===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata36.html,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- www/errata36.html 2014/03/31 03:12:47 1.34
+++ www/errata36.html 2014/03/31 16:02:48 1.35
@@ -79,7 +79,8 @@
-
-020: SECURITY FIX: July 21, 2005 All architectures
+020: SECURITY FIX: July 21, 2005
+ All architectures
A buffer overflow has been found in
compress(3)
which may be exploitable.
@@ -90,7 +91,8 @@
-
-019: SECURITY FIX: July 6, 2005 All architectures
+019: SECURITY FIX: July 6, 2005
+ All architectures
A buffer overflow has been found in
compress(3)
which may be exploitable.
@@ -100,7 +102,8 @@
-
-018: SECURITY FIX: June 20, 2005 All architectures
+018: SECURITY FIX: June 20, 2005
+ All architectures
Due to a race condition in its command pathname handling, a user with
sudo(8)
privileges may be able to run arbitrary commands if the user's entry
@@ -112,7 +115,8 @@
-
-017: RELIABILITY FIX: June 15, 2005 All architectures
+017: RELIABILITY FIX: June 15, 2005
+ All architectures
As discovered by Stefan Miltchev calling
getsockopt(2)
to get
@@ -124,7 +128,8 @@
-
-016: SECURITY FIX: April 28, 2005 All architectures
+016: SECURITY FIX: April 28, 2005
+ All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in
cvs(1)
. None of these issues are known to be exploitable.
@@ -136,7 +141,8 @@
-
-015: RELIABILITY FIX: April 4, 2005 All architectures
+015: RELIABILITY FIX: April 4, 2005
+ All architectures
Handle an edge condition in
tcp(4)
timestamps.
@@ -146,7 +152,8 @@
-
-014: SECURITY FIX: March 30, 2005 All architectures
+014: SECURITY FIX: March 30, 2005
+ All architectures
Due to buffer overflows in
telnet(1),
a malicious server or man-in-the-middle attack could allow execution of
@@ -160,7 +167,8 @@
-
-013: RELIABILITY FIX: March 30, 2005 All architectures
+013: RELIABILITY FIX: March 30, 2005
+ All architectures
Bugs in the
tcp(4)
stack can lead to memory exhaustion or processing of TCP segments with
@@ -171,7 +179,8 @@
-
-012: SECURITY FIX: March 16, 2005 amd64 only
+012: SECURITY FIX: March 16, 2005
+ amd64 only
More stringent checking should be done in the
copy(9)
functions to prevent their misuse.
@@ -181,7 +190,8 @@
-
-011: SECURITY FIX: February 28, 2005 i386 only
+011: SECURITY FIX: February 28, 2005
+ i386 only
More stringent checking should be done in the
copy(9)
functions to prevent their misuse.
@@ -191,7 +201,8 @@
-
-010: RELIABILITY FIX: January 11, 2005 All architectures
+010: RELIABILITY FIX: January 11, 2005
+ All architectures
A bug in the
tcp(4)
stack allows an invalid argument to be used in calculating the TCP
@@ -203,7 +214,8 @@
-
-009: SECURITY FIX: January 12, 2005 All architectures
+009: SECURITY FIX: January 12, 2005
+ All architectures
httpd(8)
's mod_include module fails to properly validate the length of
user supplied tag strings prior to copying them to a local buffer,
@@ -217,7 +229,8 @@
-
-008: RELIABILITY FIX: January 6, 2005 All architectures
+008: RELIABILITY FIX: January 6, 2005
+ All architectures
The
getcwd(3)
library function contains a memory management error, which causes failure
@@ -228,7 +241,8 @@
-
-007: SECURITY FIX: December 14, 2004 All architectures
+007: SECURITY FIX: December 14, 2004
+ All architectures
On systems running
isakmpd(8)
it is possible for a local user to cause kernel memory corruption
@@ -241,7 +255,8 @@
-
-006: RELIABILITY FIX: November 21, 2004 All architectures
+006: RELIABILITY FIX: November 21, 2004
+ All architectures
Fix for transmit side breakage on macppc and mbuf leaks with
xl(4).
@@ -250,7 +265,8 @@
-
-005: RELIABILITY FIX: November 21, 2004 All architectures
+005: RELIABILITY FIX: November 21, 2004
+ All architectures
Wrong calculation of NAT-D payloads may cause interoperability problems between
isakmpd(8)
and other ISAKMP/IKE implementations.
@@ -260,7 +276,8 @@
-
-004: RELIABILITY FIX: November 10, 2004 All architectures
+004: RELIABILITY FIX: November 10, 2004
+ All architectures
Due to a bug in
lynx(1)
it is possible for pages such as
@@ -274,7 +291,8 @@
-
-003: RELIABILITY FIX: November 10, 2004 All architectures
+003: RELIABILITY FIX: November 10, 2004
+ All architectures
pppd(8)
contains a bug that allows an attacker to crash his own connection, but it cannot
be used to deny service to other users.
@@ -284,7 +302,8 @@
-
-002: RELIABILITY FIX: November 10, 2004 All architectures
+002: RELIABILITY FIX: November 10, 2004
+ All architectures
BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in
cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
thus slow DNS queries.
@@ -294,7 +313,8 @@
-
-001: RELIABILITY FIX: November 10, 2004 All architectures
+001: RELIABILITY FIX: November 10, 2004
+ All architectures
Fix detection of tape blocksize during device open. Corrects problem with
restore(8).