===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata38.html,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- www/errata38.html 2014/03/31 03:12:47 1.44
+++ www/errata38.html 2014/03/31 16:02:48 1.45
@@ -79,7 +79,8 @@
-
-020: SECURITY FIX: October 12, 2006 All architectures
+020: SECURITY FIX: October 12, 2006
+ All architectures
Fix 2 security bugs found in OpenSSH. A pre-authentication denial of service (found
by Tavis Ormandy) that would cause
sshd(8)
@@ -94,7 +95,8 @@
-
-019: SECURITY FIX: October 7, 2006 All architectures
+019: SECURITY FIX: October 7, 2006
+ All architectures
Fix for an integer overflow in
systrace(4)'s
STRIOCREPLACE support, found by
@@ -106,7 +108,8 @@
-
-018: SECURITY FIX: October 7, 2006 All architectures
+018: SECURITY FIX: October 7, 2006
+ All architectures
Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
structures an error condition is mishandled, possibly resulting in an infinite
loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
@@ -123,7 +126,8 @@
-
-017: SECURITY FIX: October 7, 2006 All architectures
+017: SECURITY FIX: October 7, 2006
+ All architectures
httpd(8)
does not sanitize the Expect header from an HTTP request when it is
reflected back in an error message, which might allow cross-site scripting (XSS)
@@ -135,7 +139,8 @@
-
-016: SECURITY FIX: September 8, 2006 All architectures
+016: SECURITY FIX: September 8, 2006
+ All architectures
Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for
an attacker to construct an invalid signature which OpenSSL would accept as a
valid PKCS#1 v1.5 signature.
@@ -146,7 +151,8 @@
-
-015: SECURITY FIX: September 8, 2006 All architectures
+015: SECURITY FIX: September 8, 2006
+ All architectures
Two Denial of Service issues have been found with BIND.
An attacker who can perform recursive lookups on a DNS server and is able
to send a sufficiently large number of recursive queries, or is able to
@@ -162,7 +168,8 @@
-
-014: SECURITY FIX: September 2, 2006 All architectures
+014: SECURITY FIX: September 2, 2006
+ All architectures
Due to the failure to correctly validate LCP configuration option lengths,
it is possible for an attacker to send LCP packets via an
sppp(4)
@@ -174,7 +181,8 @@
-
-013: SECURITY FIX: August 25, 2006 All architectures
+013: SECURITY FIX: August 25, 2006
+ All architectures
A problem in
isakmpd(8)
caused IPsec to run partly without replay protection. If
@@ -188,7 +196,8 @@
-
-012: SECURITY FIX: August 25, 2006 All architectures
+012: SECURITY FIX: August 25, 2006
+ All architectures
It is possible to cause the kernel to panic when more than the default number of
sempahores have been allocated.
@@ -197,7 +206,8 @@
-
-011: SECURITY FIX: August 25, 2006 All architectures
+011: SECURITY FIX: August 25, 2006
+ All architectures
Due to an off-by-one error in
dhcpd(8),
it is possible to cause
@@ -210,7 +220,8 @@
-
-010: SECURITY FIX: August 25, 2006 All architectures
+010: SECURITY FIX: August 25, 2006
+ All architectures
A potential denial of service problem has been found in sendmail. A message
with really long header lines could trigger a use-after-free bug causing
sendmail to crash.
@@ -220,7 +231,8 @@
-
-009: SECURITY FIX: July 30, 2006 All architectures
+009: SECURITY FIX: July 30, 2006
+ All architectures
httpd(8)'s
mod_rewrite has a potentially exploitable off-by-one buffer overflow.
The buffer overflow may result in a vulnerability which, in combination
@@ -233,7 +245,8 @@
-
-008: SECURITY FIX: June 15, 2006 All architectures
+008: SECURITY FIX: June 15, 2006
+ All architectures
A potential denial of service problem has been found in sendmail. A malformed MIME
message could trigger excessive recursion which will lead to stack exhaustion.
This denial of service attack only affects delivery of mail from the queue and
@@ -246,7 +259,8 @@
-
-007: SECURITY FIX: May 2, 2006 All architectures
+007: SECURITY FIX: May 2, 2006
+ All architectures
A security vulnerability has been found in the X.Org server --
CVE-2006-1526.
Clients authorized to connect to the X server are able to crash it and to execute
@@ -257,7 +271,8 @@
-
-006: SECURITY FIX: March 25, 2006 All architectures
+006: SECURITY FIX: March 25, 2006
+ All architectures
A race condition has been reported to exist in the handling by sendmail of
asynchronous signals. A remote attacker may be able to execute arbitrary code with the
privileges of the user running sendmail, typically root.
@@ -267,7 +282,8 @@
-
-005: SECURITY FIX: February 12, 2006 All architectures
+005: SECURITY FIX: February 12, 2006
+ All architectures
Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the
system(3)
function in
@@ -281,7 +297,8 @@
-
-004: RELIABILITY FIX: January 13, 2006 i386 architecture
+004: RELIABILITY FIX: January 13, 2006
+ i386 architecture
Constrain
i386_set_ioperm(2)
so even root is blocked from accessing the ioports
@@ -292,7 +309,8 @@
-
-003: RELIABILITY FIX: January 13, 2006 i386 architecture
+003: RELIABILITY FIX: January 13, 2006
+ i386 architecture
Change the implementation of i386 W^X so that the "execute line" can move around.
Before it was limited to being either at 512MB (below which all code normally
lands) or at the top of the stack. Now the line can float as
@@ -307,7 +325,8 @@
-
-002: SECURITY FIX: January 5, 2006 All architectures
+002: SECURITY FIX: January 5, 2006
+ All architectures
Do not allow users to trick suid programs into re-opening files via /dev/fd.
@@ -315,7 +334,8 @@
-
-001: SECURITY FIX: January 5, 2006 All architectures
+001: SECURITY FIX: January 5, 2006
+ All architectures
A buffer overflow has been found in the Perl interpreter with the sprintf function which
may be exploitable under certain conditions.