===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata41.html,v
retrieving revision 1.63
retrieving revision 1.64
diff -c -r1.63 -r1.64
*** www/errata41.html 2019/05/27 22:55:20 1.63
--- www/errata41.html 2019/05/28 16:32:42 1.64
***************
*** 85,174 ****
! -
! 016: SECURITY FIX: April 3, 2008
All architectures
! Avoid possible hijacking of X11-forwarded connections with sshd(8)
! by refusing to listen on a port unless all address families bind
! successfully.
!
A source code patch exists which remedies this problem.
!
-
! 015: SECURITY FIX: March 30, 2008
All architectures
! sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) ForceCommand
! directive was in effect, allowing users with write access to this file to
! execute arbitrary commands. This behaviour was documented, but was an unsafe
! default and an extra hassle for administrators.
!
A source code patch exists which remedies this problem.
!
-
! 014: SECURITY FIX: March 7, 2008
All architectures
! Buffer overflow in ppp command prompt parsing.
!
A source code patch exists which remedies this problem.
!
-
! 013: RELIABILITY FIX: February 22, 2008
All architectures
- Incorrect assumptions in tcp_respond can lead to a kernel panic.
-
- A source code patch exists which remedies this problem.
-
-
-
-
- 012: SECURITY FIX: February 8, 2008
- All architectures
- 2nd revision, February 10, 2008
Multiple vulnerabilities have been discovered in X.Org.
! XFree86 Misc extension out of bounds array index,
! File existence disclosure,
! Xinput extension memory corruption,
! TOG-cup extension memory corruption,
! MIT-SHM and EVI extensions integer overflows,
! PCF Font parser buffer overflow.
! CVE-2007-5760,
! CVE-2007-5958,
! CVE-2007-6427,
! CVE-2007-6428,
! CVE-2007-6429,
! CVE-2008-0006.
!
A source code patch exists which remedies this problem.
!
-
! 011: SECURITY FIX: October 10, 2007
All architectures
! The SSL_get_shared_ciphers() function in OpenSSL contains an off-by-one overflow.
!
!
A source code patch exists which remedies this problem.
!
-
! 010: SECURITY FIX: October 8, 2007
! All architectures
! Malicious DHCP clients could cause dhcpd(8) to corrupt its stack
! A DHCP client that claimed to require a maximum message size less than
! the minimum IP MTU could cause dhcpd(8) to overwrite stack memory.
!
!
A source code patch exists which remedies this problem.
!
-
! 009: SECURITY FIX: July 9, 2007
! All Architectures
! Fix possible heap overflow in file(1), aka CVE-2007-1536.
!
A source code patch exists which remedies this problem.
--- 85,162 ----
! -
! 001: SECURITY FIX: April 27, 2007
All architectures
! Incorrect mbuf handling for ICMP6 packets.
! Using
! pf(4)
! to avoid the problem packets is an effective workaround until the patch
! can be installed.
! Use "block in inet6" in /etc/pf.conf
!
!
A source code patch exists which remedies this problem.
!
-
! 002: STABILITY FIX: April 27, 2007
All architectures
! Incorrect spl level can lead to panics under heavy kqueue usage.
!
A source code patch exists which remedies this problem.
!
-
! 003: RELIABILITY FIX: April 27, 2007
All architectures
! Bugs found in the spamd sychronization mechanism could cause corrupted
! databases.
!
A source code patch exists which remedies this problem.
!
-
! 004: SECURITY FIX: April 27, 2007
All architectures
Multiple vulnerabilities have been discovered in X.Org.
! XC-MISC extension ProcXCMiscGetXIDList memory corruption vulnerability,
! BDFFont parsing integer overflow vulnerability,
! fonts.dir file parsing integer overflow vulnerability,
! multiple integer overflows in the XGetPixel() and XInitImage functions
! in ImUtil.c.
! CVE-2007-1003,
! CVE-2007-1351,
! CVE-2007-1352,
! CVE-2007-1667.
!
A source code patch exists which remedies this problem.
!
-
! 005: SECURITY FIX: April 27, 2007
All architectures
! IPv6 type 0 route headers can be used to mount a DoS attack against
! hosts and networks. This is a design flaw in IPv6 and not a bug in
! OpenBSD.
!
A source code patch exists which remedies this problem.
!
-
! 006: STABILITY FIX: April 27, 2007
! PowerPC
! An unhandled AltiVec assist exception can cause a kernel panic.
!
A source code patch exists which remedies this problem.
!
-
! 007: RELIABILITY FIX: April 30, 2007
! All architectures
! Link state is not correctly tracked in ospfd and ripd.
!
A source code patch exists which remedies this problem.
***************
*** 180,257 ****
A source code patch exists which remedies this problem.
!
-
! 007: RELIABILITY FIX: April 30, 2007
! All architectures
! Link state is not correctly tracked in ospfd and ripd.
!
A source code patch exists which remedies this problem.
!
-
! 006: STABILITY FIX: April 27, 2007
! PowerPC
! An unhandled AltiVec assist exception can cause a kernel panic.
!
A source code patch exists which remedies this problem.
!
-
! 005: SECURITY FIX: April 27, 2007
All architectures
! IPv6 type 0 route headers can be used to mount a DoS attack against
! hosts and networks. This is a design flaw in IPv6 and not a bug in
! OpenBSD.
!
A source code patch exists which remedies this problem.
!
-
! 004: SECURITY FIX: April 27, 2007
All architectures
Multiple vulnerabilities have been discovered in X.Org.
! XC-MISC extension ProcXCMiscGetXIDList memory corruption vulnerability,
! BDFFont parsing integer overflow vulnerability,
! fonts.dir file parsing integer overflow vulnerability,
! multiple integer overflows in the XGetPixel() and XInitImage functions
! in ImUtil.c.
! CVE-2007-1003,
! CVE-2007-1351,
! CVE-2007-1352,
! CVE-2007-1667.
!
A source code patch exists which remedies this problem.
!
-
! 003: RELIABILITY FIX: April 27, 2007
All architectures
! Bugs found in the spamd sychronization mechanism could cause corrupted
! databases.
!
A source code patch exists which remedies this problem.
!
-
! 002: STABILITY FIX: April 27, 2007
All architectures
! Incorrect spl level can lead to panics under heavy kqueue usage.
!
A source code patch exists which remedies this problem.
!
-
! 001: SECURITY FIX: April 27, 2007
All architectures
! Incorrect mbuf handling for ICMP6 packets.
! Using
! pf(4)
! to avoid the problem packets is an effective workaround until the patch
! can be installed.
! Use "block in inet6" in /etc/pf.conf
!
!
A source code patch exists which remedies this problem.
--- 168,257 ----
A source code patch exists which remedies this problem.
!
-
! 009: SECURITY FIX: July 9, 2007
! All Architectures
! Fix possible heap overflow in file(1), aka CVE-2007-1536.
!
A source code patch exists which remedies this problem.
!
-
! 010: SECURITY FIX: October 8, 2007
! All architectures
! Malicious DHCP clients could cause dhcpd(8) to corrupt its stack
! A DHCP client that claimed to require a maximum message size less than
! the minimum IP MTU could cause dhcpd(8) to overwrite stack memory.
!
!
A source code patch exists which remedies this problem.
!
-
! 011: SECURITY FIX: October 10, 2007
All architectures
! The SSL_get_shared_ciphers() function in OpenSSL contains an off-by-one overflow.
!
!
A source code patch exists which remedies this problem.
!
-
! 012: SECURITY FIX: February 8, 2008
All architectures
+ 2nd revision, February 10, 2008
Multiple vulnerabilities have been discovered in X.Org.
! XFree86 Misc extension out of bounds array index,
! File existence disclosure,
! Xinput extension memory corruption,
! TOG-cup extension memory corruption,
! MIT-SHM and EVI extensions integer overflows,
! PCF Font parser buffer overflow.
! CVE-2007-5760,
! CVE-2007-5958,
! CVE-2007-6427,
! CVE-2007-6428,
! CVE-2007-6429,
! CVE-2008-0006.
!
A source code patch exists which remedies this problem.
!
-
! 013: RELIABILITY FIX: February 22, 2008
All architectures
! Incorrect assumptions in tcp_respond can lead to a kernel panic.
!
A source code patch exists which remedies this problem.
!
-
! 014: SECURITY FIX: March 7, 2008
All architectures
! Buffer overflow in ppp command prompt parsing.
!
A source code patch exists which remedies this problem.
!
-
! 015: SECURITY FIX: March 30, 2008
All architectures
! sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) ForceCommand
! directive was in effect, allowing users with write access to this file to
! execute arbitrary commands. This behaviour was documented, but was an unsafe
! default and an extra hassle for administrators.
!
! A source code patch exists which remedies this problem.
!
!
!
-
! 016: SECURITY FIX: April 3, 2008
! All architectures
! Avoid possible hijacking of X11-forwarded connections with sshd(8)
! by refusing to listen on a port unless all address families bind
! successfully.
!
A source code patch exists which remedies this problem.