===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata42.html,v
retrieving revision 1.66
retrieving revision 1.67
diff -c -r1.66 -r1.67
*** www/errata42.html 2019/05/27 22:55:20 1.66
--- www/errata42.html 2019/05/28 16:32:42 1.67
***************
*** 85,190 ****
! -
! 015: SECURITY FIX: October 2, 2008
All architectures
! The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
! solicitation requests maybe allowing a nearby attacker to intercept traffic.
! The attacker must have IPv6 connectivity to the same router as their target for
! this vulnerability to be exploited.
! CVE-2008-2476.
!
A source code patch exists which remedies this problem.
!
!
-
! 014: RELIABILITY FIX: July 29, 2008
All architectures
! Some kinds of IPv6 usage would leak kernel memory (in particular, this path
! was exercised by the named(8) patch for port randomization). Since INET6 is
! enabled by default, this condition affects all systems.
!
!
A source code patch exists which remedies this problem.
!
-
! 013: SECURITY FIX: July 23, 2008
! All architectures
! 2nd revision, July 23, 2008
! A vulnerability has been found with BIND. An attacker could use this vulnerability
! to poison the cache of a recursive resolving name server.
! CVE-2008-1447.
-
- A source code patch exists which remedies this problem.
-
!
-
! 012: SECURITY FIX: July 15, 2008
! All architectures
! Multiple vulnerabilities have been discovered in X.Org.
! RENDER Extension heap buffer overflow,
! RENDER Extension crash,
! RENDER Extension memory corruption,
! MIT-SHM arbitrary memory read,
! RECORD and Security extensions memory corruption.
! CVE-2008-2360,
! CVE-2008-2361,
! CVE-2008-2362,
! CVE-2008-1379,
! CVE-2008-1377.
!
!
! A source code patch exists which remedies this problem.
!
-
! 011: SECURITY FIX: April 3, 2008
All architectures
! Avoid possible hijacking of X11-forwarded connections with sshd(8)
! by refusing to listen on a port unless all address families bind
! successfully.
!
A source code patch exists which remedies this problem.
!
-
! 010: SECURITY FIX: March 30, 2008
All architectures
! sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) ForceCommand
! directive was in effect, allowing users with write access to this file to
! execute arbitrary commands. This behaviour was documented, but was an unsafe
! default and an extra hassle for administrators.
!
A source code patch exists which remedies this problem.
-
-
- 009: SECURITY FIX: March 7, 2008
- All architectures
- Buffer overflow in ppp command prompt parsing.
-
- A source code patch exists which remedies this problem.
-
-
-
-
- 008: RELIABILITY FIX: February 25, 2008
- All architectures
- Malformed IPv6 routing headers can cause a kernel panic.
-
- A source code patch exists which remedies this problem.
-
-
-
-
- 007: RELIABILITY FIX: February 22, 2008
- All architectures
- Incorrect assumptions in tcp_respond can lead to a kernel panic.
-
- A source code patch exists which remedies this problem.
-
-
-
006: SECURITY FIX: February 8, 2008
All architectures
--- 85,144 ----