=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata35.html,v retrieving revision 1.47 retrieving revision 1.48 diff -c -r1.47 -r1.48 *** www/errata35.html 2014/03/31 03:12:47 1.47 --- www/errata35.html 2014/03/31 03:36:54 1.48 *************** *** 76,86 ****

- -

All architectures

! 033: SECURITY FIX: April 28, 2005
Fix a buffer overflow, memory leaks, and NULL pointer dereference in cvs(1) . None of these issues are known to be exploitable. --- 76,84 ----
- ! 033: SECURITY FIX: April 28, 2005 All architectures
  Fix a buffer overflow, memory leaks, and NULL pointer dereference in cvs(1) . None of these issues are known to be exploitable. *************** *** 92,98 ****
- ! 032: RELIABILITY FIX: April 4, 2005
  Handle an edge condition in tcp(4) timestamps. --- 90,96 ----
- ! 032: RELIABILITY FIX: April 4, 2005 All architectures
  Handle an edge condition in tcp(4) timestamps. *************** *** 102,108 ****
- ! 031: SECURITY FIX: March 30, 2005
  Due to buffer overflows in telnet(1) , a malicious server or man-in-the-middle attack could allow execution of --- 100,106 ----
- ! 031: SECURITY FIX: March 30, 2005 All architectures
  Due to buffer overflows in telnet(1) , a malicious server or man-in-the-middle attack could allow execution of *************** *** 115,121 ****
- ! 030: RELIABILITY FIX: March 30, 2005
  Bugs in the tcp(4) stack can lead to memory exhaustion or processing of TCP segments with --- 113,119 ----
- ! 030: RELIABILITY FIX: March 30, 2005 All architectures
  Bugs in the tcp(4) stack can lead to memory exhaustion or processing of TCP segments with *************** *** 127,133 ****
- ! 027: RELIABILITY FIX: January 11, 2005
  A bug in the tcp(4) stack allows an invalid argument to be used in calculating the TCP --- 125,131 ----
- ! 027: RELIABILITY FIX: January 11, 2005 All architectures
  A bug in the tcp(4) stack allows an invalid argument to be used in calculating the TCP *************** *** 139,145 ****
- ! 026: SECURITY FIX: January 12, 2005
  httpd(8) 's mod_include module fails to properly validate the length of user supplied tag strings prior to copying them to a local buffer, --- 137,143 ----
- ! 026: SECURITY FIX: January 12, 2005 All architectures
  httpd(8) 's mod_include module fails to properly validate the length of user supplied tag strings prior to copying them to a local buffer, *************** *** 153,159 ****
- ! 025: RELIABILITY FIX: January 6, 2005
  The getcwd(3) library function contains a memory management error, which causes failure --- 151,157 ----
- ! 025: RELIABILITY FIX: January 6, 2005 All architectures
  The getcwd(3) library function contains a memory management error, which causes failure *************** *** 164,170 ****
- ! 024: SECURITY FIX: December 14, 2004
  On systems running isakmpd(8) it is possible for a local user to cause kernel memory corruption --- 162,168 ----
- ! 024: SECURITY FIX: December 14, 2004 All architectures
  On systems running isakmpd(8) it is possible for a local user to cause kernel memory corruption *************** *** 176,182 **** A source code patch exists which remedies this problem.
- ! 023: RELIABILITY FIX: November 10, 2004
  Due to a bug in lynx(1) it is possible for pages such as --- 174,180 ---- A source code patch exists which remedies this problem.
- ! 023: RELIABILITY FIX: November 10, 2004 All architectures
  Due to a bug in lynx(1) it is possible for pages such as *************** *** 189,195 **** A source code patch exists which remedies this problem.
- ! 022: RELIABILITY FIX: November 10, 2004
  pppd(8) contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users. --- 187,193 ---- A source code patch exists which remedies this problem.
- ! 022: RELIABILITY FIX: November 10, 2004 All architectures
  pppd(8) contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users. *************** *** 198,204 **** A source code patch exists which remedies this problem.
- ! 021: RELIABILITY FIX: November 10, 2004
  BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries. --- 196,202 ---- A source code patch exists which remedies this problem.
- ! 021: RELIABILITY FIX: November 10, 2004 All architectures
  BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries. *************** *** 207,213 **** A source code patch exists which remedies this problem.
- ! 020: SECURITY FIX: September 20, 2004
  Eilko Bos reported that radius authentication, as implemented by login_radius(8), was not checking the shared secret used for replies sent by the radius server. --- 205,211 ---- A source code patch exists which remedies this problem.
- ! 020: SECURITY FIX: September 20, 2004 All architectures
  Eilko Bos reported that radius authentication, as implemented by login_radius(8), was not checking the shared secret used for replies sent by the radius server. *************** *** 218,224 **** A source code patch exists which remedies this problem.
- ! 019: SECURITY FIX: September 16, 2004
  Chris Evans reported several flaws (stack and integer overflows) in the Xpm library code that parses image files --- 216,222 ---- A source code patch exists which remedies this problem.
- ! 019: SECURITY FIX: September 16, 2004 All architectures
  Chris Evans reported several flaws (stack and integer overflows) in the Xpm library code that parses image files *************** *** 231,237 **** A source code patch exists which remedies this problem.
- ! 018: SECURITY FIX: September 10, 2004
  httpd(8) 's mod_rewrite module can be made to write one zero byte in an arbitrary memory position outside of a char array, causing a DoS or possibly buffer overflows. --- 229,235 ---- A source code patch exists which remedies this problem.
- ! 018: SECURITY FIX: September 10, 2004 All architectures
  httpd(8) 's mod_rewrite module can be made to write one zero byte in an arbitrary memory position outside of a char array, causing a DoS or possibly buffer overflows. *************** *** 242,248 **** A source code patch exists which remedies this problem.
- ! 017: RELIABILITY FIX: August 29, 2004
  Due to incorrect error handling in zlib an attacker could potentially cause a Denial of Service attack. CAN-2004-0797 --- 240,246 ---- A source code patch exists which remedies this problem.
- ! 017: RELIABILITY FIX: August 29, 2004 All architectures
  Due to incorrect error handling in zlib an attacker could potentially cause a Denial of Service attack. CAN-2004-0797 *************** *** 252,258 **** A source code patch exists which remedies this problem.
- ! 016: RELIABILITY FIX: August 26, 2004
  As reported by Vafa Izadinia --- 250,256 ---- A source code patch exists which remedies this problem.
- ! 016: RELIABILITY FIX: August 26, 2004 All architectures
  As reported by Vafa Izadinia *************** *** 263,269 **** A source code patch exists which remedies this problem.
- ! 015: RELIABILITY FIX: August 25, 2004
  Improved verification of ICMP errors in order to minimize the impact of ICMP attacks against TCP.
  --- 261,267 ---- A source code patch exists which remedies this problem.
- ! 015: RELIABILITY FIX: August 25, 2004 All architectures
  Improved verification of ICMP errors in order to minimize the impact of ICMP attacks against TCP.
  *************** *** 273,279 **** A source code patch exists which remedies this problem.
- ! 014: RELIABILITY FIX: July 25, 2004
  Under a certain network load the kernel can run out of stack space. This was encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up. --- 271,277 ---- A source code patch exists which remedies this problem.
- ! 014: RELIABILITY FIX: July 25, 2004 All architectures
  Under a certain network load the kernel can run out of stack space. This was encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up. *************** *** 282,288 **** A source code patch exists which remedies this problem.
- ! 013: SECURITY FIX: June 12, 2004
  Multiple vulnerabilities have been found in httpd(8) / mod_ssl. --- 280,286 ---- A source code patch exists which remedies this problem.
- ! 013: SECURITY FIX: June 12, 2004 All architectures
  Multiple vulnerabilities have been found in httpd(8) / mod_ssl. *************** *** 295,301 **** A source code patch exists which remedies this problem.
- ! 012: SECURITY FIX: June 10, 2004
  As disclosed by Thomas Walpuski --- 293,299 ---- A source code patch exists which remedies this problem.
- ! 012: SECURITY FIX: June 10, 2004 All architectures
  As disclosed by Thomas Walpuski *************** *** 307,313 **** A source code patch exists which remedies this problem.
- ! 011: SECURITY FIX: June 9, 2004
  Multiple remote vulnerabilities have been found in the cvs(1) server that allow an attacker to crash the server or possibly execute arbitrary --- 305,311 ---- A source code patch exists which remedies this problem.
- ! 011: SECURITY FIX: June 9, 2004 All architectures
  Multiple remote vulnerabilities have been found in the cvs(1) server that allow an attacker to crash the server or possibly execute arbitrary *************** *** 317,323 **** A source code patch exists which remedies this problem.
- ! 010: RELIABILITY FIX: June 9, 2004
  A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in non-blocking mode for writing when there are no processes reading the FIFO. One program affected by this is the qmail --- 315,321 ---- A source code patch exists which remedies this problem.
- ! 010: RELIABILITY FIX: June 9, 2004 All architectures
  A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in non-blocking mode for writing when there are no processes reading the FIFO. One program affected by this is the qmail *************** *** 327,333 **** A source code patch exists which remedies this problem.
- ! 009: SECURITY FIX: May 30, 2004
  A flaw in the Kerberos V kdc(8) server could result in the administrator of a Kerberos realm having --- 325,331 ---- A source code patch exists which remedies this problem.
- ! 009: SECURITY FIX: May 30, 2004 All architectures
  A flaw in the Kerberos V kdc(8) server could result in the administrator of a Kerberos realm having *************** *** 341,347 **** A source code patch exists which remedies this problem.
- ! 008: SECURITY FIX: May 26, 2004
  With the introduction of IPv6 code in xdm(1), one test on the 'requestPort' resource was deleted by accident. This --- 339,345 ---- A source code patch exists which remedies this problem.
- ! 008: SECURITY FIX: May 26, 2004 All architectures
  With the introduction of IPv6 code in xdm(1), one test on the 'requestPort' resource was deleted by accident. This *************** *** 354,360 **** A source code patch exists which remedies this problem.
- ! 007: SECURITY FIX: May 20, 2004
  A heap overflow in the cvs(1) server has been discovered that can be exploited by clients sending --- 352,358 ---- A source code patch exists which remedies this problem.
- ! 007: SECURITY FIX: May 20, 2004 All architectures
  A heap overflow in the cvs(1) server has been discovered that can be exploited by clients sending *************** *** 365,385 **** A source code patch exists which remedies this problem.
- ! 006: SECURITY FIX: May 13, 2004
  Check for integer overflow in procfs. Use of procfs is not recommended.
  A source code patch exists which remedies this problem.
- ! 005: RELIABILITY FIX: May 6, 2004
  Reply to in-window SYN with a rate-limited ACK.
  A source code patch exists which remedies this problem.
- ! 004: RELIABILITY FIX: May 5, 2004
  Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e. siop(4), trm(4), --- 363,383 ---- A source code patch exists which remedies this problem.
- ! 006: SECURITY FIX: May 13, 2004 All architectures
  Check for integer overflow in procfs. Use of procfs is not recommended.
  A source code patch exists which remedies this problem.
- ! 005: RELIABILITY FIX: May 6, 2004 All architectures
  Reply to in-window SYN with a rate-limited ACK.
  A source code patch exists which remedies this problem.
- ! 004: RELIABILITY FIX: May 5, 2004 All architectures
  Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e. siop(4), trm(4), *************** *** 390,396 **** A source code patch exists which remedies this problem.
- ! 003: RELIABILITY FIX: May 5, 2004
  Under load "recent model" gdt(4) controllers will lock up. --- 388,394 ---- A source code patch exists which remedies this problem.
- ! 003: RELIABILITY FIX: May 5, 2004 All architectures
  Under load "recent model" gdt(4) controllers will lock up. *************** *** 399,405 **** A source code patch exists which remedies this problem.
- ! 002: SECURITY FIX: May 5, 2004
  Pathname validation problems have been found in cvs(1), allowing malicious clients to create files outside the repository, allowing --- 397,403 ---- A source code patch exists which remedies this problem.
- ! 002: SECURITY FIX: May 5, 2004 All architectures
  Pathname validation problems have been found in cvs(1), allowing malicious clients to create files outside the repository, allowing