===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata40.html,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- www/errata40.html 2016/03/21 05:46:20 1.52
+++ www/errata40.html 2016/03/22 10:54:42 1.53
@@ -162,7 +162,7 @@
2nd revision, March 17, 2007
Incorrect mbuf handling for ICMP6 packets.
Using
-pf(4)
+pf(4)
to avoid the problem packets is an effective workaround until the patch
can be installed.
Use "block in inet6" in /etc/pf.conf
@@ -194,7 +194,7 @@
007: SECURITY FIX: January 3, 2007
i386 only
Insufficient validation in
-vga(4)
+vga(4)
may allow an attacker to gain root privileges if the kernel is compiled with
option PCIAGP
and the actual device is not an AGP device.
@@ -225,7 +225,7 @@
005: SECURITY FIX: November 19, 2006
All architectures
The ELF
-ld.so(1)
+ld.so(1)
fails to properly sanitize the environment. There is a potential localhost security
problem in cases we have not found yet. This patch applies to all ELF-based
systems (m68k, m88k, and vax are a.out-based systems).
@@ -238,7 +238,7 @@
004: RELIABILITY FIX: November 7, 2006
All architectures
Due to a bug in the
-arc(4)
+arc(4)
RAID driver the driver will not properly synchronize the cache to the logical volumes
upon system shut down. The result being that the mounted file systems within the logical
volumes will not be properly marked as being clean and fsck will be run for the subsequent
@@ -252,7 +252,7 @@
003: SECURITY FIX: November 4, 2006
All architectures
Fix for an integer overflow in
-systrace(4)'s
+systrace(4)'s
STRIOCREPLACE support, found by
Chris Evans. This could be exploited for DoS, limited kmem reads or local
privilege escalation.
@@ -283,7 +283,7 @@
001: SECURITY FIX: November 4, 2006
All architectures
-httpd(8)
+httpd(8)
does not sanitize the Expect header from an HTTP request when it is
reflected back in an error message, which might allow cross-site scripting (XSS)
style attacks.