===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata37.html,v
retrieving revision 1.67
retrieving revision 1.68
diff -c -r1.67 -r1.68
*** www/errata37.html 2019/05/27 22:55:19 1.67
--- www/errata37.html 2019/05/28 16:32:42 1.68
***************
*** 85,162 ****
! -
! 013: SECURITY FIX: May 2, 2006
All architectures
! A security vulnerability has been found in the X.Org server –
! CVE-2006-1526.
! Clients authorized to connect to the X server are able to crash it and to execute
! malicious code within the X server.
!
A source code patch exists which remedies this problem.
!
-
! 012: SECURITY FIX: March 25, 2006
All architectures
! A race condition has been reported to exist in the handling by sendmail of
! asynchronous signals. A remote attacker may be able to execute arbitrary code with the
! privileges of the user running sendmail, typically root.
!
A source code patch exists which remedies this problem.
!
-
! 011: SECURITY FIX: February 12, 2006
All architectures
! Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the
! system(3)
! function in
! scp(1)
! when performing copy operations using filenames that are supplied by the user from the command line.
! This can be exploited to execute shell commands with privileges of the user running
! scp(1).
!
A source code patch exists which remedies this problem.
!
-
! 010: RELIABILITY FIX: January 13, 2006
! i386 architecture
! Constrain
! i386_set_ioperm(2)
! so even root is blocked from accessing the ioports
! unless the machine is running at lower securelevels or with an open X11 aperture.
!
A source code patch exists which remedies this problem.
!
-
! 009: RELIABILITY FIX: January 13, 2006
! i386 architecture
! Change the implementation of i386 W^X so that the "execute line" can move around.
! Before it was limited to being either at 512MB (below which all code normally
! lands) or at the top of the stack. Now the line can float as
! mprotect(2)
! and
! mmap(2)
! requests need it to. This is now implemented using only GDT selectors
! instead of the LDT so that it is more robust as well.
!
A source code patch exists which remedies this problem.
!
-
! 008: SECURITY FIX: January 5, 2006
All architectures
! Do not allow users to trick suid programs into re-opening files via /dev/fd.
!
A source code patch exists which remedies this problem.
--- 85,161 ----
! -
! 001: SECURITY FIX: June 7, 2005
All architectures
!
! Fix a buffer overflow, memory leaks, and NULL pointer dereference in
! cvs(1)
! . None of these issues are known to be exploitable.
! CAN-2005-0753
! .
!
A source code patch exists which remedies this problem.
!
-
! 002: RELIABILITY FIX: June 15, 2005
All architectures
! As discovered by Stefan Miltchev calling
! getsockopt(2)
! to get
! ipsec(4)
! credentials for a socket can result in a kernel panic.
!
A source code patch exists which remedies this problem.
!
-
! 003: SECURITY FIX: June 20, 2005
All architectures
! Due to a race condition in its command pathname handling, a user with
! sudo(8)
! privileges may be able to run arbitrary commands if the user's entry
! is followed by an entry that grants sudo ALL
privileges to
! another user.
!
A source code patch exists which remedies this problem.
!
-
! 004: SECURITY FIX: July 6, 2005
! All architectures
! A buffer overflow has been found in
! compress(3)
! which may be exploitable.
!
A source code patch exists which remedies this problem.
!
-
! 005: SECURITY FIX: July 21, 2005
! All architectures
! A buffer overflow has been found in
! compress(3)
! which may be exploitable.
! Please note that this fixes a different buffer overflow than the previous zlib patch.
!
A source code patch exists which remedies this problem.
!
-
! 006: RELIABILITY FIX: November 5, 2005
All architectures
! Due to wrong advertisement of RFC 3947 compliance interoperability problems with
! isakmpd(8)
! may occur.
!
A source code patch exists which remedies this problem.
***************
*** 170,246 ****
A source code patch exists which remedies this problem.
!
-
! 006: RELIABILITY FIX: November 5, 2005
All architectures
! Due to wrong advertisement of RFC 3947 compliance interoperability problems with
! isakmpd(8)
! may occur.
!
A source code patch exists which remedies this problem.
!
-
! 005: SECURITY FIX: July 21, 2005
! All architectures
! A buffer overflow has been found in
! compress(3)
! which may be exploitable.
! Please note that this fixes a different buffer overflow than the previous zlib patch.
!
A source code patch exists which remedies this problem.
!
-
! 004: SECURITY FIX: July 6, 2005
! All architectures
! A buffer overflow has been found in
! compress(3)
! which may be exploitable.
!
A source code patch exists which remedies this problem.
!
-
! 003: SECURITY FIX: June 20, 2005
All architectures
! Due to a race condition in its command pathname handling, a user with
! sudo(8)
! privileges may be able to run arbitrary commands if the user's entry
! is followed by an entry that grants sudo ALL
privileges to
! another user.
!
A source code patch exists which remedies this problem.
!
-
! 002: RELIABILITY FIX: June 15, 2005
All architectures
! As discovered by Stefan Miltchev calling
! getsockopt(2)
! to get
! ipsec(4)
! credentials for a socket can result in a kernel panic.
!
A source code patch exists which remedies this problem.
!
-
! 001: SECURITY FIX: June 7, 2005
All architectures
!
! Fix a buffer overflow, memory leaks, and NULL pointer dereference in
! cvs(1)
! . None of these issues are known to be exploitable.
! CAN-2005-0753
! .
!
A source code patch exists which remedies this problem.
--- 169,246 ----
A source code patch exists which remedies this problem.
!
-
! 008: SECURITY FIX: January 5, 2006
All architectures
! Do not allow users to trick suid programs into re-opening files via /dev/fd.
!
A source code patch exists which remedies this problem.
!
-
! 009: RELIABILITY FIX: January 13, 2006
! i386 architecture
! Change the implementation of i386 W^X so that the "execute line" can move around.
! Before it was limited to being either at 512MB (below which all code normally
! lands) or at the top of the stack. Now the line can float as
! mprotect(2)
! and
! mmap(2)
! requests need it to. This is now implemented using only GDT selectors
! instead of the LDT so that it is more robust as well.
!
A source code patch exists which remedies this problem.
!
-
! 010: RELIABILITY FIX: January 13, 2006
! i386 architecture
! Constrain
! i386_set_ioperm(2)
! so even root is blocked from accessing the ioports
! unless the machine is running at lower securelevels or with an open X11 aperture.
!
A source code patch exists which remedies this problem.
!
-
! 011: SECURITY FIX: February 12, 2006
All architectures
! Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the
! system(3)
! function in
! scp(1)
! when performing copy operations using filenames that are supplied by the user from the command line.
! This can be exploited to execute shell commands with privileges of the user running
! scp(1).
!
A source code patch exists which remedies this problem.
!
-
! 012: SECURITY FIX: March 25, 2006
All architectures
! A race condition has been reported to exist in the handling by sendmail of
! asynchronous signals. A remote attacker may be able to execute arbitrary code with the
! privileges of the user running sendmail, typically root.
!
A source code patch exists which remedies this problem.
!
-
! 013: SECURITY FIX: May 2, 2006
All architectures
! A security vulnerability has been found in the X.Org server –
! CVE-2006-1526.
! Clients authorized to connect to the X server are able to crash it and to execute
! malicious code within the X server.
!
A source code patch exists which remedies this problem.