===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata36.html,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- www/errata36.html 2017/03/28 06:41:18 1.55
+++ www/errata36.html 2017/06/26 17:18:57 1.56
@@ -87,7 +87,7 @@
020: SECURITY FIX: July 21, 2005
All architectures
A buffer overflow has been found in
-compress(3)
+compress(3)
which may be exploitable.
Please note that this fixes a different buffer overflow than the previous zlib patch.
@@ -99,7 +99,7 @@
019: SECURITY FIX: July 6, 2005
All architectures
A buffer overflow has been found in
-compress(3)
+compress(3)
which may be exploitable.
@@ -110,7 +110,7 @@
018: SECURITY FIX: June 20, 2005
All architectures
Due to a race condition in its command pathname handling, a user with
-sudo(8)
+sudo(8)
privileges may be able to run arbitrary commands if the user's entry
is followed by an entry that grants sudo ALL privileges to
another user.
@@ -123,9 +123,9 @@
017: RELIABILITY FIX: June 15, 2005
All architectures
As discovered by Stefan Miltchev calling
-getsockopt(2)
+getsockopt(2)
to get
-ipsec(4)
+ipsec(4)
credentials for a socket can result in a kernel panic.
@@ -136,7 +136,7 @@
016: SECURITY FIX: April 28, 2005
All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in
-cvs(1)
+cvs(1)
. None of these issues are known to be exploitable.
CAN-2005-0753
.
@@ -149,7 +149,7 @@
015: RELIABILITY FIX: April 4, 2005
All architectures
Handle an edge condition in
-tcp(4)
+tcp(4)
timestamps.
@@ -160,12 +160,12 @@
014: SECURITY FIX: March 30, 2005
All architectures
Due to buffer overflows in
-telnet(1),
+telnet(1),
a malicious server or man-in-the-middle attack could allow execution of
arbitrary code with the privileges of the user invoking
-telnet(1).
+telnet(1).
Noone should use telnet anymore. Please use
-ssh(1).
+ssh(1).
A source code patch exists which remedies this problem.
@@ -175,7 +175,7 @@
013: RELIABILITY FIX: March 30, 2005
All architectures
Bugs in the
-tcp(4)
+tcp(4)
stack can lead to memory exhaustion or processing of TCP segments with
invalid SACK options and cause a system crash.
@@ -187,7 +187,7 @@
012: SECURITY FIX: March 16, 2005
amd64 only
More stringent checking should be done in the
-copy(9)
+copy(9)
functions to prevent their misuse.
@@ -198,7 +198,7 @@
011: SECURITY FIX: February 28, 2005
i386 only
More stringent checking should be done in the
-copy(9)
+copy(9)
functions to prevent their misuse.
@@ -209,7 +209,7 @@
010: RELIABILITY FIX: January 11, 2005
All architectures
A bug in the
-tcp(4)
+tcp(4)
stack allows an invalid argument to be used in calculating the TCP
retransmit timeout. By sending packets with specific values in the TCP
timestamp option, an attacker can cause a system panic.
@@ -221,7 +221,7 @@