===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata35.html,v
retrieving revision 1.47
retrieving revision 1.48
diff -c -r1.47 -r1.48
*** www/errata35.html 2014/03/31 03:12:47 1.47
--- www/errata35.html 2014/03/31 03:36:54 1.48
***************
*** 76,86 ****
-
- All architectures
-
! 033: SECURITY FIX: April 28, 2005
Fix a buffer overflow, memory leaks, and NULL pointer dereference in
cvs(1)
. None of these issues are known to be exploitable.
--- 76,84 ----
-
! 033: SECURITY FIX: April 28, 2005 All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in
cvs(1)
. None of these issues are known to be exploitable.
***************
*** 92,98 ****
-
! 032: RELIABILITY FIX: April 4, 2005
Handle an edge condition in
tcp(4)
timestamps.
--- 90,96 ----
-
! 032: RELIABILITY FIX: April 4, 2005 All architectures
Handle an edge condition in
tcp(4)
timestamps.
***************
*** 102,108 ****
-
! 031: SECURITY FIX: March 30, 2005
Due to buffer overflows in
telnet(1)
, a malicious server or man-in-the-middle attack could allow execution of
--- 100,106 ----
-
! 031: SECURITY FIX: March 30, 2005 All architectures
Due to buffer overflows in
telnet(1)
, a malicious server or man-in-the-middle attack could allow execution of
***************
*** 115,121 ****
-
! 030: RELIABILITY FIX: March 30, 2005
Bugs in the
tcp(4)
stack can lead to memory exhaustion or processing of TCP segments with
--- 113,119 ----
-
! 030: RELIABILITY FIX: March 30, 2005 All architectures
Bugs in the
tcp(4)
stack can lead to memory exhaustion or processing of TCP segments with
***************
*** 127,133 ****
-
! 027: RELIABILITY FIX: January 11, 2005
A bug in the
tcp(4)
stack allows an invalid argument to be used in calculating the TCP
--- 125,131 ----
-
! 027: RELIABILITY FIX: January 11, 2005 All architectures
A bug in the
tcp(4)
stack allows an invalid argument to be used in calculating the TCP
***************
*** 139,145 ****
-
! 026: SECURITY FIX: January 12, 2005
httpd(8)
's mod_include module fails to properly validate the length of
user supplied tag strings prior to copying them to a local buffer,
--- 137,143 ----
-
! 026: SECURITY FIX: January 12, 2005 All architectures
httpd(8)
's mod_include module fails to properly validate the length of
user supplied tag strings prior to copying them to a local buffer,
***************
*** 153,159 ****
-
! 025: RELIABILITY FIX: January 6, 2005
The
getcwd(3)
library function contains a memory management error, which causes failure
--- 151,157 ----
-
! 025: RELIABILITY FIX: January 6, 2005 All architectures
The
getcwd(3)
library function contains a memory management error, which causes failure
***************
*** 164,170 ****
-
! 024: SECURITY FIX: December 14, 2004
On systems running
isakmpd(8)
it is possible for a local user to cause kernel memory corruption
--- 162,168 ----
-
! 024: SECURITY FIX: December 14, 2004 All architectures
On systems running
isakmpd(8)
it is possible for a local user to cause kernel memory corruption
***************
*** 176,182 ****
A source code patch exists which remedies this problem.
-
! 023: RELIABILITY FIX: November 10, 2004
Due to a bug in
lynx(1)
it is possible for pages such as
--- 174,180 ----
A source code patch exists which remedies this problem.
-
! 023: RELIABILITY FIX: November 10, 2004 All architectures
Due to a bug in
lynx(1)
it is possible for pages such as
***************
*** 189,195 ****
A source code patch exists which remedies this problem.
-
! 022: RELIABILITY FIX: November 10, 2004
pppd(8)
contains a bug that allows an attacker to crash his own connection, but it cannot
be used to deny service to other users.
--- 187,193 ----
A source code patch exists which remedies this problem.
-
! 022: RELIABILITY FIX: November 10, 2004 All architectures
pppd(8)
contains a bug that allows an attacker to crash his own connection, but it cannot
be used to deny service to other users.
***************
*** 198,204 ****
A source code patch exists which remedies this problem.
-
! 021: RELIABILITY FIX: November 10, 2004
BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in
cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
thus slow DNS queries.
--- 196,202 ----
A source code patch exists which remedies this problem.
-
! 021: RELIABILITY FIX: November 10, 2004 All architectures
BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in
cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
thus slow DNS queries.
***************
*** 207,213 ****
A source code patch exists which remedies this problem.
-
! 020: SECURITY FIX: September 20, 2004
Eilko Bos reported that radius authentication, as implemented by
login_radius(8),
was not checking the shared secret used for replies sent by the radius server.
--- 205,211 ----
A source code patch exists which remedies this problem.
-
! 020: SECURITY FIX: September 20, 2004 All architectures
Eilko Bos reported that radius authentication, as implemented by
login_radius(8),
was not checking the shared secret used for replies sent by the radius server.
***************
*** 218,224 ****
A source code patch exists which remedies this problem.
-
! 019: SECURITY FIX: September 16, 2004
Chris Evans reported several flaws (stack and integer overflows) in the
Xpm
library code that parses image files
--- 216,222 ----
A source code patch exists which remedies this problem.
-
! 019: SECURITY FIX: September 16, 2004 All architectures
Chris Evans reported several flaws (stack and integer overflows) in the
Xpm
library code that parses image files
***************
*** 231,237 ****
A source code patch exists which remedies this problem.
-
! 018: SECURITY FIX: September 10, 2004
httpd(8)
's mod_rewrite module can be made to write one zero byte in an arbitrary memory
position outside of a char array, causing a DoS or possibly buffer overflows.
--- 229,235 ----
A source code patch exists which remedies this problem.
-
! 018: SECURITY FIX: September 10, 2004 All architectures
httpd(8)
's mod_rewrite module can be made to write one zero byte in an arbitrary memory
position outside of a char array, causing a DoS or possibly buffer overflows.
***************
*** 242,248 ****
A source code patch exists which remedies this problem.
-
! 017: RELIABILITY FIX: August 29, 2004
Due to incorrect error handling in zlib an attacker could potentially cause a Denial
of Service attack.
CAN-2004-0797
--- 240,246 ----
A source code patch exists which remedies this problem.
-
! 017: RELIABILITY FIX: August 29, 2004 All architectures
Due to incorrect error handling in zlib an attacker could potentially cause a Denial
of Service attack.
CAN-2004-0797
***************
*** 252,258 ****
A source code patch exists which remedies this problem.
-
! 016: RELIABILITY FIX: August 26, 2004
As
reported
by Vafa Izadinia
--- 250,256 ----
A source code patch exists which remedies this problem.
-
! 016: RELIABILITY FIX: August 26, 2004 All architectures
As
reported
by Vafa Izadinia
***************
*** 263,269 ****
A source code patch exists which remedies this problem.
-
! 015: RELIABILITY FIX: August 25, 2004
Improved verification of ICMP errors in order to minimize the impact of ICMP attacks
against TCP.
--- 261,267 ----
A source code patch exists which remedies this problem.
-
! 015: RELIABILITY FIX: August 25, 2004 All architectures
Improved verification of ICMP errors in order to minimize the impact of ICMP attacks
against TCP.
***************
*** 273,279 ****
A source code patch exists which remedies this problem.
-
! 014: RELIABILITY FIX: July 25, 2004
Under a certain network load the kernel can run out of stack space. This was
encountered in an environment using CARP on a VLAN interface. This issue initially
manifested itself as a FPU related crash on boot up.
--- 271,277 ----
A source code patch exists which remedies this problem.
-
! 014: RELIABILITY FIX: July 25, 2004 All architectures
Under a certain network load the kernel can run out of stack space. This was
encountered in an environment using CARP on a VLAN interface. This issue initially
manifested itself as a FPU related crash on boot up.
***************
*** 282,288 ****
A source code patch exists which remedies this problem.
-
! 013: SECURITY FIX: June 12, 2004
Multiple vulnerabilities have been found in
httpd(8)
/ mod_ssl.
--- 280,286 ----
A source code patch exists which remedies this problem.
-
! 013: SECURITY FIX: June 12, 2004 All architectures
Multiple vulnerabilities have been found in
httpd(8)
/ mod_ssl.
***************
*** 295,301 ****
A source code patch exists which remedies this problem.
-
! 012: SECURITY FIX: June 10, 2004
As
disclosed
by Thomas Walpuski
--- 293,299 ----
A source code patch exists which remedies this problem.
-
! 012: SECURITY FIX: June 10, 2004 All architectures
As
disclosed
by Thomas Walpuski
***************
*** 307,313 ****
A source code patch exists which remedies this problem.
-
! 011: SECURITY FIX: June 9, 2004
Multiple remote vulnerabilities have been found in the
cvs(1)
server that allow an attacker to crash the server or possibly execute arbitrary
--- 305,311 ----
A source code patch exists which remedies this problem.
-
! 011: SECURITY FIX: June 9, 2004 All architectures
Multiple remote vulnerabilities have been found in the
cvs(1)
server that allow an attacker to crash the server or possibly execute arbitrary
***************
*** 317,323 ****
A source code patch exists which remedies this problem.
-
! 010: RELIABILITY FIX: June 9, 2004
A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in
non-blocking mode for writing when there are no processes reading the FIFO.
One program affected by this is the qmail
--- 315,321 ----
A source code patch exists which remedies this problem.
-
! 010: RELIABILITY FIX: June 9, 2004 All architectures
A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in
non-blocking mode for writing when there are no processes reading the FIFO.
One program affected by this is the qmail
***************
*** 327,333 ****
A source code patch exists which remedies this problem.
-
! 009: SECURITY FIX: May 30, 2004
A flaw in the Kerberos V
kdc(8)
server could result in the administrator of a Kerberos realm having
--- 325,331 ----
A source code patch exists which remedies this problem.
-
! 009: SECURITY FIX: May 30, 2004 All architectures
A flaw in the Kerberos V
kdc(8)
server could result in the administrator of a Kerberos realm having
***************
*** 341,347 ****
A source code patch exists which remedies this problem.
-
! 008: SECURITY FIX: May 26, 2004
With the introduction of IPv6 code in
xdm(1),
one test on the 'requestPort' resource was deleted by accident. This
--- 339,345 ----
A source code patch exists which remedies this problem.
-
! 008: SECURITY FIX: May 26, 2004 All architectures
With the introduction of IPv6 code in
xdm(1),
one test on the 'requestPort' resource was deleted by accident. This
***************
*** 354,360 ****
A source code patch exists which remedies this problem.
-
! 007: SECURITY FIX: May 20, 2004
A heap overflow in the
cvs(1)
server has been discovered that can be exploited by clients sending
--- 352,358 ----
A source code patch exists which remedies this problem.
-
! 007: SECURITY FIX: May 20, 2004 All architectures
A heap overflow in the
cvs(1)
server has been discovered that can be exploited by clients sending
***************
*** 365,385 ****
A source code patch exists which remedies this problem.
-
! 006: SECURITY FIX: May 13, 2004
Check for integer overflow in procfs. Use of procfs is not recommended.
A source code patch exists which remedies this problem.
-
! 005: RELIABILITY FIX: May 6, 2004
Reply to in-window SYN with a rate-limited ACK.
A source code patch exists which remedies this problem.
-
! 004: RELIABILITY FIX: May 5, 2004
Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e.
siop(4),
trm(4),
--- 363,383 ----
A source code patch exists which remedies this problem.
-
! 006: SECURITY FIX: May 13, 2004 All architectures
Check for integer overflow in procfs. Use of procfs is not recommended.
A source code patch exists which remedies this problem.
-
! 005: RELIABILITY FIX: May 6, 2004 All architectures
Reply to in-window SYN with a rate-limited ACK.
A source code patch exists which remedies this problem.
-
! 004: RELIABILITY FIX: May 5, 2004 All architectures
Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e.
siop(4),
trm(4),
***************
*** 390,396 ****
A source code patch exists which remedies this problem.
-
! 003: RELIABILITY FIX: May 5, 2004
Under load "recent model"
gdt(4)
controllers will lock up.
--- 388,394 ----
A source code patch exists which remedies this problem.
-
! 003: RELIABILITY FIX: May 5, 2004 All architectures
Under load "recent model"
gdt(4)
controllers will lock up.
***************
*** 399,405 ****
A source code patch exists which remedies this problem.
-
! 002: SECURITY FIX: May 5, 2004
Pathname validation problems have been found in
cvs(1),
allowing malicious clients to create files outside the repository, allowing
--- 397,403 ----
A source code patch exists which remedies this problem.
-
! 002: SECURITY FIX: May 5, 2004 All architectures
Pathname validation problems have been found in
cvs(1),
allowing malicious clients to create files outside the repository, allowing