===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata36.html,v
retrieving revision 1.61
retrieving revision 1.62
diff -c -r1.61 -r1.62
*** www/errata36.html 2019/05/27 22:55:19 1.61
--- www/errata36.html 2019/05/28 16:32:42 1.62
***************
*** 85,209 ****
! -
! 020: SECURITY FIX: July 21, 2005
All architectures
! A buffer overflow has been found in
! compress(3)
! which may be exploitable.
! Please note that this fixes a different buffer overflow than the previous zlib patch.
!
A source code patch exists which remedies this problem.
!
-
! 019: SECURITY FIX: July 6, 2005
All architectures
! A buffer overflow has been found in
! compress(3)
! which may be exploitable.
!
A source code patch exists which remedies this problem.
!
-
! 018: SECURITY FIX: June 20, 2005
All architectures
! Due to a race condition in its command pathname handling, a user with
! sudo(8)
! privileges may be able to run arbitrary commands if the user's entry
! is followed by an entry that grants sudo ALL
privileges to
! another user.
!
A source code patch exists which remedies this problem.
!
-
! 017: RELIABILITY FIX: June 15, 2005
All architectures
! As discovered by Stefan Miltchev calling
! getsockopt(2)
! to get
! ipsec(4)
! credentials for a socket can result in a kernel panic.
!
A source code patch exists which remedies this problem.
!
-
! 016: SECURITY FIX: April 28, 2005
All architectures
! Fix a buffer overflow, memory leaks, and NULL pointer dereference in
! cvs(1)
! . None of these issues are known to be exploitable.
! CAN-2005-0753
! .
!
A source code patch exists which remedies this problem.
!
-
! 015: RELIABILITY FIX: April 4, 2005
All architectures
! Handle an edge condition in
! tcp(4)
! timestamps.
!
A source code patch exists which remedies this problem.
!
-
! 014: SECURITY FIX: March 30, 2005
All architectures
! Due to buffer overflows in
! telnet(1),
! a malicious server or man-in-the-middle attack could allow execution of
! arbitrary code with the privileges of the user invoking
! telnet(1).
! Noone should use telnet anymore. Please use
! ssh(1).
!
A source code patch exists which remedies this problem.
!
-
! 013: RELIABILITY FIX: March 30, 2005
All architectures
! Bugs in the
! tcp(4)
! stack can lead to memory exhaustion or processing of TCP segments with
! invalid SACK options and cause a system crash.
!
A source code patch exists which remedies this problem.
!
-
! 012: SECURITY FIX: March 16, 2005
! amd64 only
! More stringent checking should be done in the
! copy(9)
! functions to prevent their misuse.
!
! A source code patch exists which remedies this problem.
!
!
!
-
! 011: SECURITY FIX: February 28, 2005
! i386 only
! More stringent checking should be done in the
! copy(9)
! functions to prevent their misuse.
!
A source code patch exists which remedies this problem.
--- 85,196 ----
! -
! 001: RELIABILITY FIX: November 10, 2004
All architectures
! Fix detection of tape blocksize during device open. Corrects problem with
! restore(8).
!
A source code patch exists which remedies this problem.
!
-
! 002: RELIABILITY FIX: November 10, 2004
All architectures
! BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in
! cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
! thus slow DNS queries.
!
A source code patch exists which remedies this problem.
!
-
! 003: RELIABILITY FIX: November 10, 2004
All architectures
! pppd(8)
! contains a bug that allows an attacker to crash his own connection, but it cannot
! be used to deny service to other users.
!
A source code patch exists which remedies this problem.
!
-
! 004: RELIABILITY FIX: November 10, 2004
All architectures
! Due to a bug in
! lynx(1)
! it is possible for pages such as
! this
! to cause
! lynx(1)
! to exhaust memory and then crash when parsing such pages.
!
A source code patch exists which remedies this problem.
!
-
! 005: RELIABILITY FIX: November 21, 2004
All architectures
! Wrong calculation of NAT-D payloads may cause interoperability problems between
! isakmpd(8)
! and other ISAKMP/IKE implementations.
!
A source code patch exists which remedies this problem.
!
-
! 006: RELIABILITY FIX: November 21, 2004
All architectures
! Fix for transmit side breakage on macppc and mbuf leaks with
! xl(4).
!
A source code patch exists which remedies this problem.
!
-
! 007: SECURITY FIX: December 14, 2004
All architectures
! On systems running
! isakmpd(8)
! it is possible for a local user to cause kernel memory corruption
! and system panic by setting
! ipsec(4)
! credentials on a socket.
!
A source code patch exists which remedies this problem.
!
-
! 008: RELIABILITY FIX: January 6, 2005
All architectures
! The
! getcwd(3)
! library function contains a memory management error, which causes failure
! to retrieve the current working directory if the path is very long.
!
A source code patch exists which remedies this problem.
!
-
! 009: SECURITY FIX: January 12, 2005
! All architectures
! httpd(8)
! 's mod_include module fails to properly validate the length of
! user supplied tag strings prior to copying them to a local buffer,
! causing a buffer overflow.
! This would require enabling the XBitHack directive or server-side
! includes and making use of a malicious document.
!
A source code patch exists which remedies this problem.
***************
*** 220,331 ****
A source code patch exists which remedies this problem.
!
-
! 009: SECURITY FIX: January 12, 2005
! All architectures
! httpd(8)
! 's mod_include module fails to properly validate the length of
! user supplied tag strings prior to copying them to a local buffer,
! causing a buffer overflow.
! This would require enabling the XBitHack directive or server-side
! includes and making use of a malicious document.
!
A source code patch exists which remedies this problem.
!
-
! 008: RELIABILITY FIX: January 6, 2005
All architectures
! The
! getcwd(3)
! library function contains a memory management error, which causes failure
! to retrieve the current working directory if the path is very long.
!
A source code patch exists which remedies this problem.
!
-
! 007: SECURITY FIX: December 14, 2004
All architectures
! On systems running
! isakmpd(8)
! it is possible for a local user to cause kernel memory corruption
! and system panic by setting
! ipsec(4)
! credentials on a socket.
!
A source code patch exists which remedies this problem.
!
-
! 006: RELIABILITY FIX: November 21, 2004
All architectures
! Fix for transmit side breakage on macppc and mbuf leaks with
! xl(4).
!
A source code patch exists which remedies this problem.
!
-
! 005: RELIABILITY FIX: November 21, 2004
All architectures
! Wrong calculation of NAT-D payloads may cause interoperability problems between
! isakmpd(8)
! and other ISAKMP/IKE implementations.
!
A source code patch exists which remedies this problem.
-
!
-
! 004: RELIABILITY FIX: November 10, 2004
All architectures
! Due to a bug in
! lynx(1)
! it is possible for pages such as
! this
! to cause
! lynx(1)
! to exhaust memory and then crash when parsing such pages.
!
A source code patch exists which remedies this problem.
!
-
! 003: RELIABILITY FIX: November 10, 2004
All architectures
! pppd(8)
! contains a bug that allows an attacker to crash his own connection, but it cannot
! be used to deny service to other users.
!
A source code patch exists which remedies this problem.
!
-
! 002: RELIABILITY FIX: November 10, 2004
All architectures
! BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in
! cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
! thus slow DNS queries.
!
A source code patch exists which remedies this problem.
!
-
! 001: RELIABILITY FIX: November 10, 2004
All architectures
! Fix detection of tape blocksize during device open. Corrects problem with
! restore(8).
!
A source code patch exists which remedies this problem.
--- 207,331 ----
A source code patch exists which remedies this problem.
!
-
! 011: SECURITY FIX: February 28, 2005
! i386 only
! More stringent checking should be done in the
! copy(9)
! functions to prevent their misuse.
!
! A source code patch exists which remedies this problem.
!
!
!
-
! 012: SECURITY FIX: March 16, 2005
! amd64 only
! More stringent checking should be done in the
! copy(9)
! functions to prevent their misuse.
!
A source code patch exists which remedies this problem.
!
-
! 013: RELIABILITY FIX: March 30, 2005
All architectures
! Bugs in the
! tcp(4)
! stack can lead to memory exhaustion or processing of TCP segments with
! invalid SACK options and cause a system crash.
!
A source code patch exists which remedies this problem.
!
-
! 014: SECURITY FIX: March 30, 2005
All architectures
! Due to buffer overflows in
! telnet(1),
! a malicious server or man-in-the-middle attack could allow execution of
! arbitrary code with the privileges of the user invoking
! telnet(1).
! Noone should use telnet anymore. Please use
! ssh(1).
!
A source code patch exists which remedies this problem.
!
-
! 015: RELIABILITY FIX: April 4, 2005
All architectures
! Handle an edge condition in
! tcp(4)
! timestamps.
!
A source code patch exists which remedies this problem.
!
-
! 016: SECURITY FIX: April 28, 2005
All architectures
! Fix a buffer overflow, memory leaks, and NULL pointer dereference in
! cvs(1)
! . None of these issues are known to be exploitable.
! CAN-2005-0753
! .
!
A source code patch exists which remedies this problem.
!
!
-
! 017: RELIABILITY FIX: June 15, 2005
All architectures
! As discovered by Stefan Miltchev calling
! getsockopt(2)
! to get
! ipsec(4)
! credentials for a socket can result in a kernel panic.
!
A source code patch exists which remedies this problem.
!
-
! 018: SECURITY FIX: June 20, 2005
All architectures
! Due to a race condition in its command pathname handling, a user with
! sudo(8)
! privileges may be able to run arbitrary commands if the user's entry
! is followed by an entry that grants sudo ALL
privileges to
! another user.
!
A source code patch exists which remedies this problem.
!
-
! 019: SECURITY FIX: July 6, 2005
All architectures
! A buffer overflow has been found in
! compress(3)
! which may be exploitable.
!
A source code patch exists which remedies this problem.
!
-
! 020: SECURITY FIX: July 21, 2005
All architectures
! A buffer overflow has been found in
! compress(3)
! which may be exploitable.
! Please note that this fixes a different buffer overflow than the previous zlib patch.
!
A source code patch exists which remedies this problem.