===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata35.html,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- www/errata35.html 2010/03/08 21:53:37 1.35
+++ www/errata35.html 2010/07/08 19:00:07 1.36
@@ -54,7 +54,7 @@
-
+
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
@@ -77,7 +77,7 @@
CAN-2005-0753
.
-
+
A source code patch exists which remedies this problem.
@@ -87,7 +87,7 @@
tcp(4)
timestamps.
-
+
A source code patch exists which remedies this problem.
@@ -100,7 +100,7 @@
telnet(1)
.
-
+
A source code patch exists which remedies this problem.
@@ -111,7 +111,7 @@
stack can lead to memory exhaustion or processing of TCP segments with
invalid SACK options and cause a system crash.
-
+
A source code patch exists which remedies this problem.
@@ -124,7 +124,7 @@
retransmit timeout. By sending packets with specific values in the TCP
timestamp option, an attacker can cause a system panic.
-
+
A source code patch exists which remedies this problem.
@@ -138,7 +138,7 @@
This would require enabling the XBitHack directive or server-side
includes and making use of a malicious document.
-
+
A source code patch exists which remedies this problem.
@@ -149,7 +149,7 @@
library function contains a memory management error, which causes failure
to retrieve the current working directory if the path is very long.
-
+
A source code patch exists which remedies this problem.
@@ -162,7 +162,7 @@
ipsec(4)
credentials on a socket.
-
+
A source code patch exists which remedies this problem.
@@ -175,7 +175,7 @@
lynx(1)
to exhaust memory and then crash when parsing such pages.
-
+
A source code patch exists which remedies this problem.
@@ -184,7 +184,7 @@
contains a bug that allows an attacker to crash his own connection, but it cannot
be used to deny service to other users.
-
+
A source code patch exists which remedies this problem.
@@ -193,7 +193,7 @@
cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
thus slow DNS queries.
-
+
A source code patch exists which remedies this problem.
@@ -204,7 +204,7 @@
This could allow an attacker to spoof a reply granting access to the
attacker. Note that OpenBSD does not ship with radius authentication enabled.
-
+
A source code patch exists which remedies this problem.
@@ -217,7 +217,7 @@
Some of these would be exploitable when parsing malicious image files in
an application that handles XPM images, if they could escape ProPolice.
-
+
A source code patch exists which remedies this problem.
@@ -228,7 +228,7 @@
This would require enabling dbm for mod_rewrite and making use of a malicious
dbm file.
-
+
A source code patch exists which remedies this problem.
@@ -238,7 +238,7 @@
CAN-2004-0797
.
-
+
A source code patch exists which remedies this problem.
@@ -249,7 +249,7 @@
bridge(4)
with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
-
+
A source code patch exists which remedies this problem.
@@ -259,7 +259,7 @@
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
-
+
A source code patch exists which remedies this problem.
@@ -268,7 +268,7 @@
encountered in an environment using CARP on a VLAN interface. This issue initially
manifested itself as a FPU related crash on boot up.
-
+
A source code patch exists which remedies this problem.
@@ -281,7 +281,7 @@
CAN-2004-0488,
CAN-2004-0492.
-
+
A source code patch exists which remedies this problem.
@@ -293,7 +293,7 @@
is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec
tunnels at will.
-
+
A source code patch exists which remedies this problem.
@@ -303,7 +303,7 @@
server that allow an attacker to crash the server or possibly execute arbitrary
code with the same privileges as the CVS server program.
-
+
A source code patch exists which remedies this problem.
@@ -313,7 +313,7 @@
One program affected by this is the qmail
mail server which could go into an infinite loop and consume all CPU.
-
+
A source code patch exists which remedies this problem.
@@ -329,7 +329,7 @@
Heimdal's announcement.
+href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/009_kerberos.patch">
A source code patch exists which remedies this problem.
@@ -345,7 +345,7 @@
bugzilla for details.
+href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/008_xdm.patch">
A source code patch exists which remedies this problem.
@@ -357,7 +357,7 @@
malformed requests, enabling these clients to run arbitrary code
with the same privileges as the CVS server program.
-
+
A source code patch exists which remedies this problem.
@@ -365,7 +365,7 @@
2004
Check for integer overflow in procfs. Use of procfs is not recommended.
-
+
A source code patch exists which remedies this problem.
@@ -373,7 +373,7 @@
2004
Reply to in-window SYN with a rate-limited ACK.
-
+
A source code patch exists which remedies this problem.
@@ -385,7 +385,7 @@
iha(4)
).
-
+
A source code patch exists which remedies this problem.
@@ -395,7 +395,7 @@
gdt(4)
controllers will lock up.
-
+
A source code patch exists which remedies this problem.
@@ -408,7 +408,7 @@
the client and allowing clients to check out files outside the CVS
repository.
-
+
A source code patch exists which remedies this problem.
@@ -422,7 +422,7 @@
copy(9)
functions to prevent their misuse.
-
+
A source code patch exists which remedies this problem.
@@ -442,7 +442,7 @@
copy(9)
functions to prevent their misuse.
-
+
A source code patch exists which remedies this problem.
@@ -551,7 +551,7 @@
www@openbsd.org
-
$OpenBSD: errata35.html,v 1.35 2010/03/08 21:53:37 deraadt Exp $
+
$OpenBSD: errata35.html,v 1.36 2010/07/08 19:00:07 sthen Exp $