===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata35.html,v
retrieving revision 1.49
retrieving revision 1.50
diff -c -r1.49 -r1.50
*** www/errata35.html 2014/03/31 04:11:40 1.49
--- www/errata35.html 2014/03/31 16:02:48 1.50
***************
*** 78,84 ****
-
! 033: SECURITY FIX: April 28, 2005 All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in
cvs(1)
. None of these issues are known to be exploitable.
--- 78,85 ----
-
! 033: SECURITY FIX: April 28, 2005
! All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in
cvs(1)
. None of these issues are known to be exploitable.
***************
*** 90,96 ****
-
! 032: RELIABILITY FIX: April 4, 2005 All architectures
Handle an edge condition in
tcp(4)
timestamps.
--- 91,98 ----
-
! 032: RELIABILITY FIX: April 4, 2005
! All architectures
Handle an edge condition in
tcp(4)
timestamps.
***************
*** 100,106 ****
-
! 031: SECURITY FIX: March 30, 2005 All architectures
Due to buffer overflows in
telnet(1)
, a malicious server or man-in-the-middle attack could allow execution of
--- 102,109 ----
-
! 031: SECURITY FIX: March 30, 2005
! All architectures
Due to buffer overflows in
telnet(1)
, a malicious server or man-in-the-middle attack could allow execution of
***************
*** 113,119 ****
-
! 030: RELIABILITY FIX: March 30, 2005 All architectures
Bugs in the
tcp(4)
stack can lead to memory exhaustion or processing of TCP segments with
--- 116,123 ----
-
! 030: RELIABILITY FIX: March 30, 2005
! All architectures
Bugs in the
tcp(4)
stack can lead to memory exhaustion or processing of TCP segments with
***************
*** 124,130 ****
-
! 029: SECURITY FIX: March 16, 2005 amd64 only
More stringent checking should be done in the
copy(9)
functions to prevent their misuse.
--- 128,135 ----
-
! 029: SECURITY FIX: March 16, 2005
! amd64 only
More stringent checking should be done in the
copy(9)
functions to prevent their misuse.
***************
*** 134,140 ****
-
! 028: SECURITY FIX: February 28, 2005 i386 only
More stringent checking should be done in the
copy(9)
functions to prevent their misuse.
--- 139,146 ----
-
! 028: SECURITY FIX: February 28, 2005
! i386 only
More stringent checking should be done in the
copy(9)
functions to prevent their misuse.
***************
*** 144,150 ****
-
! 027: RELIABILITY FIX: January 11, 2005 All architectures
A bug in the
tcp(4)
stack allows an invalid argument to be used in calculating the TCP
--- 150,157 ----
-
! 027: RELIABILITY FIX: January 11, 2005
! All architectures
A bug in the
tcp(4)
stack allows an invalid argument to be used in calculating the TCP
***************
*** 156,162 ****
-
! 026: SECURITY FIX: January 12, 2005 All architectures
httpd(8)
's mod_include module fails to properly validate the length of
user supplied tag strings prior to copying them to a local buffer,
--- 163,170 ----
-
! 026: SECURITY FIX: January 12, 2005
! All architectures
httpd(8)
's mod_include module fails to properly validate the length of
user supplied tag strings prior to copying them to a local buffer,
***************
*** 170,176 ****
-
! 025: RELIABILITY FIX: January 6, 2005 All architectures
The
getcwd(3)
library function contains a memory management error, which causes failure
--- 178,185 ----
-
! 025: RELIABILITY FIX: January 6, 2005
! All architectures
The
getcwd(3)
library function contains a memory management error, which causes failure
***************
*** 181,187 ****
-
! 024: SECURITY FIX: December 14, 2004 All architectures
On systems running
isakmpd(8)
it is possible for a local user to cause kernel memory corruption
--- 190,197 ----
-
! 024: SECURITY FIX: December 14, 2004
! All architectures
On systems running
isakmpd(8)
it is possible for a local user to cause kernel memory corruption
***************
*** 193,199 ****
A source code patch exists which remedies this problem.
-
! 023: RELIABILITY FIX: November 10, 2004 All architectures
Due to a bug in
lynx(1)
it is possible for pages such as
--- 203,210 ----
A source code patch exists which remedies this problem.
-
! 023: RELIABILITY FIX: November 10, 2004
! All architectures
Due to a bug in
lynx(1)
it is possible for pages such as
***************
*** 206,212 ****
A source code patch exists which remedies this problem.
-
! 022: RELIABILITY FIX: November 10, 2004 All architectures
pppd(8)
contains a bug that allows an attacker to crash his own connection, but it cannot
be used to deny service to other users.
--- 217,224 ----
A source code patch exists which remedies this problem.
-
! 022: RELIABILITY FIX: November 10, 2004
! All architectures
pppd(8)
contains a bug that allows an attacker to crash his own connection, but it cannot
be used to deny service to other users.
***************
*** 215,221 ****
A source code patch exists which remedies this problem.
-
! 021: RELIABILITY FIX: November 10, 2004 All architectures
BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in
cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
thus slow DNS queries.
--- 227,234 ----
A source code patch exists which remedies this problem.
-
! 021: RELIABILITY FIX: November 10, 2004
! All architectures
BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in
cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
thus slow DNS queries.
***************
*** 224,230 ****
A source code patch exists which remedies this problem.
-
! 020: SECURITY FIX: September 20, 2004 All architectures
Eilko Bos reported that radius authentication, as implemented by
login_radius(8),
was not checking the shared secret used for replies sent by the radius server.
--- 237,244 ----
A source code patch exists which remedies this problem.
-
! 020: SECURITY FIX: September 20, 2004
! All architectures
Eilko Bos reported that radius authentication, as implemented by
login_radius(8),
was not checking the shared secret used for replies sent by the radius server.
***************
*** 235,241 ****
A source code patch exists which remedies this problem.
-
! 019: SECURITY FIX: September 16, 2004 All architectures
Chris Evans reported several flaws (stack and integer overflows) in the
Xpm
library code that parses image files
--- 249,256 ----
A source code patch exists which remedies this problem.
-
! 019: SECURITY FIX: September 16, 2004
! All architectures
Chris Evans reported several flaws (stack and integer overflows) in the
Xpm
library code that parses image files
***************
*** 248,254 ****
A source code patch exists which remedies this problem.
-
! 018: SECURITY FIX: September 10, 2004 All architectures
httpd(8)
's mod_rewrite module can be made to write one zero byte in an arbitrary memory
position outside of a char array, causing a DoS or possibly buffer overflows.
--- 263,270 ----
A source code patch exists which remedies this problem.
-
! 018: SECURITY FIX: September 10, 2004
! All architectures
httpd(8)
's mod_rewrite module can be made to write one zero byte in an arbitrary memory
position outside of a char array, causing a DoS or possibly buffer overflows.
***************
*** 259,265 ****
A source code patch exists which remedies this problem.
-
! 017: RELIABILITY FIX: August 29, 2004 All architectures
Due to incorrect error handling in zlib an attacker could potentially cause a Denial
of Service attack.
CAN-2004-0797
--- 275,282 ----
A source code patch exists which remedies this problem.
-
! 017: RELIABILITY FIX: August 29, 2004
! All architectures
Due to incorrect error handling in zlib an attacker could potentially cause a Denial
of Service attack.
CAN-2004-0797
***************
*** 269,275 ****
A source code patch exists which remedies this problem.
-
! 016: RELIABILITY FIX: August 26, 2004 All architectures
As
reported
by Vafa Izadinia
--- 286,293 ----
A source code patch exists which remedies this problem.
-
! 016: RELIABILITY FIX: August 26, 2004
! All architectures
As
reported
by Vafa Izadinia
***************
*** 280,286 ****
A source code patch exists which remedies this problem.
-
! 015: RELIABILITY FIX: August 25, 2004 All architectures
Improved verification of ICMP errors in order to minimize the impact of ICMP attacks
against TCP.
--- 298,305 ----
A source code patch exists which remedies this problem.
-
! 015: RELIABILITY FIX: August 25, 2004
! All architectures
Improved verification of ICMP errors in order to minimize the impact of ICMP attacks
against TCP.
***************
*** 290,296 ****
A source code patch exists which remedies this problem.
-
! 014: RELIABILITY FIX: July 25, 2004 All architectures
Under a certain network load the kernel can run out of stack space. This was
encountered in an environment using CARP on a VLAN interface. This issue initially
manifested itself as a FPU related crash on boot up.
--- 309,316 ----
A source code patch exists which remedies this problem.
-
! 014: RELIABILITY FIX: July 25, 2004
! All architectures
Under a certain network load the kernel can run out of stack space. This was
encountered in an environment using CARP on a VLAN interface. This issue initially
manifested itself as a FPU related crash on boot up.
***************
*** 299,305 ****
A source code patch exists which remedies this problem.
-
! 013: SECURITY FIX: June 12, 2004 All architectures
Multiple vulnerabilities have been found in
httpd(8)
/ mod_ssl.
--- 319,326 ----
A source code patch exists which remedies this problem.
-
! 013: SECURITY FIX: June 12, 2004
! All architectures
Multiple vulnerabilities have been found in
httpd(8)
/ mod_ssl.
***************
*** 312,318 ****
A source code patch exists which remedies this problem.
-
! 012: SECURITY FIX: June 10, 2004 All architectures
As
disclosed
by Thomas Walpuski
--- 333,340 ----
A source code patch exists which remedies this problem.
-
! 012: SECURITY FIX: June 10, 2004
! All architectures
As
disclosed
by Thomas Walpuski
***************
*** 324,330 ****
A source code patch exists which remedies this problem.
-
! 011: SECURITY FIX: June 9, 2004 All architectures
Multiple remote vulnerabilities have been found in the
cvs(1)
server that allow an attacker to crash the server or possibly execute arbitrary
--- 346,353 ----
A source code patch exists which remedies this problem.
-
! 011: SECURITY FIX: June 9, 2004
! All architectures
Multiple remote vulnerabilities have been found in the
cvs(1)
server that allow an attacker to crash the server or possibly execute arbitrary
***************
*** 334,340 ****
A source code patch exists which remedies this problem.
-
! 010: RELIABILITY FIX: June 9, 2004 All architectures
A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in
non-blocking mode for writing when there are no processes reading the FIFO.
One program affected by this is the qmail
--- 357,364 ----
A source code patch exists which remedies this problem.
-
! 010: RELIABILITY FIX: June 9, 2004
! All architectures
A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in
non-blocking mode for writing when there are no processes reading the FIFO.
One program affected by this is the qmail
***************
*** 344,350 ****
A source code patch exists which remedies this problem.
-
! 009: SECURITY FIX: May 30, 2004 All architectures
A flaw in the Kerberos V
kdc(8)
server could result in the administrator of a Kerberos realm having
--- 368,375 ----
A source code patch exists which remedies this problem.
-
! 009: SECURITY FIX: May 30, 2004
! All architectures
A flaw in the Kerberos V
kdc(8)
server could result in the administrator of a Kerberos realm having
***************
*** 358,364 ****
A source code patch exists which remedies this problem.
-
! 008: SECURITY FIX: May 26, 2004 All architectures
With the introduction of IPv6 code in
xdm(1),
one test on the 'requestPort' resource was deleted by accident. This
--- 383,390 ----
A source code patch exists which remedies this problem.
-
! 008: SECURITY FIX: May 26, 2004
! All architectures
With the introduction of IPv6 code in
xdm(1),
one test on the 'requestPort' resource was deleted by accident. This
***************
*** 371,377 ****
A source code patch exists which remedies this problem.
-
! 007: SECURITY FIX: May 20, 2004 All architectures
A heap overflow in the
cvs(1)
server has been discovered that can be exploited by clients sending
--- 397,404 ----
A source code patch exists which remedies this problem.
-
! 007: SECURITY FIX: May 20, 2004
! All architectures
A heap overflow in the
cvs(1)
server has been discovered that can be exploited by clients sending
***************
*** 382,402 ****
A source code patch exists which remedies this problem.
-
! 006: SECURITY FIX: May 13, 2004 All architectures
Check for integer overflow in procfs. Use of procfs is not recommended.
A source code patch exists which remedies this problem.
-
! 005: RELIABILITY FIX: May 6, 2004 All architectures
Reply to in-window SYN with a rate-limited ACK.
A source code patch exists which remedies this problem.
-
! 004: RELIABILITY FIX: May 5, 2004 All architectures
Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e.
siop(4),
trm(4),
--- 409,432 ----
A source code patch exists which remedies this problem.
-
! 006: SECURITY FIX: May 13, 2004
! All architectures
Check for integer overflow in procfs. Use of procfs is not recommended.
A source code patch exists which remedies this problem.
-
! 005: RELIABILITY FIX: May 6, 2004
! All architectures
Reply to in-window SYN with a rate-limited ACK.
A source code patch exists which remedies this problem.
-
! 004: RELIABILITY FIX: May 5, 2004
! All architectures
Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e.
siop(4),
trm(4),
***************
*** 407,413 ****
A source code patch exists which remedies this problem.
-
! 003: RELIABILITY FIX: May 5, 2004 All architectures
Under load "recent model"
gdt(4)
controllers will lock up.
--- 437,444 ----
A source code patch exists which remedies this problem.
-
! 003: RELIABILITY FIX: May 5, 2004
! All architectures
Under load "recent model"
gdt(4)
controllers will lock up.
***************
*** 416,422 ****
A source code patch exists which remedies this problem.
-
! 002: SECURITY FIX: May 5, 2004 All architectures
Pathname validation problems have been found in
cvs(1),
allowing malicious clients to create files outside the repository, allowing
--- 447,454 ----
A source code patch exists which remedies this problem.
-
! 002: SECURITY FIX: May 5, 2004
! All architectures
Pathname validation problems have been found in
cvs(1),
allowing malicious clients to create files outside the repository, allowing