=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata35.html,v retrieving revision 1.67 retrieving revision 1.68 diff -c -r1.67 -r1.68 *** www/errata35.html 2016/08/15 02:22:06 1.67 --- www/errata35.html 2016/10/16 19:11:29 1.68 *************** *** 70,76 ****

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

--- 70,76 ----

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

*************** *** 95,101 **** CAN-2005-0753 .
! A source code patch exists which remedies this problem.

--- 95,101 ---- CAN-2005-0753 .
! A source code patch exists which remedies this problem.

*************** *** 106,112 **** tcp(4) timestamps.
! A source code patch exists which remedies this problem.

--- 106,112 ---- tcp(4) timestamps.
! A source code patch exists which remedies this problem.

*************** *** 120,126 **** telnet(1) .
! A source code patch exists which remedies this problem.

--- 120,126 ---- telnet(1) .
! A source code patch exists which remedies this problem.

*************** *** 132,138 **** stack can lead to memory exhaustion or processing of TCP segments with invalid SACK options and cause a system crash.
! A source code patch exists which remedies this problem.

--- 132,138 ---- stack can lead to memory exhaustion or processing of TCP segments with invalid SACK options and cause a system crash.
! A source code patch exists which remedies this problem.

*************** *** 143,149 **** copy(9) functions to prevent their misuse.
! A source code patch exists which remedies this problem.

--- 143,149 ---- copy(9) functions to prevent their misuse.
! A source code patch exists which remedies this problem.

*************** *** 154,160 **** copy(9) functions to prevent their misuse.
! A source code patch exists which remedies this problem.

--- 154,160 ---- copy(9) functions to prevent their misuse.
! A source code patch exists which remedies this problem.

*************** *** 167,173 **** retransmit timeout. By sending packets with specific values in the TCP timestamp option, an attacker can cause a system panic.
! A source code patch exists which remedies this problem.

--- 167,173 ---- retransmit timeout. By sending packets with specific values in the TCP timestamp option, an attacker can cause a system panic.
! A source code patch exists which remedies this problem.

*************** *** 182,188 **** This would require enabling the XBitHack directive or server-side includes and making use of a malicious document.
! A source code patch exists which remedies this problem.

--- 182,188 ---- This would require enabling the XBitHack directive or server-side includes and making use of a malicious document.
! A source code patch exists which remedies this problem.

*************** *** 194,200 **** library function contains a memory management error, which causes failure to retrieve the current working directory if the path is very long.
! A source code patch exists which remedies this problem.

--- 194,200 ---- library function contains a memory management error, which causes failure to retrieve the current working directory if the path is very long.
! A source code patch exists which remedies this problem.

*************** *** 208,214 **** ipsec(4) credentials on a socket.
! A source code patch exists which remedies this problem.

--- 208,214 ---- ipsec(4) credentials on a socket.
! A source code patch exists which remedies this problem.

*************** *** 222,228 **** lynx(1) to exhaust memory and then crash when parsing such pages.
! A source code patch exists which remedies this problem.

--- 222,228 ---- lynx(1) to exhaust memory and then crash when parsing such pages.
! A source code patch exists which remedies this problem.

*************** *** 232,238 **** contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
! A source code patch exists which remedies this problem.

--- 232,238 ---- contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
! A source code patch exists which remedies this problem.

*************** *** 242,248 **** cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries.
! A source code patch exists which remedies this problem.

--- 242,248 ---- cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries.
! A source code patch exists which remedies this problem.

*************** *** 254,260 **** This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
! A source code patch exists which remedies this problem.

--- 254,260 ---- This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
! A source code patch exists which remedies this problem.

*************** *** 268,274 **** Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
! A source code patch exists which remedies this problem.

--- 268,274 ---- Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
! A source code patch exists which remedies this problem.

*************** *** 280,286 **** This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.
! A source code patch exists which remedies this problem.

--- 280,286 ---- This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.
! A source code patch exists which remedies this problem.

*************** *** 291,297 **** CAN-2004-0797 .
! A source code patch exists which remedies this problem.

--- 291,297 ---- CAN-2004-0797 .
! A source code patch exists which remedies this problem.

*************** *** 303,309 **** bridge(4) with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
! A source code patch exists which remedies this problem.

--- 303,309 ---- bridge(4) with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
! A source code patch exists which remedies this problem.

*************** *** 314,320 ****
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
! A source code patch exists which remedies this problem.

--- 314,320 ----
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
! A source code patch exists which remedies this problem.

*************** *** 324,330 **** encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up.
! A source code patch exists which remedies this problem.

--- 324,330 ---- encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up.
! A source code patch exists which remedies this problem.

*************** *** 338,344 **** CAN-2004-0488, CAN-2004-0492.
! A source code patch exists which remedies this problem.

--- 338,344 ---- CAN-2004-0488, CAN-2004-0492.
! A source code patch exists which remedies this problem.

*************** *** 351,357 **** is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
! A source code patch exists which remedies this problem.

--- 351,357 ---- is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
! A source code patch exists which remedies this problem.

*************** *** 362,368 **** server that allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
! A source code patch exists which remedies this problem.

--- 362,368 ---- server that allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
! A source code patch exists which remedies this problem.

*************** *** 373,379 **** One program affected by this is the qmail mail server which could go into an infinite loop and consume all CPU.
! A source code patch exists which remedies this problem.

--- 373,379 ---- One program affected by this is the qmail mail server which could go into an infinite loop and consume all CPU.
! A source code patch exists which remedies this problem.

*************** *** 388,394 **** more details see Heimdal's announcement.
! A source code patch exists which remedies this problem.

--- 388,394 ---- more details see Heimdal's announcement.
! A source code patch exists which remedies this problem.

*************** *** 402,408 **** XFree86 bugzilla for details.
! A source code patch exists which remedies this problem.

--- 402,408 ---- XFree86 bugzilla for details.
! A source code patch exists which remedies this problem.

*************** *** 414,420 **** malformed requests, enabling these clients to run arbitrary code with the same privileges as the CVS server program.
! A source code patch exists which remedies this problem.

--- 414,420 ---- malformed requests, enabling these clients to run arbitrary code with the same privileges as the CVS server program.
! A source code patch exists which remedies this problem.

*************** *** 422,428 **** All architectures
Check for integer overflow in procfs. Use of procfs is not recommended.
! A source code patch exists which remedies this problem.

--- 422,428 ---- All architectures
Check for integer overflow in procfs. Use of procfs is not recommended.
! A source code patch exists which remedies this problem.

*************** *** 430,436 **** All architectures
Reply to in-window SYN with a rate-limited ACK.
! A source code patch exists which remedies this problem.

--- 430,436 ---- All architectures
Reply to in-window SYN with a rate-limited ACK.
! A source code patch exists which remedies this problem.

*************** *** 442,448 **** iha(4) ).
! A source code patch exists which remedies this problem.

--- 442,448 ---- iha(4) ).
! A source code patch exists which remedies this problem.

*************** *** 452,458 **** gdt(4) controllers will lock up.
! A source code patch exists which remedies this problem.

--- 452,458 ---- gdt(4) controllers will lock up.
! A source code patch exists which remedies this problem.

*************** *** 465,471 **** the client and allowing clients to check out files outside the CVS repository.
! A source code patch exists which remedies this problem.

--- 465,471 ---- the client and allowing clients to check out files outside the CVS repository.
! A source code patch exists which remedies this problem.