===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata34.html,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- www/errata34.html 2014/03/31 04:11:40 1.61
+++ www/errata34.html 2014/03/31 16:02:48 1.62
@@ -78,7 +78,8 @@
-
-035: SECURITY FIX: December 13, 2004 All architectures
+035: SECURITY FIX: December 13, 2004
+ All architectures
On systems running
isakmpd(8)
it is possible for a local user to cause kernel memory corruption
@@ -90,7 +91,8 @@
A source code patch exists which remedies this problem.
-
-034: RELIABILITY FIX: November 10, 2004 All architectures
+034: RELIABILITY FIX: November 10, 2004
+ All architectures
Due to a bug in
lynx(1)
it is possible for pages such as
@@ -103,7 +105,8 @@
A source code patch exists which remedies this problem.
-
-033: RELIABILITY FIX: November 10, 2004 All architectures
+033: RELIABILITY FIX: November 10, 2004
+ All architectures
pppd(8)
contains a bug that allows an attacker to crash his own connection, but it cannot
be used to deny service to other users.
@@ -112,7 +115,8 @@
A source code patch exists which remedies this problem.
-
-032: RELIABILITY FIX: November 10, 2004 All architectures
+032: RELIABILITY FIX: November 10, 2004
+ All architectures
BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in
cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
thus slow DNS queries.
@@ -121,7 +125,8 @@
A source code patch exists which remedies this problem.
-
-031: SECURITY FIX: September 20, 2004 All architectures
+031: SECURITY FIX: September 20, 2004
+ All architectures
Eilko Bos reported that radius authentication, as implemented by
login_radius(8),
was not checking the shared secret used for replies sent by the radius server.
@@ -132,7 +137,8 @@
A source code patch exists which remedies this problem.
-
-030: SECURITY FIX: September 16, 2004 All architectures
+030: SECURITY FIX: September 16, 2004
+ All architectures
Chris Evans reported several flaws (stack and integer overflows) in the
Xpm
library code that parses image files
@@ -145,7 +151,8 @@
A source code patch exists which remedies this problem.
-
-029: SECURITY FIX: September 10, 2004 All architectures
+029: SECURITY FIX: September 10, 2004
+ All architectures
httpd(8)
's mod_rewrite module can be made to write one zero byte in an arbitrary memory
position outside of a char array, causing a DoS or possibly buffer overflows.
@@ -157,7 +164,8 @@
-
-028: RELIABILITY FIX: August 26, 2004 All architectures
+028: RELIABILITY FIX: August 26, 2004
+ All architectures
As
reported
by Vafa Izadinia
@@ -168,7 +176,8 @@
A source code patch exists which remedies this problem.
-
-027: RELIABILITY FIX: August 25, 2004 All architectures
+027: RELIABILITY FIX: August 25, 2004
+ All architectures
Improved verification of ICMP errors in order to minimize the impact of ICMP attacks
against TCP.
@@ -178,7 +187,8 @@
A source code patch exists which remedies this problem.
-
-026: RELIABILITY FIX: Jul 25, 2004 All architectures
+026: RELIABILITY FIX: Jul 25, 2004
+ All architectures
Under a certain network load the kernel can run out of stack space. This was
encountered in an environment using CARP on a VLAN interface. This issue initially
manifested itself as a FPU related crash on boot up.
@@ -187,7 +197,8 @@
A source code patch exists which remedies this problem.
-
-025: SECURITY FIX: June 12, 2004 All architectures
+025: SECURITY FIX: June 12, 2004
+ All architectures
Multiple vulnerabilities have been found in
httpd(8)
/ mod_ssl.
@@ -200,7 +211,8 @@
A source code patch exists which remedies this problem.
-
-024: SECURITY FIX: June 10, 2004 All architectures
+024: SECURITY FIX: June 10, 2004
+ All architectures
As
disclosed
by Thomas Walpuski
@@ -212,7 +224,8 @@
A source code patch exists which remedies this problem.
-
-023: SECURITY FIX: June 9, 2004 All architectures
+023: SECURITY FIX: June 9, 2004
+ All architectures
Multiple remote vulnerabilities have been found in the
cvs(1)
server that allow an attacker to crash the server or possibly execute arbitrary
@@ -222,7 +235,8 @@
A source code patch exists which remedies this problem.
-
-022: SECURITY FIX: May 30, 2004 All architectures
+022: SECURITY FIX: May 30, 2004
+ All architectures
A flaw in the Kerberos V
kdc(8)
server could result in the administrator of a Kerberos realm having
@@ -236,7 +250,8 @@
A source code patch exists which remedies this problem.
-
-021: SECURITY FIX: May 20, 2004 All architectures
+021: SECURITY FIX: May 20, 2004
+ All architectures
A heap overflow in the
cvs(1)
server has been discovered that can be exploited by clients sending
@@ -247,21 +262,24 @@
A source code patch exists which remedies this problem.
-
-020: SECURITY FIX: May 13, 2004 All architectures
+020: SECURITY FIX: May 13, 2004
+ All architectures
Check for integer overflow in procfs. Use of procfs is not recommended.
A source code patch exists which remedies this problem.
-
-019: RELIABILITY FIX: May 6, 2004 All architectures
+019: RELIABILITY FIX: May 6, 2004
+ All architectures
Reply to in-window SYN with a rate-limited ACK.
A source code patch exists which remedies this problem.
-
-018: RELIABILITY FIX: May 5, 2004 All architectures
+018: RELIABILITY FIX: May 5, 2004
+ All architectures
Under load "recent model"
gdt(4)
controllers will lock up.
@@ -270,7 +288,8 @@
A source code patch exists which remedies this problem.
-
-017: SECURITY FIX: May 5, 2004 All architectures
+017: SECURITY FIX: May 5, 2004
+ All architectures
Pathname validation problems have been found in
cvs(1),
allowing malicious clients to create files outside the repository, allowing
@@ -282,7 +301,8 @@
A source code patch exists which remedies this problem.
-
-016: RELIABILITY FIX: March 17, 2004 All architectures
+016: RELIABILITY FIX: March 17, 2004
+ All architectures
A missing check for a NULL-pointer dereference has been found in
ssl(3).
A remote attacker can use the bug to cause an OpenSSL application to crash;
@@ -292,7 +312,8 @@
A source code patch exists which remedies this problem.
-
-015: RELIABILITY FIX: March 17, 2004 All architectures
+015: RELIABILITY FIX: March 17, 2004
+ All architectures
Defects in the payload validation and processing functions of
isakmpd(8)
have been discovered. An attacker could send malformed ISAKMP messages and
@@ -303,7 +324,8 @@
A source code patch exists which remedies this problem.
-
-014: SECURITY FIX: March 13, 2004 All architectures
+014: SECURITY FIX: March 13, 2004
+ All architectures
Due to a bug in the parsing of Allow/Deny rules for
httpd(8)'s
access module, using IP addresses without a netmask on big endian 64-bit
@@ -313,7 +335,8 @@
A source code patch exists which remedies this problem.
-
-013: RELIABILITY FIX: March 8, 2004 All architectures
+013: RELIABILITY FIX: March 8, 2004
+ All architectures
OpenBSD's TCP/IP stack did not impose limits on how many out-of-order
TCP segments are queued in the system. An attacker could
send out-of-order TCP segments and trick the system into using all
@@ -323,7 +346,8 @@
A source code patch exists which remedies this problem.
-
-012: RELIABILITY FIX: February 14, 2004 All architectures
+012: RELIABILITY FIX: February 14, 2004
+ All architectures
Several buffer overflows exist in the code parsing
font.aliases files in XFree86. Thanks to ProPolice, these cannot be
exploited to gain privileges, but they can cause the X server to abort.
@@ -332,7 +356,8 @@
A source code patch exists which remedies this problem.
-
-011: SECURITY FIX: February 8, 2004 All architectures
+011: SECURITY FIX: February 8, 2004
+ All architectures
An IPv6 MTU handling problem exists that could be used by an attacker
to cause a denial of service attack against hosts with reachable IPv6
TCP ports.
@@ -341,7 +366,8 @@
A source code patch exists which remedies this problem.
-
-010: SECURITY FIX: February 5, 2004 All architectures
+010: SECURITY FIX: February 5, 2004
+ All architectures
A reference counting bug exists in the
shmat(2)
system call that could be used by an attacker to write to kernel memory
@@ -351,7 +377,8 @@
A source code patch exists which remedies this problem.
-
-009: SECURITY FIX: January 13, 2004 All architectures
+009: SECURITY FIX: January 13, 2004
+ All architectures
Several message handling flaws in
isakmpd(8)
have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs. The patch also
@@ -362,7 +389,8 @@
A source code patch exists which remedies this problem.
-
-008: RELIABILITY FIX: November 20, 2003 All architectures
+008: RELIABILITY FIX: November 20, 2003
+ All architectures
An improper bounds check makes it possible for a local user to cause a crash
by passing the
semctl(2) and
@@ -373,7 +401,8 @@
A source code patch exists which remedies this problem.
-
-007: RELIABILITY FIX: November 20, 2003 All architectures
+007: RELIABILITY FIX: November 20, 2003
+ All architectures
It is possible for a local user to cause a crash via
sysctl(3) with certain arguments.
@@ -381,7 +410,8 @@
A source code patch exists which remedies this problem.
-
-006: SECURITY FIX: November 17, 2003 i386 only
+006: SECURITY FIX: November 17, 2003
+ i386 only
It may be possible for a local user to overrun the stack in
compat_ibcs2(8).
ProPolice catches this, turning a potential privilege escalation into a denial
@@ -393,14 +423,16 @@
A source code patch exists which remedies this problem.
-
-005: RELIABILITY FIX: November 4, 2003 All architectures
+005: RELIABILITY FIX: November 4, 2003
+ All architectures
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
A source code patch exists which remedies this problem.
-
-004: RELIABILITY FIX: November 1, 2003 All architectures
+004: RELIABILITY FIX: November 1, 2003
+ All architectures
A user with write permission to httpd.conf or a .htaccess
file can crash
httpd(8)
@@ -411,14 +443,16 @@
A source code patch exists which remedies this problem.
-
-003: RELIABILITY FIX: November 1, 2003 All architectures
+003: RELIABILITY FIX: November 1, 2003
+ All architectures
It is possible for a local user to cause a system panic by flooding it with spoofed ARP
requests.
A source code patch exists which remedies this problem.
-
-002: SECURITY FIX: November 1, 2003 All architectures
+002: SECURITY FIX: November 1, 2003
+ All architectures
The use of certain ASN.1 encodings or malformed public keys may allow an
attacker to mount a denial of service attack against applications linked with
ssl(3).
@@ -427,7 +461,8 @@
A source code patch exists which remedies this problem.
-
-001: DOCUMENTATION FIX: November 1, 2003 All architectures
+001: DOCUMENTATION FIX: November 1, 2003
+ All architectures
The CD insert documentation has an incorrect example for package installation.
Where it is written: