=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata35.html,v retrieving revision 1.49 retrieving revision 1.50 diff -c -r1.49 -r1.50 *** www/errata35.html 2014/03/31 04:11:40 1.49 --- www/errata35.html 2014/03/31 16:02:48 1.50 *************** *** 78,84 ****

! 033: SECURITY FIX: April 28, 2005 All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in cvs(1) . None of these issues are known to be exploitable. --- 78,85 ----
- ! 033: SECURITY FIX: April 28, 2005 ! All architectures
  Fix a buffer overflow, memory leaks, and NULL pointer dereference in cvs(1) . None of these issues are known to be exploitable. *************** *** 90,96 ****
- ! 032: RELIABILITY FIX: April 4, 2005 All architectures
  Handle an edge condition in tcp(4) timestamps. --- 91,98 ----
- ! 032: RELIABILITY FIX: April 4, 2005 ! All architectures
  Handle an edge condition in tcp(4) timestamps. *************** *** 100,106 ****
- ! 031: SECURITY FIX: March 30, 2005 All architectures
  Due to buffer overflows in telnet(1) , a malicious server or man-in-the-middle attack could allow execution of --- 102,109 ----
- ! 031: SECURITY FIX: March 30, 2005 ! All architectures
  Due to buffer overflows in telnet(1) , a malicious server or man-in-the-middle attack could allow execution of *************** *** 113,119 ****
- ! 030: RELIABILITY FIX: March 30, 2005 All architectures
  Bugs in the tcp(4) stack can lead to memory exhaustion or processing of TCP segments with --- 116,123 ----
- ! 030: RELIABILITY FIX: March 30, 2005 ! All architectures
  Bugs in the tcp(4) stack can lead to memory exhaustion or processing of TCP segments with *************** *** 124,130 ****
- ! 029: SECURITY FIX: March 16, 2005 amd64 only
  More stringent checking should be done in the copy(9) functions to prevent their misuse. --- 128,135 ----
- ! 029: SECURITY FIX: March 16, 2005 ! amd64 only
  More stringent checking should be done in the copy(9) functions to prevent their misuse. *************** *** 134,140 ****
- ! 028: SECURITY FIX: February 28, 2005 i386 only
  More stringent checking should be done in the copy(9) functions to prevent their misuse. --- 139,146 ----
- ! 028: SECURITY FIX: February 28, 2005 ! i386 only
  More stringent checking should be done in the copy(9) functions to prevent their misuse. *************** *** 144,150 ****
- ! 027: RELIABILITY FIX: January 11, 2005 All architectures
  A bug in the tcp(4) stack allows an invalid argument to be used in calculating the TCP --- 150,157 ----
- ! 027: RELIABILITY FIX: January 11, 2005 ! All architectures
  A bug in the tcp(4) stack allows an invalid argument to be used in calculating the TCP *************** *** 156,162 ****
- ! 026: SECURITY FIX: January 12, 2005 All architectures
  httpd(8) 's mod_include module fails to properly validate the length of user supplied tag strings prior to copying them to a local buffer, --- 163,170 ----
- ! 026: SECURITY FIX: January 12, 2005 ! All architectures
  httpd(8) 's mod_include module fails to properly validate the length of user supplied tag strings prior to copying them to a local buffer, *************** *** 170,176 ****
- ! 025: RELIABILITY FIX: January 6, 2005 All architectures
  The getcwd(3) library function contains a memory management error, which causes failure --- 178,185 ----
- ! 025: RELIABILITY FIX: January 6, 2005 ! All architectures
  The getcwd(3) library function contains a memory management error, which causes failure *************** *** 181,187 ****
- ! 024: SECURITY FIX: December 14, 2004 All architectures
  On systems running isakmpd(8) it is possible for a local user to cause kernel memory corruption --- 190,197 ----
- ! 024: SECURITY FIX: December 14, 2004 ! All architectures
  On systems running isakmpd(8) it is possible for a local user to cause kernel memory corruption *************** *** 193,199 **** A source code patch exists which remedies this problem.
- ! 023: RELIABILITY FIX: November 10, 2004 All architectures
  Due to a bug in lynx(1) it is possible for pages such as --- 203,210 ---- A source code patch exists which remedies this problem.
- ! 023: RELIABILITY FIX: November 10, 2004 ! All architectures
  Due to a bug in lynx(1) it is possible for pages such as *************** *** 206,212 **** A source code patch exists which remedies this problem.
- ! 022: RELIABILITY FIX: November 10, 2004 All architectures
  pppd(8) contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users. --- 217,224 ---- A source code patch exists which remedies this problem.
- ! 022: RELIABILITY FIX: November 10, 2004 ! All architectures
  pppd(8) contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users. *************** *** 215,221 **** A source code patch exists which remedies this problem.
- ! 021: RELIABILITY FIX: November 10, 2004 All architectures
  BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries. --- 227,234 ---- A source code patch exists which remedies this problem.
- ! 021: RELIABILITY FIX: November 10, 2004 ! All architectures
  BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries. *************** *** 224,230 **** A source code patch exists which remedies this problem.
- ! 020: SECURITY FIX: September 20, 2004 All architectures
  Eilko Bos reported that radius authentication, as implemented by login_radius(8), was not checking the shared secret used for replies sent by the radius server. --- 237,244 ---- A source code patch exists which remedies this problem.
- ! 020: SECURITY FIX: September 20, 2004 ! All architectures
  Eilko Bos reported that radius authentication, as implemented by login_radius(8), was not checking the shared secret used for replies sent by the radius server. *************** *** 235,241 **** A source code patch exists which remedies this problem.
- ! 019: SECURITY FIX: September 16, 2004 All architectures
  Chris Evans reported several flaws (stack and integer overflows) in the Xpm library code that parses image files --- 249,256 ---- A source code patch exists which remedies this problem.
- ! 019: SECURITY FIX: September 16, 2004 ! All architectures
  Chris Evans reported several flaws (stack and integer overflows) in the Xpm library code that parses image files *************** *** 248,254 **** A source code patch exists which remedies this problem.
- ! 018: SECURITY FIX: September 10, 2004 All architectures
  httpd(8) 's mod_rewrite module can be made to write one zero byte in an arbitrary memory position outside of a char array, causing a DoS or possibly buffer overflows. --- 263,270 ---- A source code patch exists which remedies this problem.
- ! 018: SECURITY FIX: September 10, 2004 ! All architectures
  httpd(8) 's mod_rewrite module can be made to write one zero byte in an arbitrary memory position outside of a char array, causing a DoS or possibly buffer overflows. *************** *** 259,265 **** A source code patch exists which remedies this problem.
- ! 017: RELIABILITY FIX: August 29, 2004 All architectures
  Due to incorrect error handling in zlib an attacker could potentially cause a Denial of Service attack. CAN-2004-0797 --- 275,282 ---- A source code patch exists which remedies this problem.
- ! 017: RELIABILITY FIX: August 29, 2004 ! All architectures
  Due to incorrect error handling in zlib an attacker could potentially cause a Denial of Service attack. CAN-2004-0797 *************** *** 269,275 **** A source code patch exists which remedies this problem.
- ! 016: RELIABILITY FIX: August 26, 2004 All architectures
  As reported by Vafa Izadinia --- 286,293 ---- A source code patch exists which remedies this problem.
- ! 016: RELIABILITY FIX: August 26, 2004 ! All architectures
  As reported by Vafa Izadinia *************** *** 280,286 **** A source code patch exists which remedies this problem.
- ! 015: RELIABILITY FIX: August 25, 2004 All architectures
  Improved verification of ICMP errors in order to minimize the impact of ICMP attacks against TCP.
  --- 298,305 ---- A source code patch exists which remedies this problem.
- ! 015: RELIABILITY FIX: August 25, 2004 ! All architectures
  Improved verification of ICMP errors in order to minimize the impact of ICMP attacks against TCP.
  *************** *** 290,296 **** A source code patch exists which remedies this problem.
- ! 014: RELIABILITY FIX: July 25, 2004 All architectures
  Under a certain network load the kernel can run out of stack space. This was encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up. --- 309,316 ---- A source code patch exists which remedies this problem.
- ! 014: RELIABILITY FIX: July 25, 2004 ! All architectures
  Under a certain network load the kernel can run out of stack space. This was encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up. *************** *** 299,305 **** A source code patch exists which remedies this problem.
- ! 013: SECURITY FIX: June 12, 2004 All architectures
  Multiple vulnerabilities have been found in httpd(8) / mod_ssl. --- 319,326 ---- A source code patch exists which remedies this problem.
- ! 013: SECURITY FIX: June 12, 2004 ! All architectures
  Multiple vulnerabilities have been found in httpd(8) / mod_ssl. *************** *** 312,318 **** A source code patch exists which remedies this problem.
- ! 012: SECURITY FIX: June 10, 2004 All architectures
  As disclosed by Thomas Walpuski --- 333,340 ---- A source code patch exists which remedies this problem.
- ! 012: SECURITY FIX: June 10, 2004 ! All architectures
  As disclosed by Thomas Walpuski *************** *** 324,330 **** A source code patch exists which remedies this problem.
- ! 011: SECURITY FIX: June 9, 2004 All architectures
  Multiple remote vulnerabilities have been found in the cvs(1) server that allow an attacker to crash the server or possibly execute arbitrary --- 346,353 ---- A source code patch exists which remedies this problem.
- ! 011: SECURITY FIX: June 9, 2004 ! All architectures
  Multiple remote vulnerabilities have been found in the cvs(1) server that allow an attacker to crash the server or possibly execute arbitrary *************** *** 334,340 **** A source code patch exists which remedies this problem.
- ! 010: RELIABILITY FIX: June 9, 2004 All architectures
  A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in non-blocking mode for writing when there are no processes reading the FIFO. One program affected by this is the qmail --- 357,364 ---- A source code patch exists which remedies this problem.
- ! 010: RELIABILITY FIX: June 9, 2004 ! All architectures
  A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in non-blocking mode for writing when there are no processes reading the FIFO. One program affected by this is the qmail *************** *** 344,350 **** A source code patch exists which remedies this problem.
- ! 009: SECURITY FIX: May 30, 2004 All architectures
  A flaw in the Kerberos V kdc(8) server could result in the administrator of a Kerberos realm having --- 368,375 ---- A source code patch exists which remedies this problem.
- ! 009: SECURITY FIX: May 30, 2004 ! All architectures
  A flaw in the Kerberos V kdc(8) server could result in the administrator of a Kerberos realm having *************** *** 358,364 **** A source code patch exists which remedies this problem.
- ! 008: SECURITY FIX: May 26, 2004 All architectures
  With the introduction of IPv6 code in xdm(1), one test on the 'requestPort' resource was deleted by accident. This --- 383,390 ---- A source code patch exists which remedies this problem.
- ! 008: SECURITY FIX: May 26, 2004 ! All architectures
  With the introduction of IPv6 code in xdm(1), one test on the 'requestPort' resource was deleted by accident. This *************** *** 371,377 **** A source code patch exists which remedies this problem.
- ! 007: SECURITY FIX: May 20, 2004 All architectures
  A heap overflow in the cvs(1) server has been discovered that can be exploited by clients sending --- 397,404 ---- A source code patch exists which remedies this problem.
- ! 007: SECURITY FIX: May 20, 2004 ! All architectures
  A heap overflow in the cvs(1) server has been discovered that can be exploited by clients sending *************** *** 382,402 **** A source code patch exists which remedies this problem.
- ! 006: SECURITY FIX: May 13, 2004 All architectures
  Check for integer overflow in procfs. Use of procfs is not recommended.
  A source code patch exists which remedies this problem.
- ! 005: RELIABILITY FIX: May 6, 2004 All architectures
  Reply to in-window SYN with a rate-limited ACK.
  A source code patch exists which remedies this problem.
- ! 004: RELIABILITY FIX: May 5, 2004 All architectures
  Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e. siop(4), trm(4), --- 409,432 ---- A source code patch exists which remedies this problem.
- ! 006: SECURITY FIX: May 13, 2004 ! All architectures
  Check for integer overflow in procfs. Use of procfs is not recommended.
  A source code patch exists which remedies this problem.
- ! 005: RELIABILITY FIX: May 6, 2004 ! All architectures
  Reply to in-window SYN with a rate-limited ACK.
  A source code patch exists which remedies this problem.
- ! 004: RELIABILITY FIX: May 5, 2004 ! All architectures
  Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e. siop(4), trm(4), *************** *** 407,413 **** A source code patch exists which remedies this problem.
- ! 003: RELIABILITY FIX: May 5, 2004 All architectures
  Under load "recent model" gdt(4) controllers will lock up. --- 437,444 ---- A source code patch exists which remedies this problem.
- ! 003: RELIABILITY FIX: May 5, 2004 ! All architectures
  Under load "recent model" gdt(4) controllers will lock up. *************** *** 416,422 **** A source code patch exists which remedies this problem.
- ! 002: SECURITY FIX: May 5, 2004 All architectures
  Pathname validation problems have been found in cvs(1), allowing malicious clients to create files outside the repository, allowing --- 447,454 ---- A source code patch exists which remedies this problem.
- ! 002: SECURITY FIX: May 5, 2004 ! All architectures
  Pathname validation problems have been found in cvs(1), allowing malicious clients to create files outside the repository, allowing