www/errata42.html - diff - 1.31

Return to errata42.html CVS log

Up to [local] / www

Diff for /www/errata42.html between version 1.30 and 1.31

version 1.30, 2010/03/08 21:53:37

version 1.31, 2010/07/08 19:00:07

Line 54

Line 54

<br>

<br>

<hr>

<hr>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2.tar.gz">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2.tar.gz">

You can also fetch a tar.gz file containing all the following patches</a>.

You can also fetch a tar.gz file containing all the following patches</a>.

This file is updated once a day.

This file is updated once a day.

Line 96

Line 96

this vulnerability to be exploited.

this vulnerability to be exploited.

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476">CVE-2008-2476</a>.

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476">CVE-2008-2476</a>.

<br>

<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/015_ndp.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/015_ndp.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>

Line 106

Line 106

was exercised by the named(8) patch for port randomization). Since INET6 is

was exercised by the named(8) patch for port randomization). Since INET6 is

enabled by default, this condition affects all systems.

enabled by default, this condition affects all systems.

<br>

<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/014_pcb.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/014_pcb.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>

Line 117

Line 117

to poison the cache of a recursive resolving name server.

to poison the cache of a recursive resolving name server.

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447">CVE-2008-1447</a>.

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447">CVE-2008-1447</a>.

<br>

<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/013_bind.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/013_bind.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>

Line 135

Line 135

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379">CVE-2008-1379</a>,

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379">CVE-2008-1379</a>,

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377">CVE-2008-1377</a>.

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377">CVE-2008-1377</a>.

<br>

<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/012_xorg2.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/012_xorg2.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>

Line 144

Line 144

Avoid possible hijacking of X11-forwarded connections with sshd(8)

Avoid possible hijacking of X11-forwarded connections with sshd(8)

by refusing to listen on a port unless all address families bind

by refusing to listen on a port unless all address families bind

successfully.<br>

successfully.<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/011_openssh2.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/011_openssh2.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>

Line 154

Line 154

directive was in effect, allowing users with write access to this file to

directive was in effect, allowing users with write access to this file to

execute arbitrary commands. This behaviour was documented, but was an unsafe

execute arbitrary commands. This behaviour was documented, but was an unsafe

default and an extra hassle for administrators.<br>

default and an extra hassle for administrators.<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/010_openssh.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/010_openssh.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>

<li><a name="009_ppp"></a>

<li><a name="009_ppp"></a>

<font color="#009000"><strong>009: SECURITY FIX: March 7, 2008</strong></font>   <i>All architectures</i><br>

<font color="#009000"><strong>009: SECURITY FIX: March 7, 2008</strong></font>   <i>All architectures</i><br>

Buffer overflow in ppp command prompt parsing.<br>

Buffer overflow in ppp command prompt parsing.<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/009_ppp.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/009_ppp.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>

<li><a name="008_ip6rthdr"></a>

<li><a name="008_ip6rthdr"></a>

<font color="#009000"><strong>008: RELIABILITY FIX: February 25, 2008</strong></font>   <i>All architectures</i><br>

<font color="#009000"><strong>008: RELIABILITY FIX: February 25, 2008</strong></font>   <i>All architectures</i><br>

Malformed IPv6 routing headers can cause a kernel panic.<br>

Malformed IPv6 routing headers can cause a kernel panic.<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/008_ip6rthdr.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/008_ip6rthdr.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>

<li><a name="007_tcprespond"></a>

<li><a name="007_tcprespond"></a>

<font color="#009000"><strong>007: RELIABILITY FIX: February 22, 2008</strong></font>   <i>All architectures</i><br>

<font color="#009000"><strong>007: RELIABILITY FIX: February 22, 2008</strong></font>   <i>All architectures</i><br>

Incorrect assumptions in tcp_respond can lead to a kernel panic.<br>

Incorrect assumptions in tcp_respond can lead to a kernel panic.<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/007_tcprespond.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/007_tcprespond.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>

Line 196

Line 196

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429">CVE-2007-6429</a>,

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429">CVE-2007-6429</a>,

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006">CVE-2008-0006</a>.

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006">CVE-2008-0006</a>.

<br>

<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/006_xorg.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/006_xorg.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>

<li><a name="005_ifrtlabel"></a>

<li><a name="005_ifrtlabel"></a>

<font color="#009000"><strong>005: RELIABILITY FIX: January 11, 2008</strong></font>   <i>All architectures</i><br>

<font color="#009000"><strong>005: RELIABILITY FIX: January 11, 2008</strong></font>   <i>All architectures</i><br>

A missing NULL pointer check can lead to a kernel panic.<br>

A missing NULL pointer check can lead to a kernel panic.<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/005_ifrtlabel.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/005_ifrtlabel.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>

<li><a name="004_pf"></a>

<li><a name="004_pf"></a>

<font color="#009000"><strong>004: RELIABILITY FIX: November 27, 2007</strong></font>   <i>All architectures</i><br>

<font color="#009000"><strong>004: RELIABILITY FIX: November 27, 2007</strong></font>   <i>All architectures</i><br>

A memory leak in pf can lead to machine lockups.<br>

A memory leak in pf can lead to machine lockups.<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/004_pf.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/004_pf.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>

Line 237

Line 237

<li><a name="002_openssl"></a>

<li><a name="002_openssl"></a>

<font color="#009000"><strong>002: SECURITY FIX: October 10, 2007</strong></font>   <i>All architectures</i><br>

<font color="#009000"><strong>002: SECURITY FIX: October 10, 2007</strong></font>   <i>All architectures</i><br>

The SSL_get_shared_ciphers() function in OpenSSL contains an off-by-one overflow.<br>

The SSL_get_shared_ciphers() function in OpenSSL contains an off-by-one overflow.<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/002_openssl.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/002_openssl.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>

Line 247

Line 247

A DHCP client that claimed to require a maximum message size less than

A DHCP client that claimed to require a maximum message size less than

the minimum IP MTU could cause dhcpd(8) to overwrite stack memory.

the minimum IP MTU could cause dhcpd(8) to overwrite stack memory.

<br>

<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/001_dhcpd.patch">

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/001_dhcpd.patch">

A source code patch exists which remedies this problem</a>.<br>

A source code patch exists which remedies this problem</a>.<br>

<p>

<p>