===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata35.html,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- www/errata35.html 2014/03/31 04:11:40 1.49
+++ www/errata35.html 2014/03/31 16:02:48 1.50
@@ -78,7 +78,8 @@
-
-033: SECURITY FIX: April 28, 2005 All architectures
+033: SECURITY FIX: April 28, 2005
+ All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in
cvs(1)
. None of these issues are known to be exploitable.
@@ -90,7 +91,8 @@
-
-032: RELIABILITY FIX: April 4, 2005 All architectures
+032: RELIABILITY FIX: April 4, 2005
+ All architectures
Handle an edge condition in
tcp(4)
timestamps.
@@ -100,7 +102,8 @@
-
-031: SECURITY FIX: March 30, 2005 All architectures
+031: SECURITY FIX: March 30, 2005
+ All architectures
Due to buffer overflows in
telnet(1)
, a malicious server or man-in-the-middle attack could allow execution of
@@ -113,7 +116,8 @@
-
-030: RELIABILITY FIX: March 30, 2005 All architectures
+030: RELIABILITY FIX: March 30, 2005
+ All architectures
Bugs in the
tcp(4)
stack can lead to memory exhaustion or processing of TCP segments with
@@ -124,7 +128,8 @@
-
-029: SECURITY FIX: March 16, 2005 amd64 only
+029: SECURITY FIX: March 16, 2005
+ amd64 only
More stringent checking should be done in the
copy(9)
functions to prevent their misuse.
@@ -134,7 +139,8 @@
-
-028: SECURITY FIX: February 28, 2005 i386 only
+028: SECURITY FIX: February 28, 2005
+ i386 only
More stringent checking should be done in the
copy(9)
functions to prevent their misuse.
@@ -144,7 +150,8 @@
-
-027: RELIABILITY FIX: January 11, 2005 All architectures
+027: RELIABILITY FIX: January 11, 2005
+ All architectures
A bug in the
tcp(4)
stack allows an invalid argument to be used in calculating the TCP
@@ -156,7 +163,8 @@
-
-026: SECURITY FIX: January 12, 2005 All architectures
+026: SECURITY FIX: January 12, 2005
+ All architectures
httpd(8)
's mod_include module fails to properly validate the length of
user supplied tag strings prior to copying them to a local buffer,
@@ -170,7 +178,8 @@
-
-025: RELIABILITY FIX: January 6, 2005 All architectures
+025: RELIABILITY FIX: January 6, 2005
+ All architectures
The
getcwd(3)
library function contains a memory management error, which causes failure
@@ -181,7 +190,8 @@
-
-024: SECURITY FIX: December 14, 2004 All architectures
+024: SECURITY FIX: December 14, 2004
+ All architectures
On systems running
isakmpd(8)
it is possible for a local user to cause kernel memory corruption
@@ -193,7 +203,8 @@
A source code patch exists which remedies this problem.
-
-023: RELIABILITY FIX: November 10, 2004 All architectures
+023: RELIABILITY FIX: November 10, 2004
+ All architectures
Due to a bug in
lynx(1)
it is possible for pages such as
@@ -206,7 +217,8 @@
A source code patch exists which remedies this problem.
-
-022: RELIABILITY FIX: November 10, 2004 All architectures
+022: RELIABILITY FIX: November 10, 2004
+ All architectures
pppd(8)
contains a bug that allows an attacker to crash his own connection, but it cannot
be used to deny service to other users.
@@ -215,7 +227,8 @@
A source code patch exists which remedies this problem.
-
-021: RELIABILITY FIX: November 10, 2004 All architectures
+021: RELIABILITY FIX: November 10, 2004
+ All architectures
BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in
cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
thus slow DNS queries.
@@ -224,7 +237,8 @@
A source code patch exists which remedies this problem.
-
-020: SECURITY FIX: September 20, 2004 All architectures
+020: SECURITY FIX: September 20, 2004
+ All architectures
Eilko Bos reported that radius authentication, as implemented by
login_radius(8),
was not checking the shared secret used for replies sent by the radius server.
@@ -235,7 +249,8 @@
A source code patch exists which remedies this problem.
-
-019: SECURITY FIX: September 16, 2004 All architectures
+019: SECURITY FIX: September 16, 2004
+ All architectures
Chris Evans reported several flaws (stack and integer overflows) in the
Xpm
library code that parses image files
@@ -248,7 +263,8 @@
A source code patch exists which remedies this problem.
-
-018: SECURITY FIX: September 10, 2004 All architectures
+018: SECURITY FIX: September 10, 2004
+ All architectures
httpd(8)
's mod_rewrite module can be made to write one zero byte in an arbitrary memory
position outside of a char array, causing a DoS or possibly buffer overflows.
@@ -259,7 +275,8 @@
A source code patch exists which remedies this problem.
-
-017: RELIABILITY FIX: August 29, 2004 All architectures
+017: RELIABILITY FIX: August 29, 2004
+ All architectures
Due to incorrect error handling in zlib an attacker could potentially cause a Denial
of Service attack.
CAN-2004-0797
@@ -269,7 +286,8 @@
A source code patch exists which remedies this problem.
-
-016: RELIABILITY FIX: August 26, 2004 All architectures
+016: RELIABILITY FIX: August 26, 2004
+ All architectures
As
reported
by Vafa Izadinia
@@ -280,7 +298,8 @@
A source code patch exists which remedies this problem.
-
-015: RELIABILITY FIX: August 25, 2004 All architectures
+015: RELIABILITY FIX: August 25, 2004
+ All architectures
Improved verification of ICMP errors in order to minimize the impact of ICMP attacks
against TCP.
@@ -290,7 +309,8 @@
A source code patch exists which remedies this problem.
-
-014: RELIABILITY FIX: July 25, 2004 All architectures
+014: RELIABILITY FIX: July 25, 2004
+ All architectures
Under a certain network load the kernel can run out of stack space. This was
encountered in an environment using CARP on a VLAN interface. This issue initially
manifested itself as a FPU related crash on boot up.
@@ -299,7 +319,8 @@
A source code patch exists which remedies this problem.
-
-013: SECURITY FIX: June 12, 2004 All architectures
+013: SECURITY FIX: June 12, 2004
+ All architectures
Multiple vulnerabilities have been found in
httpd(8)
/ mod_ssl.
@@ -312,7 +333,8 @@
A source code patch exists which remedies this problem.
-
-012: SECURITY FIX: June 10, 2004 All architectures
+012: SECURITY FIX: June 10, 2004
+ All architectures
As
disclosed
by Thomas Walpuski
@@ -324,7 +346,8 @@
A source code patch exists which remedies this problem.
-
-011: SECURITY FIX: June 9, 2004 All architectures
+011: SECURITY FIX: June 9, 2004
+ All architectures
Multiple remote vulnerabilities have been found in the
cvs(1)
server that allow an attacker to crash the server or possibly execute arbitrary
@@ -334,7 +357,8 @@
A source code patch exists which remedies this problem.
-
-010: RELIABILITY FIX: June 9, 2004 All architectures
+010: RELIABILITY FIX: June 9, 2004
+ All architectures
A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in
non-blocking mode for writing when there are no processes reading the FIFO.
One program affected by this is the qmail
@@ -344,7 +368,8 @@
A source code patch exists which remedies this problem.
-
-009: SECURITY FIX: May 30, 2004 All architectures
+009: SECURITY FIX: May 30, 2004
+ All architectures
A flaw in the Kerberos V
kdc(8)
server could result in the administrator of a Kerberos realm having
@@ -358,7 +383,8 @@
A source code patch exists which remedies this problem.
-
-008: SECURITY FIX: May 26, 2004 All architectures
+008: SECURITY FIX: May 26, 2004
+ All architectures
With the introduction of IPv6 code in
xdm(1),
one test on the 'requestPort' resource was deleted by accident. This
@@ -371,7 +397,8 @@
A source code patch exists which remedies this problem.
-
-007: SECURITY FIX: May 20, 2004 All architectures
+007: SECURITY FIX: May 20, 2004
+ All architectures
A heap overflow in the
cvs(1)
server has been discovered that can be exploited by clients sending
@@ -382,21 +409,24 @@
A source code patch exists which remedies this problem.
-
-006: SECURITY FIX: May 13, 2004 All architectures
+006: SECURITY FIX: May 13, 2004
+ All architectures
Check for integer overflow in procfs. Use of procfs is not recommended.
A source code patch exists which remedies this problem.
-
-005: RELIABILITY FIX: May 6, 2004 All architectures
+005: RELIABILITY FIX: May 6, 2004
+ All architectures
Reply to in-window SYN with a rate-limited ACK.
A source code patch exists which remedies this problem.
-
-004: RELIABILITY FIX: May 5, 2004 All architectures
+004: RELIABILITY FIX: May 5, 2004
+ All architectures
Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e.
siop(4),
trm(4),
@@ -407,7 +437,8 @@
A source code patch exists which remedies this problem.
-
-003: RELIABILITY FIX: May 5, 2004 All architectures
+003: RELIABILITY FIX: May 5, 2004
+ All architectures
Under load "recent model"
gdt(4)
controllers will lock up.
@@ -416,7 +447,8 @@
A source code patch exists which remedies this problem.
-
-002: SECURITY FIX: May 5, 2004 All architectures
+002: SECURITY FIX: May 5, 2004
+ All architectures
Pathname validation problems have been found in
cvs(1),
allowing malicious clients to create files outside the repository, allowing