=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata35.html,v retrieving revision 1.35 retrieving revision 1.36 diff -c -r1.35 -r1.36 *** www/errata35.html 2010/03/08 21:53:37 1.35 --- www/errata35.html 2010/07/08 19:00:07 1.36 *************** *** 54,60 ****
! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. --- 54,60 ----
! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. *************** *** 77,83 **** CAN-2005-0753 .
! A source code patch exists which remedies this problem.

--- 77,83 ---- CAN-2005-0753 .
! A source code patch exists which remedies this problem.

*************** *** 87,93 **** tcp(4) timestamps.
! A source code patch exists which remedies this problem.

--- 87,93 ---- tcp(4) timestamps.
! A source code patch exists which remedies this problem.

*************** *** 100,106 **** telnet(1) .
! A source code patch exists which remedies this problem.

--- 100,106 ---- telnet(1) .
! A source code patch exists which remedies this problem.

*************** *** 111,117 **** stack can lead to memory exhaustion or processing of TCP segments with invalid SACK options and cause a system crash.
! A source code patch exists which remedies this problem.

--- 111,117 ---- stack can lead to memory exhaustion or processing of TCP segments with invalid SACK options and cause a system crash.
! A source code patch exists which remedies this problem.

*************** *** 124,130 **** retransmit timeout. By sending packets with specific values in the TCP timestamp option, an attacker can cause a system panic.
! A source code patch exists which remedies this problem.

--- 124,130 ---- retransmit timeout. By sending packets with specific values in the TCP timestamp option, an attacker can cause a system panic.
! A source code patch exists which remedies this problem.

*************** *** 138,144 **** This would require enabling the XBitHack directive or server-side includes and making use of a malicious document.
! A source code patch exists which remedies this problem.

--- 138,144 ---- This would require enabling the XBitHack directive or server-side includes and making use of a malicious document.
! A source code patch exists which remedies this problem.

*************** *** 149,155 **** library function contains a memory management error, which causes failure to retrieve the current working directory if the path is very long.
! A source code patch exists which remedies this problem.

--- 149,155 ---- library function contains a memory management error, which causes failure to retrieve the current working directory if the path is very long.
! A source code patch exists which remedies this problem.

*************** *** 162,168 **** ipsec(4) credentials on a socket.
! A source code patch exists which remedies this problem.

  • --- 162,168 ---- ipsec(4) credentials on a socket.
    ! A source code patch exists which remedies this problem.

  • *************** *** 175,181 **** lynx(1) to exhaust memory and then crash when parsing such pages.
    ! A source code patch exists which remedies this problem.

  • --- 175,181 ---- lynx(1) to exhaust memory and then crash when parsing such pages.
    ! A source code patch exists which remedies this problem.

  • *************** *** 184,190 **** contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
    ! A source code patch exists which remedies this problem.

  • --- 184,190 ---- contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
    ! A source code patch exists which remedies this problem.

  • *************** *** 193,199 **** cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries.
    ! A source code patch exists which remedies this problem.

  • --- 193,199 ---- cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries.
    ! A source code patch exists which remedies this problem.

  • *************** *** 204,210 **** This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
    ! A source code patch exists which remedies this problem.

  • --- 204,210 ---- This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
    ! A source code patch exists which remedies this problem.

  • *************** *** 217,223 **** Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
    ! A source code patch exists which remedies this problem.

  • --- 217,223 ---- Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
    ! A source code patch exists which remedies this problem.

  • *************** *** 228,234 **** This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.
    ! A source code patch exists which remedies this problem.

  • --- 228,234 ---- This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.
    ! A source code patch exists which remedies this problem.

  • *************** *** 238,244 **** CAN-2004-0797 .
    ! A source code patch exists which remedies this problem.

  • --- 238,244 ---- CAN-2004-0797 .
    ! A source code patch exists which remedies this problem.

  • *************** *** 249,255 **** bridge(4) with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
    ! A source code patch exists which remedies this problem.

  • --- 249,255 ---- bridge(4) with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
    ! A source code patch exists which remedies this problem.

  • *************** *** 259,265 ****
    http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
    ! A source code patch exists which remedies this problem.

  • --- 259,265 ----
    http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
    ! A source code patch exists which remedies this problem.

  • *************** *** 268,274 **** encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up.
    ! A source code patch exists which remedies this problem.

  • --- 268,274 ---- encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up.
    ! A source code patch exists which remedies this problem.

  • *************** *** 281,287 **** CAN-2004-0488, CAN-2004-0492.
    ! A source code patch exists which remedies this problem.

  • --- 281,287 ---- CAN-2004-0488, CAN-2004-0492.
    ! A source code patch exists which remedies this problem.

  • *************** *** 293,299 **** is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
    ! A source code patch exists which remedies this problem.

  • --- 293,299 ---- is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
    ! A source code patch exists which remedies this problem.

  • *************** *** 303,309 **** server that allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
    ! A source code patch exists which remedies this problem.

  • --- 303,309 ---- server that allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
    ! A source code patch exists which remedies this problem.

  • *************** *** 313,319 **** One program affected by this is the qmail mail server which could go into an infinite loop and consume all CPU.
    ! A source code patch exists which remedies this problem.

  • --- 313,319 ---- One program affected by this is the qmail mail server which could go into an infinite loop and consume all CPU.
    ! A source code patch exists which remedies this problem.

  • *************** *** 329,335 **** Heimdal's announcement.
    A source code patch exists which remedies this problem.

  • --- 329,335 ---- Heimdal's announcement.
    A source code patch exists which remedies this problem.

  • *************** *** 345,351 **** bugzilla for details.
    A source code patch exists which remedies this problem.

  • --- 345,351 ---- bugzilla for details.
    A source code patch exists which remedies this problem.

  • *************** *** 357,363 **** malformed requests, enabling these clients to run arbitrary code with the same privileges as the CVS server program.
    ! A source code patch exists which remedies this problem.

  • --- 357,363 ---- malformed requests, enabling these clients to run arbitrary code with the same privileges as the CVS server program.
    ! A source code patch exists which remedies this problem.

  • *************** *** 365,371 **** 2004
    Check for integer overflow in procfs. Use of procfs is not recommended.
    ! A source code patch exists which remedies this problem.

  • --- 365,371 ---- 2004
    Check for integer overflow in procfs. Use of procfs is not recommended.
    ! A source code patch exists which remedies this problem.

  • *************** *** 373,379 **** 2004
    Reply to in-window SYN with a rate-limited ACK.
    ! A source code patch exists which remedies this problem.

  • --- 373,379 ---- 2004
    Reply to in-window SYN with a rate-limited ACK.
    ! A source code patch exists which remedies this problem.

  • *************** *** 385,391 **** iha(4) ).
    ! A source code patch exists which remedies this problem.

  • --- 385,391 ---- iha(4) ).
    ! A source code patch exists which remedies this problem.

  • *************** *** 395,401 **** gdt(4) controllers will lock up.
    ! A source code patch exists which remedies this problem.

  • --- 395,401 ---- gdt(4) controllers will lock up.
    ! A source code patch exists which remedies this problem.

  • *************** *** 408,414 **** the client and allowing clients to check out files outside the CVS repository.
    ! A source code patch exists which remedies this problem.

    --- 408,414 ---- the client and allowing clients to check out files outside the CVS repository.
    ! A source code patch exists which remedies this problem.

    *************** *** 422,428 **** copy(9) functions to prevent their misuse.
    ! A source code patch exists which remedies this problem.

    --- 422,428 ---- copy(9) functions to prevent their misuse.
    ! A source code patch exists which remedies this problem.

    *************** *** 442,448 **** copy(9) functions to prevent their misuse.
    ! A source code patch exists which remedies this problem.

    --- 442,448 ---- copy(9) functions to prevent their misuse.
    ! A source code patch exists which remedies this problem.

    *************** *** 551,557 ****

    OpenBSD www@openbsd.org !
    $OpenBSD: errata35.html,v 1.35 2010/03/08 21:53:37 deraadt Exp $ --- 551,557 ----
    OpenBSD www@openbsd.org !
    $OpenBSD: errata35.html,v 1.36 2010/07/08 19:00:07 sthen Exp $