=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata35.html,v retrieving revision 1.67 retrieving revision 1.68 diff -u -r1.67 -r1.68 --- www/errata35.html 2016/08/15 02:22:06 1.67 +++ www/errata35.html 2016/10/16 19:11:29 1.68 @@ -70,7 +70,7 @@
- + You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

@@ -95,7 +95,7 @@ CAN-2005-0753 .
- + A source code patch exists which remedies this problem.

@@ -106,7 +106,7 @@ tcp(4) timestamps.
- + A source code patch exists which remedies this problem.

@@ -120,7 +120,7 @@ telnet(1) .
- + A source code patch exists which remedies this problem.

@@ -132,7 +132,7 @@ stack can lead to memory exhaustion or processing of TCP segments with invalid SACK options and cause a system crash.
- + A source code patch exists which remedies this problem.

@@ -143,7 +143,7 @@ copy(9) functions to prevent their misuse.
- + A source code patch exists which remedies this problem.

@@ -154,7 +154,7 @@ copy(9) functions to prevent their misuse.
- + A source code patch exists which remedies this problem.

@@ -167,7 +167,7 @@ retransmit timeout. By sending packets with specific values in the TCP timestamp option, an attacker can cause a system panic.
- + A source code patch exists which remedies this problem.

@@ -182,7 +182,7 @@ This would require enabling the XBitHack directive or server-side includes and making use of a malicious document.
- + A source code patch exists which remedies this problem.

@@ -194,7 +194,7 @@ library function contains a memory management error, which causes failure to retrieve the current working directory if the path is very long.
- + A source code patch exists which remedies this problem.

@@ -208,7 +208,7 @@ ipsec(4) credentials on a socket.
- + A source code patch exists which remedies this problem.

  • @@ -222,7 +222,7 @@ lynx(1) to exhaust memory and then crash when parsing such pages.
    - + A source code patch exists which remedies this problem.

  • @@ -232,7 +232,7 @@ contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
    - + A source code patch exists which remedies this problem.

  • @@ -242,7 +242,7 @@ cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and thus slow DNS queries.
    - + A source code patch exists which remedies this problem.

  • @@ -254,7 +254,7 @@ This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
    - + A source code patch exists which remedies this problem.

  • @@ -268,7 +268,7 @@ Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
    - + A source code patch exists which remedies this problem.

  • @@ -280,7 +280,7 @@ This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.
    - + A source code patch exists which remedies this problem.

  • @@ -291,7 +291,7 @@ CAN-2004-0797 .
    - + A source code patch exists which remedies this problem.

  • @@ -303,7 +303,7 @@ bridge(4) with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
    - + A source code patch exists which remedies this problem.

  • @@ -314,7 +314,7 @@
    http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
    - + A source code patch exists which remedies this problem.

  • @@ -324,7 +324,7 @@ encountered in an environment using CARP on a VLAN interface. This issue initially manifested itself as a FPU related crash on boot up.
    - + A source code patch exists which remedies this problem.

  • @@ -338,7 +338,7 @@ CAN-2004-0488, CAN-2004-0492.
    - + A source code patch exists which remedies this problem.

  • @@ -351,7 +351,7 @@ is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
    - + A source code patch exists which remedies this problem.

  • @@ -362,7 +362,7 @@ server that allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
    - + A source code patch exists which remedies this problem.

  • @@ -373,7 +373,7 @@ One program affected by this is the qmail mail server which could go into an infinite loop and consume all CPU.
    - + A source code patch exists which remedies this problem.

  • @@ -388,7 +388,7 @@ more details see Heimdal's announcement.
    - + A source code patch exists which remedies this problem.

  • @@ -402,7 +402,7 @@ XFree86 bugzilla for details.
    - + A source code patch exists which remedies this problem.

  • @@ -414,7 +414,7 @@ malformed requests, enabling these clients to run arbitrary code with the same privileges as the CVS server program.
    - + A source code patch exists which remedies this problem.

  • @@ -422,7 +422,7 @@   All architectures
    Check for integer overflow in procfs. Use of procfs is not recommended.
    - + A source code patch exists which remedies this problem.

  • @@ -430,7 +430,7 @@   All architectures
    Reply to in-window SYN with a rate-limited ACK.
    - + A source code patch exists which remedies this problem.

  • @@ -442,7 +442,7 @@ iha(4) ).
    - + A source code patch exists which remedies this problem.

  • @@ -452,7 +452,7 @@ gdt(4) controllers will lock up.
    - + A source code patch exists which remedies this problem.

  • @@ -465,7 +465,7 @@ the client and allowing clients to check out files outside the CVS repository.
    - + A source code patch exists which remedies this problem.