===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata43.html,v
retrieving revision 1.63
retrieving revision 1.64
diff -c -r1.63 -r1.64
*** www/errata43.html 2019/05/27 22:55:20 1.63
--- www/errata43.html 2019/05/28 16:32:42 1.64
***************
*** 85,174 ****
! -
! 013: RELIABILITY FIX: April 11, 2009
All architectures
! When pf attempts to perform translation on a specially crafted IP datagram,
! a null pointer dereference will occur, resulting in a kernel panic.
! In certain configurations this may be triggered by a remote attacker.
!
! Restricting translation rules to protocols that are specific to the IP version
! in use, is an effective workaround until the patch can be installed. As an
! example, for IPv4 nat/binat/rdr rules you can use:
!
! nat/rdr ... inet proto { tcp udp icmp } ...
!
! Or for IPv6 nat/binat/rdr rules you can use:
!
! nat/rdr ... inet6 proto { tcp udp icmp6 } ...
!
!
A source code patch exists which remedies this problem.
!
-
! 012: RELIABILITY FIX: April 8, 2009
All architectures
! The OpenSSL ASN.1 handling code could be forced to perform invalid memory
! accesses through the use of certain invalid strings
! (CVE-2009-0590)
! or under certain error conditions triggerable by invalid ASN.1 structures
! (CVE-2009-0789).
! These vulnerabilities could be exploited to achieve a
! denial-of-service. A more detailed description of these problems is available
! in the
! OpenSSL security advisory, but note that the other issue described there "Incorrect Error
! Checking During CMS verification" relates to code not enabled in OpenBSD.
!
!
A source code patch exists which remedies this problem.
!
-
! 011: SECURITY FIX: February 22, 2009
All architectures
! sudo(8) may allow a user listed in the sudoers file to run a command
! as a different user than their access rule specifies when a Unix
! group is used in the RunAs portion of the rule. The bug only manifests
! when the user being granted privileges is also a member of the group
! in the RunAs portion of the rule.
!
A source code patch exists which remedies this problem.
!
-
! 010: RELIABILITY FIX: February 18, 2009
All architectures
! bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
! the process to terminate because of the resulting corrupt path.
!
A source code patch exists which remedies this problem.
!
-
! 009: RELIABILITY FIX: January 30, 2009
All architectures
! Upon reception of an invalid update with 4-byte AS attributes, bgpd -
! adhering to the RFCs - closed the session to the neighbor.
! This error in the specification allowed 3rd parties to close remote BGP
! sessions.
! In the worst case Internet connectivity could be lost.
!
A source code patch exists which remedies this problem.
!
-
! 008: SECURITY FIX: January 14, 2009
All architectures
! named(8) did not correctly check the return value of a DSA verification
! function, potentially allowing bypass of verification of DNSSEC DSA
! signatures.
! CVE-2009-0025.
!
A source code patch exists which remedies this problem.
--- 85,163 ----
--- 175,268 ----
A source code patch exists which remedies this problem.
!
-
! 008: SECURITY FIX: January 14, 2009
All architectures
! named(8) did not correctly check the return value of a DSA verification
! function, potentially allowing bypass of verification of DNSSEC DSA
! signatures.
! CVE-2009-0025.
!
A source code patch exists which remedies this problem.
!
-
! 009: RELIABILITY FIX: January 30, 2009
All architectures
! Upon reception of an invalid update with 4-byte AS attributes, bgpd -
! adhering to the RFCs - closed the session to the neighbor.
! This error in the specification allowed 3rd parties to close remote BGP
! sessions.
! In the worst case Internet connectivity could be lost.
!
A source code patch exists which remedies this problem.
!
-
! 010: RELIABILITY FIX: February 18, 2009
All architectures
! bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
! the process to terminate because of the resulting corrupt path.
!
A source code patch exists which remedies this problem.
!
-
! 011: SECURITY FIX: February 22, 2009
All architectures
! sudo(8) may allow a user listed in the sudoers file to run a command
! as a different user than their access rule specifies when a Unix
! group is used in the RunAs portion of the rule. The bug only manifests
! when the user being granted privileges is also a member of the group
! in the RunAs portion of the rule.
!
A source code patch exists which remedies this problem.
!
-
! 012: RELIABILITY FIX: April 8, 2009
All architectures
! The OpenSSL ASN.1 handling code could be forced to perform invalid memory
! accesses through the use of certain invalid strings
! (CVE-2009-0590)
! or under certain error conditions triggerable by invalid ASN.1 structures
! (CVE-2009-0789).
! These vulnerabilities could be exploited to achieve a
! denial-of-service. A more detailed description of these problems is available
! in the
! OpenSSL security advisory, but note that the other issue described there "Incorrect Error
! Checking During CMS verification" relates to code not enabled in OpenBSD.
!
!
A source code patch exists which remedies this problem.
!
-
! 013: RELIABILITY FIX: April 11, 2009
All architectures
! When pf attempts to perform translation on a specially crafted IP datagram,
! a null pointer dereference will occur, resulting in a kernel panic.
! In certain configurations this may be triggered by a remote attacker.
!
! Restricting translation rules to protocols that are specific to the IP version
! in use, is an effective workaround until the patch can be installed. As an
! example, for IPv4 nat/binat/rdr rules you can use:
!
! nat/rdr ... inet proto { tcp udp icmp } ...
!
! Or for IPv6 nat/binat/rdr rules you can use:
!
! nat/rdr ... inet6 proto { tcp udp icmp6 } ...
!
!
A source code patch exists which remedies this problem.
+ 1