===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata37.html,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- www/errata37.html 2014/03/31 03:12:47 1.40
+++ www/errata37.html 2014/03/31 16:02:48 1.41
@@ -79,7 +79,8 @@
-
-013: SECURITY FIX: May 2, 2006 All architectures
+013: SECURITY FIX: May 2, 2006
+ All architectures
A security vulnerability has been found in the X.Org server --
CVE-2006-1526.
Clients authorized to connect to the X server are able to crash it and to execute
@@ -90,7 +91,8 @@
-
-012: SECURITY FIX: March 25, 2006 All architectures
+012: SECURITY FIX: March 25, 2006
+ All architectures
A race condition has been reported to exist in the handling by sendmail of
asynchronous signals. A remote attacker may be able to execute arbitrary code with the
privileges of the user running sendmail, typically root.
@@ -100,7 +102,8 @@
-
-011: SECURITY FIX: February 12, 2006 All architectures
+011: SECURITY FIX: February 12, 2006
+ All architectures
Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the
system(3)
function in
@@ -114,7 +117,8 @@
-
-010: RELIABILITY FIX: January 13, 2006 i386 architecture
+010: RELIABILITY FIX: January 13, 2006
+ i386 architecture
Constrain
i386_set_ioperm(2)
so even root is blocked from accessing the ioports
@@ -125,7 +129,8 @@
-
-009: RELIABILITY FIX: January 13, 2006 i386 architecture
+009: RELIABILITY FIX: January 13, 2006
+ i386 architecture
Change the implementation of i386 W^X so that the "execute line" can move around.
Before it was limited to being either at 512MB (below which all code normally
lands) or at the top of the stack. Now the line can float as
@@ -140,7 +145,8 @@
-
-008: SECURITY FIX: January 5, 2006 All architectures
+008: SECURITY FIX: January 5, 2006
+ All architectures
Do not allow users to trick suid programs into re-opening files via /dev/fd.
@@ -148,7 +154,8 @@
-
-007: SECURITY FIX: January 5, 2006 All architectures
+007: SECURITY FIX: January 5, 2006
+ All architectures
A buffer overflow has been found in the Perl interpreter with the sprintf function which
may be exploitable under certain conditions.
@@ -157,7 +164,8 @@
-
-006: RELIABILITY FIX: November 5, 2005 All architectures
+006: RELIABILITY FIX: November 5, 2005
+ All architectures
Due to wrong advertisement of RFC 3947 compliance interoperability problems with
isakmpd(8)
may occur.
@@ -167,7 +175,8 @@
-
-005: SECURITY FIX: July 21, 2005 All architectures
+005: SECURITY FIX: July 21, 2005
+ All architectures
A buffer overflow has been found in
compress(3)
which may be exploitable.
@@ -178,7 +187,8 @@
-
-004: SECURITY FIX: July 6, 2005 All architectures
+004: SECURITY FIX: July 6, 2005
+ All architectures
A buffer overflow has been found in
compress(3)
which may be exploitable.
@@ -188,7 +198,8 @@
-
-003: SECURITY FIX: June 20, 2005 All architectures
+003: SECURITY FIX: June 20, 2005
+ All architectures
Due to a race condition in its command pathname handling, a user with
sudo(8)
privileges may be able to run arbitrary commands if the user's entry
@@ -200,7 +211,8 @@
-
-002: RELIABILITY FIX: June 15, 2005 All architectures
+002: RELIABILITY FIX: June 15, 2005
+ All architectures
As discovered by Stefan Miltchev calling
getsockopt(2)
to get
@@ -212,7 +224,8 @@
-
-001: SECURITY FIX: June 7, 2005 All architectures
+001: SECURITY FIX: June 7, 2005
+ All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in
cvs(1)