===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata39.html,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- www/errata39.html 2014/03/31 03:12:47 1.43
+++ www/errata39.html 2014/03/31 16:02:48 1.44
@@ -79,14 +79,16 @@
-
-023: STABILITY FIX: April 26, 2007 PowerPC
+023: STABILITY FIX: April 26, 2007
+ PowerPC
An unhandled AltiVec assist exception can cause a kernel panic.
A source code patch exists which remedies this problem.
-
-022: SECURITY FIX: April 23, 2007 All architectures
+022: SECURITY FIX: April 23, 2007
+ All architectures
IPv6 type 0 route headers can be used to mount a DoS attack against
hosts and networks. This is a design flaw in IPv6 and not a bug in
OpenBSD.
@@ -95,7 +97,8 @@
-
-021: SECURITY FIX: April 4, 2007 All architectures
+021: SECURITY FIX: April 4, 2007
+ All architectures
Multiple vulnerabilities have been discovered in X.Org.
XC-MISC extension ProcXCMiscGetXIDList memory corruption vulnerability,
BDFFont parsing integer overflow vulnerability,
@@ -112,7 +115,8 @@
-
-020: SECURITY FIX: March 7, 2007 All architectures
+020: SECURITY FIX: March 7, 2007
+ All architectures
2nd revision, March 17, 2007
Incorrect mbuf handling for ICMP6 packets.
Using
@@ -126,7 +130,8 @@
-
-019: INTEROPERABILITY FIX: February 4, 2007 All architectures
+019: INTEROPERABILITY FIX: February 4, 2007
+ All architectures
A US daylight saving time rules change takes effect in 2007.
@@ -134,7 +139,8 @@
-
-018: RELIABILITY FIX: January 16, 2007 All architectures
+018: RELIABILITY FIX: January 16, 2007
+ All architectures
Under some circumstances, processing an ICMP6 echo request would cause
the kernel to enter an infinite loop.
@@ -158,7 +164,8 @@
-
-016: SECURITY FIX: November 19, 2006 All architectures
+016: SECURITY FIX: November 19, 2006
+ All architectures
The ELF
ld.so(1)
fails to properly sanitize the environment. There is a potential localhost security
@@ -170,7 +177,8 @@
-
-015: SECURITY FIX: October 12, 2006 All architectures
+015: SECURITY FIX: October 12, 2006
+ All architectures
Fix 2 security bugs found in OpenSSH. A pre-authentication denial of service (found
by Tavis Ormandy) that would cause
sshd(8)
@@ -185,7 +193,8 @@
-
-014: SECURITY FIX: October 7, 2006 All architectures
+014: SECURITY FIX: October 7, 2006
+ All architectures
Fix for an integer overflow in
systrace(4)'s
STRIOCREPLACE support, found by
@@ -197,7 +206,8 @@
-
-013: SECURITY FIX: October 7, 2006 All architectures
+013: SECURITY FIX: October 7, 2006
+ All architectures
Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
structures an error condition is mishandled, possibly resulting in an infinite
loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
@@ -214,7 +224,8 @@
-
-012: SECURITY FIX: October 7, 2006 All architectures
+012: SECURITY FIX: October 7, 2006
+ All architectures
httpd(8)
does not sanitize the Expect header from an HTTP request when it is
reflected back in an error message, which might allow cross-site scripting (XSS)
@@ -226,7 +237,8 @@
-
-011: SECURITY FIX: September 8, 2006 All architectures
+011: SECURITY FIX: September 8, 2006
+ All architectures
Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for
an attacker to construct an invalid signature which OpenSSL would accept as a
valid PKCS#1 v1.5 signature.
@@ -237,7 +249,8 @@
-
-010: SECURITY FIX: September 8, 2006 All architectures
+010: SECURITY FIX: September 8, 2006
+ All architectures
Two Denial of Service issues have been found with BIND.
An attacker who can perform recursive lookups on a DNS server and is able
to send a sufficiently large number of recursive queries, or is able to
@@ -253,7 +266,8 @@
-
-009: SECURITY FIX: September 2, 2006 All architectures
+009: SECURITY FIX: September 2, 2006
+ All architectures
Due to the failure to correctly validate LCP configuration option lengths,
it is possible for an attacker to send LCP packets via an
sppp(4)
@@ -265,7 +279,8 @@
-
-008: SECURITY FIX: August 25, 2006 All architectures
+008: SECURITY FIX: August 25, 2006
+ All architectures
A problem in
isakmpd(8)
caused IPsec to run partly without replay protection. If
@@ -279,7 +294,8 @@
-
-007: SECURITY FIX: August 25, 2006 All architectures
+007: SECURITY FIX: August 25, 2006
+ All architectures
It is possible to cause the kernel to panic when more than the default number of
sempahores have been allocated.
@@ -288,7 +304,8 @@
-
-006: SECURITY FIX: August 25, 2006 All architectures
+006: SECURITY FIX: August 25, 2006
+ All architectures
Due to an off-by-one error in
dhcpd(8),
it is possible to cause
@@ -301,7 +318,8 @@
-
-005: SECURITY FIX: August 25, 2006 All architectures
+005: SECURITY FIX: August 25, 2006
+ All architectures
A potential denial of service problem has been found in sendmail. A message
with really long header lines could trigger a use-after-free bug causing
sendmail to crash.
@@ -311,7 +329,8 @@
-
-004: SECURITY FIX: July 30, 2006 All architectures
+004: SECURITY FIX: July 30, 2006
+ All architectures
httpd(8)'s
mod_rewrite has a potentially exploitable off-by-one buffer overflow.
The buffer overflow may result in a vulnerability which, in combination
@@ -324,7 +343,8 @@
-
-003: SECURITY FIX: June 15, 2006 All architectures
+003: SECURITY FIX: June 15, 2006
+ All architectures
A potential denial of service problem has been found in sendmail. A malformed MIME
message could trigger excessive recursion which will lead to stack exhaustion.
This denial of service attack only affects delivery of mail from the queue and
@@ -337,7 +357,8 @@
-
-002: SECURITY FIX: May 2, 2006 All architectures
+002: SECURITY FIX: May 2, 2006
+ All architectures
A security vulnerability has been found in the X.Org server --
CVE-2006-1526.
Clients authorized to connect to the X server are able to crash it and to execute
@@ -348,7 +369,8 @@
-
-001: SECURITY FIX: March 25, 2006 All architectures
+001: SECURITY FIX: March 25, 2006
+ All architectures
A race condition has been reported to exist in the handling by sendmail of
asynchronous signals. A remote attacker may be able to execute arbitrary code with the
privileges of the user running sendmail, typically root. This is the second revision of