=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata35.html,v retrieving revision 1.46 retrieving revision 1.47 diff -u -r1.46 -r1.47 --- www/errata35.html 2014/03/28 03:04:30 1.46 +++ www/errata35.html 2014/03/31 03:12:47 1.47 @@ -6,7 +6,6 @@ - @@ -65,13 +64,16 @@ You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. +

-

The patches below are available in CVS via the +The patches below are available in CVS via the OPENBSD_3_5 patch branch. -

+ For more detailed information on how to install patches to OpenBSD, please consult the OpenBSD FAQ. +

+

@@ -86,7 +88,7 @@ .
-A source code patch exists which remedies this problem.
+A source code patch exists which remedies this problem.

  • @@ -96,7 +98,7 @@ timestamps.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • @@ -109,7 +111,7 @@ .
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • @@ -120,7 +122,7 @@ invalid SACK options and cause a system crash.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

    @@ -133,7 +135,7 @@ timestamp option, an attacker can cause a system panic.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • @@ -147,7 +149,7 @@ includes and making use of a malicious document.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • @@ -158,7 +160,7 @@ to retrieve the current working directory if the path is very long.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • @@ -171,7 +173,7 @@ credentials on a socket.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 023: RELIABILITY FIX: November 10, 2004
    @@ -184,7 +186,7 @@ to exhaust memory and then crash when parsing such pages.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 022: RELIABILITY FIX: November 10, 2004
    @@ -193,7 +195,7 @@ be used to deny service to other users.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 021: RELIABILITY FIX: November 10, 2004
    @@ -202,7 +204,7 @@ thus slow DNS queries.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 020: SECURITY FIX: September 20, 2004
    @@ -213,7 +215,7 @@ attacker. Note that OpenBSD does not ship with radius authentication enabled.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 019: SECURITY FIX: September 16, 2004
    @@ -226,7 +228,7 @@ an application that handles XPM images, if they could escape ProPolice.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 018: SECURITY FIX: September 10, 2004
    @@ -237,7 +239,7 @@ dbm file.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 017: RELIABILITY FIX: August 29, 2004
    @@ -247,7 +249,7 @@ .
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 016: RELIABILITY FIX: August 26, 2004
    @@ -258,7 +260,7 @@ with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 015: RELIABILITY FIX: August 25, 2004
    @@ -268,7 +270,7 @@ http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 014: RELIABILITY FIX: July 25, 2004
    @@ -277,7 +279,7 @@ manifested itself as a FPU related crash on boot up.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 013: SECURITY FIX: June 12, 2004
    @@ -290,7 +292,7 @@ CAN-2004-0492.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 012: SECURITY FIX: June 10, 2004
    @@ -302,7 +304,7 @@ tunnels at will.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 011: SECURITY FIX: June 9, 2004
    @@ -312,7 +314,7 @@ code with the same privileges as the CVS server program.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • 010: RELIABILITY FIX: June 9, 2004
    @@ -322,13 +324,12 @@ mail server which could go into an infinite loop and consume all CPU.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -009: SECURITY FIX: May 30, -2004
    -A flaw in the Kerberos V kdc(8) +009: SECURITY FIX: May 30, 2004
    +A flaw in the Kerberos V +kdc(8) server could result in the administrator of a Kerberos realm having the ability to impersonate any principal in any other realm which has established a cross-realm trust with their realm. The flaw is due to @@ -336,29 +337,24 @@ more details see Heimdal's announcement.
    - -A source code patch exists which remedies this problem.
    + +A source code patch exists which remedies this problem.

  • -008: SECURITY FIX: May 26, -2004
    +008: SECURITY FIX: May 26, 2004
    With the introduction of IPv6 code in -xdm(1), +xdm(1), one test on the 'requestPort' resource was deleted by accident. This makes xdm create the chooser socket even if xdmcp is disabled in xdm-config, by setting requestPort to 0. See XFree86 bugzilla for details.
    - -A source code patch exists which remedies this problem.
    + +A source code patch exists which remedies this problem.

  • -007: SECURITY FIX: May 20, -2004
    +007: SECURITY FIX: May 20, 2004
    A heap overflow in the cvs(1) server has been discovered that can be exploited by clients sending @@ -366,27 +362,24 @@ with the same privileges as the CVS server program.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -006: SECURITY FIX: May 13, -2004
    +006: SECURITY FIX: May 13, 2004
    Check for integer overflow in procfs. Use of procfs is not recommended.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -005: RELIABILITY FIX: May 6, -2004
    +005: RELIABILITY FIX: May 6, 2004
    Reply to in-window SYN with a rate-limited ACK.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -004: RELIABILITY FIX: May 5, -2004
    +004: RELIABILITY FIX: May 5, 2004
    Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e. siop(4), trm(4), @@ -394,21 +387,19 @@ ).
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -003: RELIABILITY FIX: May 5, -2004
    +003: RELIABILITY FIX: May 5, 2004
    Under load "recent model" gdt(4) controllers will lock up.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

  • -002: SECURITY FIX: May 5, -2004
    +002: SECURITY FIX: May 5, 2004
    Pathname validation problems have been found in cvs(1), allowing malicious clients to create files outside the repository, allowing @@ -417,7 +408,7 @@ repository.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

    @@ -431,16 +422,10 @@ functions to prevent their misuse.
    -A source code patch exists which remedies this problem.
    +A source code patch exists which remedies this problem.

    - -

    alpha

    - -

    amd64

    - -

    cats

    - -

    - -

    mac68k

    - -

    - -

    sparc

    - -

    - -

    sparc64

    - -

    - -

    hppa

    - -

    - -

    hp300

    - -

    - -

    mvme68k

    - -

    - -

    mvme88k

    - -

    macppc

    - -

    vax

    -