=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata36.html,v retrieving revision 1.45 retrieving revision 1.46 diff -c -r1.45 -r1.46 *** www/errata36.html 2016/03/21 05:46:20 1.45 --- www/errata36.html 2016/03/22 10:54:42 1.46 *************** *** 88,94 **** 020: SECURITY FIX: July 21, 2005   All architectures
A buffer overflow has been found in ! compress(3) which may be exploitable.
Please note that this fixes a different buffer overflow than the previous zlib patch.
--- 88,94 ---- 020: SECURITY FIX: July 21, 2005   All architectures
A buffer overflow has been found in ! compress(3) which may be exploitable.
Please note that this fixes a different buffer overflow than the previous zlib patch.
*************** *** 100,106 **** 019: SECURITY FIX: July 6, 2005   All architectures
A buffer overflow has been found in ! compress(3) which may be exploitable.
--- 100,106 ---- 019: SECURITY FIX: July 6, 2005   All architectures
A buffer overflow has been found in ! compress(3) which may be exploitable.
*************** *** 111,117 **** 018: SECURITY FIX: June 20, 2005   All architectures
Due to a race condition in its command pathname handling, a user with ! sudo(8) privileges may be able to run arbitrary commands if the user's entry is followed by an entry that grants sudo ALL privileges to another user. --- 111,117 ---- 018: SECURITY FIX: June 20, 2005   All architectures
Due to a race condition in its command pathname handling, a user with ! sudo(8) privileges may be able to run arbitrary commands if the user's entry is followed by an entry that grants sudo ALL privileges to another user. *************** *** 124,132 **** 017: RELIABILITY FIX: June 15, 2005   All architectures
As discovered by Stefan Miltchev calling ! getsockopt(2) to get ! ipsec(4) credentials for a socket can result in a kernel panic.
--- 124,132 ---- 017: RELIABILITY FIX: June 15, 2005   All architectures
As discovered by Stefan Miltchev calling ! getsockopt(2) to get ! ipsec(4) credentials for a socket can result in a kernel panic.
*************** *** 137,143 **** 016: SECURITY FIX: April 28, 2005   All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in ! cvs(1) . None of these issues are known to be exploitable. CAN-2005-0753 . --- 137,143 ---- 016: SECURITY FIX: April 28, 2005   All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in ! cvs(1) . None of these issues are known to be exploitable. CAN-2005-0753 . *************** *** 150,156 **** 015: RELIABILITY FIX: April 4, 2005   All architectures
Handle an edge condition in ! tcp(4) timestamps.
--- 150,156 ---- 015: RELIABILITY FIX: April 4, 2005   All architectures
Handle an edge condition in ! tcp(4) timestamps.
*************** *** 161,172 **** 014: SECURITY FIX: March 30, 2005   All architectures
Due to buffer overflows in ! telnet(1), a malicious server or man-in-the-middle attack could allow execution of arbitrary code with the privileges of the user invoking ! telnet(1). Noone should use telnet anymore. Please use ! ssh(1).
A source code patch exists which remedies this problem. --- 161,172 ---- 014: SECURITY FIX: March 30, 2005   All architectures
Due to buffer overflows in ! telnet(1), a malicious server or man-in-the-middle attack could allow execution of arbitrary code with the privileges of the user invoking ! telnet(1). Noone should use telnet anymore. Please use ! ssh(1).
A source code patch exists which remedies this problem. *************** *** 176,182 **** 013: RELIABILITY FIX: March 30, 2005   All architectures
Bugs in the ! tcp(4) stack can lead to memory exhaustion or processing of TCP segments with invalid SACK options and cause a system crash.
--- 176,182 ---- 013: RELIABILITY FIX: March 30, 2005   All architectures
Bugs in the ! tcp(4) stack can lead to memory exhaustion or processing of TCP segments with invalid SACK options and cause a system crash.
*************** *** 188,194 **** 012: SECURITY FIX: March 16, 2005   amd64 only
More stringent checking should be done in the ! copy(9) functions to prevent their misuse.
--- 188,194 ---- 012: SECURITY FIX: March 16, 2005   amd64 only
More stringent checking should be done in the ! copy(9) functions to prevent their misuse.
*************** *** 199,205 **** 011: SECURITY FIX: February 28, 2005   i386 only
More stringent checking should be done in the ! copy(9) functions to prevent their misuse.
--- 199,205 ---- 011: SECURITY FIX: February 28, 2005   i386 only
More stringent checking should be done in the ! copy(9) functions to prevent their misuse.
*************** *** 210,216 **** 010: RELIABILITY FIX: January 11, 2005   All architectures
A bug in the ! tcp(4) stack allows an invalid argument to be used in calculating the TCP retransmit timeout. By sending packets with specific values in the TCP timestamp option, an attacker can cause a system panic. --- 210,216 ---- 010: RELIABILITY FIX: January 11, 2005   All architectures
A bug in the ! tcp(4) stack allows an invalid argument to be used in calculating the TCP retransmit timeout. By sending packets with specific values in the TCP timestamp option, an attacker can cause a system panic. *************** *** 222,228 ****
  • 009: SECURITY FIX: January 12, 2005   All architectures
    ! httpd(8) 's mod_include module fails to properly validate the length of user supplied tag strings prior to copying them to a local buffer, causing a buffer overflow. --- 222,228 ----
  • 009: SECURITY FIX: January 12, 2005   All architectures
    ! httpd(8) 's mod_include module fails to properly validate the length of user supplied tag strings prior to copying them to a local buffer, causing a buffer overflow. *************** *** 238,244 **** 008: RELIABILITY FIX: January 6, 2005   All architectures
    The ! getcwd(3) library function contains a memory management error, which causes failure to retrieve the current working directory if the path is very long.
    --- 238,244 ---- 008: RELIABILITY FIX: January 6, 2005   All architectures
    The ! getcwd(3) library function contains a memory management error, which causes failure to retrieve the current working directory if the path is very long.
    *************** *** 250,259 **** 007: SECURITY FIX: December 14, 2004   All architectures
    On systems running ! isakmpd(8) it is possible for a local user to cause kernel memory corruption and system panic by setting ! ipsec(4) credentials on a socket.
    --- 250,259 ---- 007: SECURITY FIX: December 14, 2004   All architectures
    On systems running !     isakmpd(8) it is possible for a local user to cause kernel memory corruption and system panic by setting ! ipsec(4) credentials on a socket.
    *************** *** 264,270 **** 006: RELIABILITY FIX: November 21, 2004   All architectures
    Fix for transmit side breakage on macppc and mbuf leaks with !     xl(4).
    A source code patch exists which remedies this problem. --- 264,270 ---- 006: RELIABILITY FIX: November 21, 2004   All architectures
    Fix for transmit side breakage on macppc and mbuf leaks with ! xl(4).
    A source code patch exists which remedies this problem. *************** *** 274,280 **** 005: RELIABILITY FIX: November 21, 2004   All architectures
    Wrong calculation of NAT-D payloads may cause interoperability problems between ! isakmpd(8) and other ISAKMP/IKE implementations.
    --- 274,280 ---- 005: RELIABILITY FIX: November 21, 2004   All architectures
    Wrong calculation of NAT-D payloads may cause interoperability problems between !     isakmpd(8) and other ISAKMP/IKE implementations.
    *************** *** 285,295 **** 004: RELIABILITY FIX: November 10, 2004   All architectures
    Due to a bug in !     lynx(1) it is possible for pages such as this to cause ! lynx(1) to exhaust memory and then crash when parsing such pages.
    --- 285,295 ---- 004: RELIABILITY FIX: November 10, 2004   All architectures
    Due to a bug in !     lynx(1) it is possible for pages such as this to cause ! lynx(1) to exhaust memory and then crash when parsing such pages.
    *************** *** 299,305 ****
  • 003: RELIABILITY FIX: November 10, 2004   All architectures
    !     pppd(8) contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
    --- 299,305 ----
  • 003: RELIABILITY FIX: November 10, 2004   All architectures
    ! pppd(8) contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
    *************** *** 322,328 **** 001: RELIABILITY FIX: November 10, 2004   All architectures
    Fix detection of tape blocksize during device open. Corrects problem with ! restore(8).
    A source code patch exists which remedies this problem. --- 322,328 ---- 001: RELIABILITY FIX: November 10, 2004   All architectures
    Fix detection of tape blocksize during device open. Corrects problem with ! restore(8).
    A source code patch exists which remedies this problem.