=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata37.html,v retrieving revision 1.67 retrieving revision 1.68 diff -c -r1.67 -r1.68 *** www/errata37.html 2019/05/27 22:55:19 1.67 --- www/errata37.html 2019/05/28 16:32:42 1.68 *************** *** 85,162 ****

! 013: SECURITY FIX: May 2, 2006 All architectures
! A security vulnerability has been found in the X.Org server – ! CVE-2006-1526. ! Clients authorized to connect to the X server are able to crash it and to execute ! malicious code within the X server.
! A source code patch exists which remedies this problem.
!
! 012: SECURITY FIX: March 25, 2006 All architectures
! A race condition has been reported to exist in the handling by sendmail of ! asynchronous signals. A remote attacker may be able to execute arbitrary code with the ! privileges of the user running sendmail, typically root.
! A source code patch exists which remedies this problem.
!
! 011: SECURITY FIX: February 12, 2006 All architectures
! Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the ! system(3) ! function in ! scp(1) ! when performing copy operations using filenames that are supplied by the user from the command line. ! This can be exploited to execute shell commands with privileges of the user running ! scp(1).
! A source code patch exists which remedies this problem.
!
! 010: RELIABILITY FIX: January 13, 2006 ! i386 architecture
! Constrain ! i386_set_ioperm(2) ! so even root is blocked from accessing the ioports ! unless the machine is running at lower securelevels or with an open X11 aperture.
! A source code patch exists which remedies this problem.
!
! 009: RELIABILITY FIX: January 13, 2006 ! i386 architecture
! Change the implementation of i386 W^X so that the "execute line" can move around. ! Before it was limited to being either at 512MB (below which all code normally ! lands) or at the top of the stack. Now the line can float as ! mprotect(2) ! and ! mmap(2) ! requests need it to. This is now implemented using only GDT selectors ! instead of the LDT so that it is more robust as well.
! A source code patch exists which remedies this problem.
!
! 008: SECURITY FIX: January 5, 2006 All architectures
! Do not allow users to trick suid programs into re-opening files via /dev/fd.
! A source code patch exists which remedies this problem.
--- 85,161 ----
- ! 001: SECURITY FIX: June 7, 2005 All architectures
  ! ! Fix a buffer overflow, memory leaks, and NULL pointer dereference in ! cvs(1) ! . None of these issues are known to be exploitable. ! CAN-2005-0753 ! .
  ! A source code patch exists which remedies this problem.
  !
- ! 002: RELIABILITY FIX: June 15, 2005 All architectures
  ! As discovered by Stefan Miltchev calling ! getsockopt(2) ! to get ! ipsec(4) ! credentials for a socket can result in a kernel panic.
  ! A source code patch exists which remedies this problem.
  !
- ! 003: SECURITY FIX: June 20, 2005 All architectures
  ! Due to a race condition in its command pathname handling, a user with ! sudo(8) ! privileges may be able to run arbitrary commands if the user's entry ! is followed by an entry that grants sudo ALL privileges to ! another user.
  ! A source code patch exists which remedies this problem.
  !
- ! 004: SECURITY FIX: July 6, 2005 ! All architectures
  ! A buffer overflow has been found in ! compress(3) ! which may be exploitable.
  ! A source code patch exists which remedies this problem.
  !
- ! 005: SECURITY FIX: July 21, 2005 ! All architectures
  ! A buffer overflow has been found in ! compress(3) ! which may be exploitable.
  ! Please note that this fixes a different buffer overflow than the previous zlib patch.
  ! A source code patch exists which remedies this problem.
  !
- ! 006: RELIABILITY FIX: November 5, 2005 All architectures
  ! Due to wrong advertisement of RFC 3947 compliance interoperability problems with ! isakmpd(8) ! may occur.
  ! A source code patch exists which remedies this problem.
  *************** *** 170,246 **** A source code patch exists which remedies this problem.
  !
- ! 006: RELIABILITY FIX: November 5, 2005 All architectures
  ! Due to wrong advertisement of RFC 3947 compliance interoperability problems with ! isakmpd(8) ! may occur.
  ! A source code patch exists which remedies this problem.
  !
- ! 005: SECURITY FIX: July 21, 2005 ! All architectures
  ! A buffer overflow has been found in ! compress(3) ! which may be exploitable.
  ! Please note that this fixes a different buffer overflow than the previous zlib patch.
  ! A source code patch exists which remedies this problem.
  !
- ! 004: SECURITY FIX: July 6, 2005 ! All architectures
  ! A buffer overflow has been found in ! compress(3) ! which may be exploitable.
  ! A source code patch exists which remedies this problem.
  !
- ! 003: SECURITY FIX: June 20, 2005 All architectures
  ! Due to a race condition in its command pathname handling, a user with ! sudo(8) ! privileges may be able to run arbitrary commands if the user's entry ! is followed by an entry that grants sudo ALL privileges to ! another user.
  ! A source code patch exists which remedies this problem.
  !
- ! 002: RELIABILITY FIX: June 15, 2005 All architectures
  ! As discovered by Stefan Miltchev calling ! getsockopt(2) ! to get ! ipsec(4) ! credentials for a socket can result in a kernel panic.
  ! A source code patch exists which remedies this problem.
  !
- ! 001: SECURITY FIX: June 7, 2005 All architectures
  ! ! Fix a buffer overflow, memory leaks, and NULL pointer dereference in ! cvs(1) ! . None of these issues are known to be exploitable. ! CAN-2005-0753 ! .
  ! A source code patch exists which remedies this problem.
  --- 169,246 ---- A source code patch exists which remedies this problem.
  !
- ! 008: SECURITY FIX: January 5, 2006 All architectures
  ! Do not allow users to trick suid programs into re-opening files via /dev/fd.
  ! A source code patch exists which remedies this problem.
  !
- ! 009: RELIABILITY FIX: January 13, 2006 ! i386 architecture
  ! Change the implementation of i386 W^X so that the "execute line" can move around. ! Before it was limited to being either at 512MB (below which all code normally ! lands) or at the top of the stack. Now the line can float as ! mprotect(2) ! and ! mmap(2) ! requests need it to. This is now implemented using only GDT selectors ! instead of the LDT so that it is more robust as well.
  ! A source code patch exists which remedies this problem.
  !
- ! 010: RELIABILITY FIX: January 13, 2006 ! i386 architecture
  ! Constrain ! i386_set_ioperm(2) ! so even root is blocked from accessing the ioports ! unless the machine is running at lower securelevels or with an open X11 aperture.
  ! A source code patch exists which remedies this problem.
  !
- ! 011: SECURITY FIX: February 12, 2006 All architectures
  ! Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the ! system(3) ! function in ! scp(1) ! when performing copy operations using filenames that are supplied by the user from the command line. ! This can be exploited to execute shell commands with privileges of the user running ! scp(1).
  ! A source code patch exists which remedies this problem.
  !
- ! 012: SECURITY FIX: March 25, 2006 All architectures
  ! A race condition has been reported to exist in the handling by sendmail of ! asynchronous signals. A remote attacker may be able to execute arbitrary code with the ! privileges of the user running sendmail, typically root.
  ! A source code patch exists which remedies this problem.
  !
- ! 013: SECURITY FIX: May 2, 2006 All architectures
  ! A security vulnerability has been found in the X.Org server – ! CVE-2006-1526. ! Clients authorized to connect to the X server are able to crash it and to execute ! malicious code within the X server.
  ! A source code patch exists which remedies this problem.