code patch exists which remedies the problem.
    +A source code patch exists which remedies this problem.

  • 007: RELIABILITY FIX: November 20, 2003
    @@ -390,14 +380,14 @@ sysctl(3) with certain arguments.
    -A source code patch exists which remedies the problem.
    +A source code patch exists which remedies this problem.

  • 005: RELIABILITY FIX: November 4, 2003
    It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
    -A source code patch exists which remedies the problem.
    +A source code patch exists which remedies this problem.

  • 004: RELIABILITY FIX: November 1, 2003
    @@ -408,14 +398,14 @@ is believed that ProPolice will prevent code execution).
    -A source code patch exists which remedies the problem.
    +A source code patch exists which remedies this problem.

  • 003: RELIABILITY FIX: November 1, 2003
    It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
    -A source code patch exists which remedies the problem.
    +A source code patch exists which remedies this problem.

  • 002: SECURITY FIX: November 1, 2003
    @@ -424,7 +414,7 @@ ssl(3). This does not affect OpenSSH.
    -A source code patch exists which remedies the problem.
    +A source code patch exists which remedies this problem.

  • 001: DOCUMENTATION FIX: November 1, 2003
    @@ -453,62 +443,10 @@ for this to happen.
    -A source code patch exists which remedies the problem.
    +A source code patch exists which remedies this problem.

    - -

    alpha

    - -

    - -

    mac68k

    - -

    - -

    sparc

    - -

    - -

    sparc64

    - -

    - -

    hppa

    - -

    - -

    hp300

    - -

    - -

    mvme68k

    - -

    - -

    macppc

    - -

    - -

    vax

    -