===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata34.html,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- www/errata34.html 2014/03/28 03:04:30 1.58
+++ www/errata34.html 2014/03/31 03:12:47 1.59
@@ -6,7 +6,6 @@
-
@@ -65,13 +64,16 @@
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
+
-
The patches below are available in CVS via the
+The patches below are available in CVS via the
OPENBSD_3_4
patch branch.
-
+
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
+
+
@@ -87,7 +89,7 @@
credentials on a socket.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
034: RELIABILITY FIX: November 10, 2004
@@ -100,7 +102,7 @@
to exhaust memory and then crash when parsing such pages.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
033: RELIABILITY FIX: November 10, 2004
@@ -109,7 +111,7 @@
be used to deny service to other users.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
032: RELIABILITY FIX: November 10, 2004
@@ -118,7 +120,7 @@
thus slow DNS queries.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
031: SECURITY FIX: September 20, 2004
@@ -129,7 +131,7 @@
attacker. Note that OpenBSD does not ship with radius authentication enabled.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
030: SECURITY FIX: September 16, 2004
@@ -142,7 +144,7 @@
an application that handles XPM images, if they could escape ProPolice.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
029: SECURITY FIX: September 10, 2004
@@ -153,7 +155,7 @@
dbm file.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
@@ -165,7 +167,7 @@
with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
027: RELIABILITY FIX: August 25, 2004
@@ -175,7 +177,7 @@
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
026: RELIABILITY FIX: Jul 25, 2004
@@ -184,7 +186,7 @@
manifested itself as a FPU related crash on boot up.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
025: SECURITY FIX: June 12, 2004
@@ -197,7 +199,7 @@
CAN-2004-0492.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
024: SECURITY FIX: June 10, 2004
@@ -209,7 +211,7 @@
tunnels at will.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
023: SECURITY FIX: June 9, 2004
@@ -219,13 +221,12 @@
code with the same privileges as the CVS server program.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
-022: SECURITY FIX: May 30,
-2004
-A flaw in the Kerberos V kdc(8)
+022: SECURITY FIX: May 30, 2004
+A flaw in the Kerberos V
+kdc(8)
server could result in the administrator of a Kerberos realm having
the ability to impersonate any principal in any other realm which
has established a cross-realm trust with their realm. The flaw is due to
@@ -233,13 +234,11 @@
more details see
Heimdal's announcement.
-
-A source code patch exists which remedies this problem.
+
+A source code patch exists which remedies this problem.
-021: SECURITY FIX: May 20,
-2004
+021: SECURITY FIX: May 20, 2004
A heap overflow in the
cvs(1)
server has been discovered that can be exploited by clients sending
@@ -247,37 +246,33 @@
with the same privileges as the CVS server program.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
-020: SECURITY FIX: May 13,
-2004
+020: SECURITY FIX: May 13, 2004
Check for integer overflow in procfs. Use of procfs is not recommended.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
-019: RELIABILITY FIX: May 6,
-2004
+019: RELIABILITY FIX: May 6, 2004
Reply to in-window SYN with a rate-limited ACK.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
-018: RELIABILITY FIX: May 5,
-2004
+018: RELIABILITY FIX: May 5, 2004
Under load "recent model"
gdt(4)
controllers will lock up.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
-017: SECURITY FIX: May 5,
-2004
+017: SECURITY FIX: May 5, 2004
Pathname validation problems have been found in
cvs(1),
allowing malicious clients to create files outside the repository, allowing
@@ -286,22 +281,20 @@
repository.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
-016: RELIABILITY FIX: March 17,
-2004
+016: RELIABILITY FIX: March 17, 2004
A missing check for a NULL-pointer dereference has been found in
ssl(3).
A remote attacker can use the bug to cause an OpenSSL application to crash;
this may lead to a denial of service.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
-015: RELIABILITY FIX: March 17,
-2004
+015: RELIABILITY FIX: March 17, 2004
Defects in the payload validation and processing functions of
isakmpd(8)
have been discovered. An attacker could send malformed ISAKMP messages and
@@ -309,39 +302,36 @@
and removes some memory leaks.
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.
-014: SECURITY FIX: March 13,
-2004
+014: SECURITY FIX: March 13, 2004
Due to a bug in the parsing of Allow/Deny rules for
httpd(8)'s
access module, using IP addresses without a netmask on big endian 64-bit
platforms causes the rules to fail to match. This only affects sparc64.
-A source code patch exists which remedies the problem.
+A source code patch exists which remedies this problem.
-013: RELIABILITY FIX: March 8,
-2004
+013: RELIABILITY FIX: March 8, 2004
OpenBSD's TCP/IP stack did not impose limits on how many out-of-order
TCP segments are queued in the system. An attacker could
send out-of-order TCP segments and trick the system into using all
available memory buffers.
-A source code patch exists which remedies the problem.
+A source code patch exists which remedies this problem.
-012: RELIABILITY FIX: February 14,
-2004
+012: RELIABILITY FIX: February 14, 2004
Several buffer overflows exist in the code parsing
font.aliases files in XFree86. Thanks to ProPolice, these cannot be
exploited to gain privileges, but they can cause the X server to abort.
-A source code patch exists which remedies the problem.
+A source code patch exists which remedies this problem.
011: SECURITY FIX: February 8, 2004
@@ -350,7 +340,7 @@
TCP ports.
-A source code patch exists which remedies the problem.
+A source code patch exists which remedies this problem.
010: SECURITY FIX: February 5, 2004
@@ -360,7 +350,7 @@
under certain circumstances.
-A source code patch exists which remedies the problem.
+A source code patch exists which remedies this problem.
009: SECURITY FIX: January 13, 2004
@@ -371,7 +361,7 @@
installed.
-A source code patch exists which remedies these problems.
+A source code patch exists which remedies this problem.
008: RELIABILITY FIX: November 20, 2003
@@ -382,7 +372,7 @@
certain arguments.
-A source code patch exists which remedies the problem.
+A source code patch exists which remedies this problem.
007: RELIABILITY FIX: November 20, 2003
@@ -390,14 +380,14 @@
sysctl(3) with certain arguments.
-A source code patch exists which remedies the problem.
+A source code patch exists which remedies this problem.
005: RELIABILITY FIX: November 4, 2003
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
-A source code patch exists which remedies the problem.
+A source code patch exists which remedies this problem.
004: RELIABILITY FIX: November 1, 2003
@@ -408,14 +398,14 @@
is believed that ProPolice will prevent code execution).
-A source code patch exists which remedies the problem.
+A source code patch exists which remedies this problem.
003: RELIABILITY FIX: November 1, 2003
It is possible for a local user to cause a system panic by flooding it with spoofed ARP
requests.
-A source code patch exists which remedies the problem.
+A source code patch exists which remedies this problem.
002: SECURITY FIX: November 1, 2003
@@ -424,7 +414,7 @@
ssl(3).
This does not affect OpenSSH.
-A source code patch exists which remedies the problem.
+A source code patch exists which remedies this problem.
001: DOCUMENTATION FIX: November 1, 2003
@@ -453,62 +443,10 @@
for this to happen.
-A source code patch exists which remedies the problem.
+A source code patch exists which remedies this problem.
-
-
alpha
-
-- No problems identified yet.
-
-
-
-
mac68k
-
-- No problems identified yet.
-
-
-
-
sparc
-
-- No problems identified yet.
-
-
-
-
sparc64
-
-- No problems identified yet.
-
-
-
-
hppa
-
-- No problems identified yet.
-
-
-
-
hp300
-
-- No problems identified yet.
-
-
-
-
mvme68k
-
-- No problems identified yet.
-
-
-
-
macppc
-
-- No problems identified yet.
-
-
-
-
vax
-
-- No problems identified yet.