===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata35.html,v
retrieving revision 1.46
retrieving revision 1.47
diff -c -r1.46 -r1.47
*** www/errata35.html 2014/03/28 03:04:30 1.46
--- www/errata35.html 2014/03/31 03:12:47 1.47
***************
*** 6,12 ****
-
--- 6,11 ----
***************
*** 65,77 ****
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
!
The patches below are available in CVS via the
OPENBSD_3_5
patch branch.
-
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
--- 64,79 ----
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
+
! The patches below are available in CVS via the
OPENBSD_3_5
patch branch.
+
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
+
+
***************
*** 86,92 ****
.
! A source code patch exists which remedies this problem.
--- 88,94 ----
.
! A source code patch exists which remedies this problem.
***************
*** 96,102 ****
timestamps.
! A source code patch exists which remedies this problem.
--- 98,104 ----
timestamps.
! A source code patch exists which remedies this problem.
***************
*** 109,115 ****
.
! A source code patch exists which remedies this problem.
--- 111,117 ----
.
! A source code patch exists which remedies this problem.
***************
*** 120,126 ****
invalid SACK options and cause a system crash.
! A source code patch exists which remedies this problem.
--- 122,128 ----
invalid SACK options and cause a system crash.
! A source code patch exists which remedies this problem.
***************
*** 133,139 ****
timestamp option, an attacker can cause a system panic.
! A source code patch exists which remedies this problem.
--- 135,141 ----
timestamp option, an attacker can cause a system panic.
! A source code patch exists which remedies this problem.
***************
*** 147,153 ****
includes and making use of a malicious document.
! A source code patch exists which remedies this problem.
--- 149,155 ----
includes and making use of a malicious document.
! A source code patch exists which remedies this problem.
***************
*** 158,164 ****
to retrieve the current working directory if the path is very long.
! A source code patch exists which remedies this problem.
--- 160,166 ----
to retrieve the current working directory if the path is very long.
! A source code patch exists which remedies this problem.
***************
*** 171,177 ****
credentials on a socket.
! A source code patch exists which remedies this problem.
023: RELIABILITY FIX: November 10, 2004
--- 173,179 ----
credentials on a socket.
! A source code patch exists which remedies this problem.
023: RELIABILITY FIX: November 10, 2004
***************
*** 184,190 ****
to exhaust memory and then crash when parsing such pages.
! A source code patch exists which remedies this problem.
022: RELIABILITY FIX: November 10, 2004
--- 186,192 ----
to exhaust memory and then crash when parsing such pages.
! A source code patch exists which remedies this problem.
022: RELIABILITY FIX: November 10, 2004
***************
*** 193,199 ****
be used to deny service to other users.
! A source code patch exists which remedies this problem.
021: RELIABILITY FIX: November 10, 2004
--- 195,201 ----
be used to deny service to other users.
! A source code patch exists which remedies this problem.
021: RELIABILITY FIX: November 10, 2004
***************
*** 202,208 ****
thus slow DNS queries.
! A source code patch exists which remedies this problem.
020: SECURITY FIX: September 20, 2004
--- 204,210 ----
thus slow DNS queries.
! A source code patch exists which remedies this problem.
020: SECURITY FIX: September 20, 2004
***************
*** 213,219 ****
attacker. Note that OpenBSD does not ship with radius authentication enabled.
! A source code patch exists which remedies this problem.
019: SECURITY FIX: September 16, 2004
--- 215,221 ----
attacker. Note that OpenBSD does not ship with radius authentication enabled.
! A source code patch exists which remedies this problem.
019: SECURITY FIX: September 16, 2004
***************
*** 226,232 ****
an application that handles XPM images, if they could escape ProPolice.
! A source code patch exists which remedies this problem.
018: SECURITY FIX: September 10, 2004
--- 228,234 ----
an application that handles XPM images, if they could escape ProPolice.
! A source code patch exists which remedies this problem.
018: SECURITY FIX: September 10, 2004
***************
*** 237,243 ****
dbm file.
! A source code patch exists which remedies this problem.
017: RELIABILITY FIX: August 29, 2004
--- 239,245 ----
dbm file.
! A source code patch exists which remedies this problem.
017: RELIABILITY FIX: August 29, 2004
***************
*** 247,253 ****
.
! A source code patch exists which remedies this problem.
016: RELIABILITY FIX: August 26, 2004
--- 249,255 ----
.
! A source code patch exists which remedies this problem.
016: RELIABILITY FIX: August 26, 2004
***************
*** 258,264 ****
with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
! A source code patch exists which remedies this problem.
015: RELIABILITY FIX: August 25, 2004
--- 260,266 ----
with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
! A source code patch exists which remedies this problem.
015: RELIABILITY FIX: August 25, 2004
***************
*** 268,274 ****
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
! A source code patch exists which remedies this problem.
014: RELIABILITY FIX: July 25, 2004
--- 270,276 ----
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
! A source code patch exists which remedies this problem.
014: RELIABILITY FIX: July 25, 2004
***************
*** 277,283 ****
manifested itself as a FPU related crash on boot up.
! A source code patch exists which remedies this problem.
013: SECURITY FIX: June 12, 2004
--- 279,285 ----
manifested itself as a FPU related crash on boot up.
! A source code patch exists which remedies this problem.
013: SECURITY FIX: June 12, 2004
***************
*** 290,296 ****
CAN-2004-0492.
! A source code patch exists which remedies this problem.
012: SECURITY FIX: June 10, 2004
--- 292,298 ----
CAN-2004-0492.
! A source code patch exists which remedies this problem.
012: SECURITY FIX: June 10, 2004
***************
*** 302,308 ****
tunnels at will.
! A source code patch exists which remedies this problem.
011: SECURITY FIX: June 9, 2004
--- 304,310 ----
tunnels at will.
! A source code patch exists which remedies this problem.
011: SECURITY FIX: June 9, 2004
***************
*** 312,318 ****
code with the same privileges as the CVS server program.
! A source code patch exists which remedies this problem.
010: RELIABILITY FIX: June 9, 2004
--- 314,320 ----
code with the same privileges as the CVS server program.
! A source code patch exists which remedies this problem.
010: RELIABILITY FIX: June 9, 2004
***************
*** 322,334 ****
mail server which could go into an infinite loop and consume all CPU.
! A source code patch exists which remedies this problem.
! 009: SECURITY FIX: May 30,
! 2004
! A flaw in the Kerberos V kdc(8)
server could result in the administrator of a Kerberos realm having
the ability to impersonate any principal in any other realm which
has established a cross-realm trust with their realm. The flaw is due to
--- 324,335 ----
mail server which could go into an infinite loop and consume all CPU.
! A source code patch exists which remedies this problem.
! 009: SECURITY FIX: May 30, 2004
! A flaw in the Kerberos V
! kdc(8)
server could result in the administrator of a Kerberos realm having
the ability to impersonate any principal in any other realm which
has established a cross-realm trust with their realm. The flaw is due to
***************
*** 336,364 ****
more details see
Heimdal's announcement.
!
! A source code patch exists which remedies this problem.
! 008: SECURITY FIX: May 26,
! 2004
With the introduction of IPv6 code in
! xdm(1),
one test on the 'requestPort' resource was deleted by accident. This
makes xdm create the chooser socket even if xdmcp is disabled in
xdm-config, by setting requestPort to 0. See
XFree86
bugzilla for details.
!
! A source code patch exists which remedies this problem.
! 007: SECURITY FIX: May 20,
! 2004
A heap overflow in the
cvs(1)
server has been discovered that can be exploited by clients sending
--- 337,360 ----
more details see
Heimdal's announcement.
!
! A source code patch exists which remedies this problem.
! 008: SECURITY FIX: May 26, 2004
With the introduction of IPv6 code in
! xdm(1),
one test on the 'requestPort' resource was deleted by accident. This
makes xdm create the chooser socket even if xdmcp is disabled in
xdm-config, by setting requestPort to 0. See
XFree86
bugzilla for details.
!
! A source code patch exists which remedies this problem.
! 007: SECURITY FIX: May 20, 2004
A heap overflow in the
cvs(1)
server has been discovered that can be exploited by clients sending
***************
*** 366,392 ****
with the same privileges as the CVS server program.
! A source code patch exists which remedies this problem.
! 006: SECURITY FIX: May 13,
! 2004
Check for integer overflow in procfs. Use of procfs is not recommended.
! A source code patch exists which remedies this problem.
! 005: RELIABILITY FIX: May 6,
! 2004
Reply to in-window SYN with a rate-limited ACK.
! A source code patch exists which remedies this problem.
! 004: RELIABILITY FIX: May 5,
! 2004
Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e.
siop(4),
trm(4),
--- 362,385 ----
with the same privileges as the CVS server program.
! A source code patch exists which remedies this problem.
! 006: SECURITY FIX: May 13, 2004
Check for integer overflow in procfs. Use of procfs is not recommended.
! A source code patch exists which remedies this problem.
! 005: RELIABILITY FIX: May 6, 2004
Reply to in-window SYN with a rate-limited ACK.
! A source code patch exists which remedies this problem.
! 004: RELIABILITY FIX: May 5, 2004
Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e.
siop(4),
trm(4),
***************
*** 394,414 ****
).
! A source code patch exists which remedies this problem.
! 003: RELIABILITY FIX: May 5,
! 2004
Under load "recent model"
gdt(4)
controllers will lock up.
! A source code patch exists which remedies this problem.
! 002: SECURITY FIX: May 5,
! 2004
Pathname validation problems have been found in
cvs(1),
allowing malicious clients to create files outside the repository, allowing
--- 387,405 ----
).
! A source code patch exists which remedies this problem.
! 003: RELIABILITY FIX: May 5, 2004
Under load "recent model"
gdt(4)
controllers will lock up.
! A source code patch exists which remedies this problem.
! 002: SECURITY FIX: May 5, 2004
Pathname validation problems have been found in
cvs(1),
allowing malicious clients to create files outside the repository, allowing
***************
*** 417,423 ****
repository.
! A source code patch exists which remedies this problem.
--- 408,414 ----
repository.
! A source code patch exists which remedies this problem.
***************
*** 431,446 ****
functions to prevent their misuse.
! A source code patch exists which remedies this problem.
-
-
alpha
-
- - No problems identified yet.
-
-
amd64
amd64
-
-
cats
-
- - No problems identified yet.
-
-
-
-
mac68k
-
- - No problems identified yet.
-
-
-
-
sparc
-
- - No problems identified yet.
-
-
-
-
sparc64
-
- - No problems identified yet.
-
-
-
-
hppa
-
- - No problems identified yet.
-
-
-
-
hp300
-
- - No problems identified yet.
-
-
-
-
mvme68k
-
- - No problems identified yet.
-
-
-
-
mvme88k
-
- - No problems identified yet.
-
-
macppc
macppc
***************
*** 514,523 ****
-
-
vax
-
- - No problems identified yet.
--- 451,456 ----