===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata36.html,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- www/errata36.html 2016/03/21 05:46:20 1.45
+++ www/errata36.html 2016/03/22 10:54:42 1.46
@@ -88,7 +88,7 @@
020: SECURITY FIX: July 21, 2005
All architectures
A buffer overflow has been found in
-compress(3)
+compress(3)
which may be exploitable.
Please note that this fixes a different buffer overflow than the previous zlib patch.
@@ -100,7 +100,7 @@
019: SECURITY FIX: July 6, 2005
All architectures
A buffer overflow has been found in
-compress(3)
+compress(3)
which may be exploitable.
@@ -111,7 +111,7 @@
018: SECURITY FIX: June 20, 2005
All architectures
Due to a race condition in its command pathname handling, a user with
-sudo(8)
+sudo(8)
privileges may be able to run arbitrary commands if the user's entry
is followed by an entry that grants sudo ALL privileges to
another user.
@@ -124,9 +124,9 @@
017: RELIABILITY FIX: June 15, 2005
All architectures
As discovered by Stefan Miltchev calling
-getsockopt(2)
+getsockopt(2)
to get
-ipsec(4)
+ipsec(4)
credentials for a socket can result in a kernel panic.
@@ -137,7 +137,7 @@
016: SECURITY FIX: April 28, 2005
All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in
-cvs(1)
+cvs(1)
. None of these issues are known to be exploitable.
CAN-2005-0753
.
@@ -150,7 +150,7 @@
015: RELIABILITY FIX: April 4, 2005
All architectures
Handle an edge condition in
-tcp(4)
+tcp(4)
timestamps.
@@ -161,12 +161,12 @@
014: SECURITY FIX: March 30, 2005
All architectures
Due to buffer overflows in
-telnet(1),
+telnet(1),
a malicious server or man-in-the-middle attack could allow execution of
arbitrary code with the privileges of the user invoking
-telnet(1).
+telnet(1).
Noone should use telnet anymore. Please use
-ssh(1).
+ssh(1).
A source code patch exists which remedies this problem.
@@ -176,7 +176,7 @@
013: RELIABILITY FIX: March 30, 2005
All architectures
Bugs in the
-tcp(4)
+tcp(4)
stack can lead to memory exhaustion or processing of TCP segments with
invalid SACK options and cause a system crash.
@@ -188,7 +188,7 @@
012: SECURITY FIX: March 16, 2005
amd64 only
More stringent checking should be done in the
-copy(9)
+copy(9)
functions to prevent their misuse.
@@ -199,7 +199,7 @@
011: SECURITY FIX: February 28, 2005
i386 only
More stringent checking should be done in the
-copy(9)
+copy(9)
functions to prevent their misuse.
@@ -210,7 +210,7 @@
010: RELIABILITY FIX: January 11, 2005
All architectures
A bug in the
-tcp(4)
+tcp(4)
stack allows an invalid argument to be used in calculating the TCP
retransmit timeout. By sending packets with specific values in the TCP
timestamp option, an attacker can cause a system panic.
@@ -222,7 +222,7 @@