=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata36.html,v retrieving revision 1.61 retrieving revision 1.62 diff -c -r1.61 -r1.62 *** www/errata36.html 2019/05/27 22:55:19 1.61 --- www/errata36.html 2019/05/28 16:32:42 1.62 *************** *** 85,209 ****

! 020: SECURITY FIX: July 21, 2005 All architectures
! A buffer overflow has been found in ! compress(3) ! which may be exploitable.
! Please note that this fixes a different buffer overflow than the previous zlib patch.
! A source code patch exists which remedies this problem.
!
! 019: SECURITY FIX: July 6, 2005 All architectures
! A buffer overflow has been found in ! compress(3) ! which may be exploitable.
! A source code patch exists which remedies this problem.
!
! 018: SECURITY FIX: June 20, 2005 All architectures
! Due to a race condition in its command pathname handling, a user with ! sudo(8) ! privileges may be able to run arbitrary commands if the user's entry ! is followed by an entry that grants sudo ALL privileges to ! another user.
! A source code patch exists which remedies this problem.
!
! 017: RELIABILITY FIX: June 15, 2005 All architectures
! As discovered by Stefan Miltchev calling ! getsockopt(2) ! to get ! ipsec(4) ! credentials for a socket can result in a kernel panic.
! A source code patch exists which remedies this problem.
!
! 016: SECURITY FIX: April 28, 2005 All architectures
! Fix a buffer overflow, memory leaks, and NULL pointer dereference in ! cvs(1) ! . None of these issues are known to be exploitable. ! CAN-2005-0753 ! .
! A source code patch exists which remedies this problem.
!
! 015: RELIABILITY FIX: April 4, 2005 All architectures
! Handle an edge condition in ! tcp(4) ! timestamps.
! A source code patch exists which remedies this problem.
!
! 014: SECURITY FIX: March 30, 2005 All architectures
! Due to buffer overflows in ! telnet(1), ! a malicious server or man-in-the-middle attack could allow execution of ! arbitrary code with the privileges of the user invoking ! telnet(1). ! Noone should use telnet anymore. Please use ! ssh(1).
! A source code patch exists which remedies this problem.
!
! 013: RELIABILITY FIX: March 30, 2005 All architectures
! Bugs in the ! tcp(4) ! stack can lead to memory exhaustion or processing of TCP segments with ! invalid SACK options and cause a system crash.
! A source code patch exists which remedies this problem.
!
! 012: SECURITY FIX: March 16, 2005 ! amd64 only
! More stringent checking should be done in the ! copy(9) ! functions to prevent their misuse.
! ! A source code patch exists which remedies this problem. !
! !
! 011: SECURITY FIX: February 28, 2005 ! i386 only
! More stringent checking should be done in the ! copy(9) ! functions to prevent their misuse.
! A source code patch exists which remedies this problem.
--- 85,196 ----
- ! 001: RELIABILITY FIX: November 10, 2004 All architectures
  ! Fix detection of tape blocksize during device open. Corrects problem with ! restore(8).
  ! A source code patch exists which remedies this problem.
  !
- ! 002: RELIABILITY FIX: November 10, 2004 All architectures
  ! BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in ! cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and ! thus slow DNS queries.
  ! A source code patch exists which remedies this problem.
  !
- ! 003: RELIABILITY FIX: November 10, 2004 All architectures
  ! pppd(8) ! contains a bug that allows an attacker to crash his own connection, but it cannot ! be used to deny service to other users.
  ! A source code patch exists which remedies this problem.
  !
- ! 004: RELIABILITY FIX: November 10, 2004 All architectures
  ! Due to a bug in ! lynx(1) ! it is possible for pages such as ! this ! to cause ! lynx(1) ! to exhaust memory and then crash when parsing such pages.
  ! A source code patch exists which remedies this problem.
  !
- ! 005: RELIABILITY FIX: November 21, 2004 All architectures
  ! Wrong calculation of NAT-D payloads may cause interoperability problems between ! isakmpd(8) ! and other ISAKMP/IKE implementations.
  ! A source code patch exists which remedies this problem.
  !
- ! 006: RELIABILITY FIX: November 21, 2004 All architectures
  ! Fix for transmit side breakage on macppc and mbuf leaks with ! xl(4).
  ! A source code patch exists which remedies this problem.
  !
- ! 007: SECURITY FIX: December 14, 2004 All architectures
  ! On systems running ! isakmpd(8) ! it is possible for a local user to cause kernel memory corruption ! and system panic by setting ! ipsec(4) ! credentials on a socket.
  ! A source code patch exists which remedies this problem.
  !
- ! 008: RELIABILITY FIX: January 6, 2005 All architectures
  ! The ! getcwd(3) ! library function contains a memory management error, which causes failure ! to retrieve the current working directory if the path is very long.
  ! A source code patch exists which remedies this problem.
  !
- ! 009: SECURITY FIX: January 12, 2005 ! All architectures
  ! httpd(8) ! 's mod_include module fails to properly validate the length of ! user supplied tag strings prior to copying them to a local buffer, ! causing a buffer overflow.
  ! This would require enabling the XBitHack directive or server-side ! includes and making use of a malicious document.
  ! A source code patch exists which remedies this problem.
  *************** *** 220,331 **** A source code patch exists which remedies this problem.
  !
- ! 009: SECURITY FIX: January 12, 2005 ! All architectures
  ! httpd(8) ! 's mod_include module fails to properly validate the length of ! user supplied tag strings prior to copying them to a local buffer, ! causing a buffer overflow.
  ! This would require enabling the XBitHack directive or server-side ! includes and making use of a malicious document.
  ! A source code patch exists which remedies this problem.
  !
- ! 008: RELIABILITY FIX: January 6, 2005 All architectures
  ! The ! getcwd(3) ! library function contains a memory management error, which causes failure ! to retrieve the current working directory if the path is very long.
  ! A source code patch exists which remedies this problem.
  !
- ! 007: SECURITY FIX: December 14, 2004 All architectures
  ! On systems running ! isakmpd(8) ! it is possible for a local user to cause kernel memory corruption ! and system panic by setting ! ipsec(4) ! credentials on a socket.
  ! A source code patch exists which remedies this problem.
  !
- ! 006: RELIABILITY FIX: November 21, 2004 All architectures
  ! Fix for transmit side breakage on macppc and mbuf leaks with ! xl(4).
  ! A source code patch exists which remedies this problem.
  !
- ! 005: RELIABILITY FIX: November 21, 2004 All architectures
  ! Wrong calculation of NAT-D payloads may cause interoperability problems between ! isakmpd(8) ! and other ISAKMP/IKE implementations.
  ! A source code patch exists which remedies this problem. -
  !
- ! 004: RELIABILITY FIX: November 10, 2004 All architectures
  ! Due to a bug in ! lynx(1) ! it is possible for pages such as ! this ! to cause ! lynx(1) ! to exhaust memory and then crash when parsing such pages.
  ! A source code patch exists which remedies this problem.
  !
- ! 003: RELIABILITY FIX: November 10, 2004 All architectures
  ! pppd(8) ! contains a bug that allows an attacker to crash his own connection, but it cannot ! be used to deny service to other users.
  ! A source code patch exists which remedies this problem.
  !
- ! 002: RELIABILITY FIX: November 10, 2004 All architectures
  ! BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in ! cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and ! thus slow DNS queries.
  ! A source code patch exists which remedies this problem.
  !
- ! 001: RELIABILITY FIX: November 10, 2004 All architectures
  ! Fix detection of tape blocksize during device open. Corrects problem with ! restore(8).
  ! A source code patch exists which remedies this problem.
  --- 207,331 ---- A source code patch exists which remedies this problem.
  !
- ! 011: SECURITY FIX: February 28, 2005 ! i386 only
  ! More stringent checking should be done in the ! copy(9) ! functions to prevent their misuse.
  ! ! A source code patch exists which remedies this problem. !
  ! !
- ! 012: SECURITY FIX: March 16, 2005 ! amd64 only
  ! More stringent checking should be done in the ! copy(9) ! functions to prevent their misuse.
  ! A source code patch exists which remedies this problem.
  !
- ! 013: RELIABILITY FIX: March 30, 2005 All architectures
  ! Bugs in the ! tcp(4) ! stack can lead to memory exhaustion or processing of TCP segments with ! invalid SACK options and cause a system crash.
  ! A source code patch exists which remedies this problem.
  !
- ! 014: SECURITY FIX: March 30, 2005 All architectures
  ! Due to buffer overflows in ! telnet(1), ! a malicious server or man-in-the-middle attack could allow execution of ! arbitrary code with the privileges of the user invoking ! telnet(1). ! Noone should use telnet anymore. Please use ! ssh(1).
  ! A source code patch exists which remedies this problem.
  !
- ! 015: RELIABILITY FIX: April 4, 2005 All architectures
  ! Handle an edge condition in ! tcp(4) ! timestamps.
  ! A source code patch exists which remedies this problem.
  !
- ! 016: SECURITY FIX: April 28, 2005 All architectures
  ! Fix a buffer overflow, memory leaks, and NULL pointer dereference in ! cvs(1) ! . None of these issues are known to be exploitable. ! CAN-2005-0753 ! .
  ! A source code patch exists which remedies this problem.
  ! !
- ! 017: RELIABILITY FIX: June 15, 2005 All architectures
  ! As discovered by Stefan Miltchev calling ! getsockopt(2) ! to get ! ipsec(4) ! credentials for a socket can result in a kernel panic.
  ! A source code patch exists which remedies this problem.
  !
- ! 018: SECURITY FIX: June 20, 2005 All architectures
  ! Due to a race condition in its command pathname handling, a user with ! sudo(8) ! privileges may be able to run arbitrary commands if the user's entry ! is followed by an entry that grants sudo ALL privileges to ! another user.
  ! A source code patch exists which remedies this problem.
  !
- ! 019: SECURITY FIX: July 6, 2005 All architectures
  ! A buffer overflow has been found in ! compress(3) ! which may be exploitable.
  ! A source code patch exists which remedies this problem.
  !
- ! 020: SECURITY FIX: July 21, 2005 All architectures
  ! A buffer overflow has been found in ! compress(3) ! which may be exploitable.
  ! Please note that this fixes a different buffer overflow than the previous zlib patch.
  ! A source code patch exists which remedies this problem.