www/errata43.html - diff

Return to errata43.html CVS log

Up to [local] / www

Diff for /www/errata43.html between version 1.62 and 1.63

version 1.62, 2019/04/02 12:46:57

version 1.63, 2019/05/27 22:55:20

Line 1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<!doctype html>

<html>

<head>

<title>OpenBSD 4.3 Errata</title>

</head>

<!--

IMPORTANT REMINDER

IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE

-->

<h2>

OpenBSD</a>

OpenBSD</a>

4.3 Errata

4.3 Errata

</h2>

<hr>

Line 88

Line 86

<ul>

013: RELIABILITY FIX: April 11, 2009

013: RELIABILITY FIX: April 11, 2009

All architectures

When pf attempts to perform translation on a specially crafted IP datagram,

a null pointer dereference will occur, resulting in a kernel panic.

Line 109

Line 107

012: RELIABILITY FIX: April 8, 2009

012: RELIABILITY FIX: April 8, 2009

All architectures

The OpenSSL ASN.1 handling code could be forced to perform invalid memory

accesses through the use of certain invalid strings

Line 127

Line 125

011: SECURITY FIX: February 22, 2009

011: SECURITY FIX: February 22, 2009

All architectures

sudo(8) may allow a user listed in the sudoers file to run a command

as a different user than their access rule specifies when a Unix

Line 140

Line 138

010: RELIABILITY FIX: February 18, 2009

010: RELIABILITY FIX: February 18, 2009

All architectures

bgpd(8) did not correctly prepend its own AS to very long AS paths, causing

the process to terminate because of the resulting corrupt path.

Line 150

Line 148

009: RELIABILITY FIX: January 30, 2009

009: RELIABILITY FIX: January 30, 2009

All architectures

Upon reception of an invalid update with 4-byte AS attributes, bgpd -

adhering to the RFCs - closed the session to the neighbor.

Line 163

Line 161

008: SECURITY FIX: January 14, 2009

008: SECURITY FIX: January 14, 2009

All architectures

named(8) did not correctly check the return value of a DSA verification

function, potentially allowing bypass of verification of DNSSEC DSA

Line 175

Line 173

007: SECURITY FIX: January 9, 2009

007: SECURITY FIX: January 9, 2009

All architectures

The OpenSSL libraries did not correctly check the return value from

certain verification functions, allowing validation to be bypassed and

Line 189

Line 187

006: SECURITY FIX: October 2, 2008

006: SECURITY FIX: October 2, 2008

All architectures

The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor

solicitation requests maybe allowing a nearby attacker to intercept traffic.

Line 202

Line 200

005: RELIABILITY FIX: July 29, 2008

005: RELIABILITY FIX: July 29, 2008

All architectures

Some kinds of IPv6 usage would leak kernel memory (in particular, this path

was exercised by the named(8) patch for port randomization). Since INET6 is

Line 213

Line 211

004: SECURITY FIX: July 23, 2008

004: SECURITY FIX: July 23, 2008

All architectures

2nd revision, July 23, 2008

2nd revision, July 23, 2008

A vulnerability has been found with BIND. An attacker could use this vulnerability

to poison the cache of a recursive resolving name server.

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447">CVE-2008-1447</a>.

Line 225

Line 223

003: SECURITY FIX: July 15, 2008

003: SECURITY FIX: July 15, 2008

All architectures

Multiple vulnerabilities have been discovered in X.Org.

RENDER Extension heap buffer overflow,

Line 244

Line 242

002: SECURITY FIX: April 3, 2008

002: SECURITY FIX: April 3, 2008

All architectures

Avoid possible hijacking of X11-forwarded connections with sshd(8)

by refusing to listen on a port unless all address families bind

Line 254

Line 252

001: SECURITY FIX: March 30, 2008

001: SECURITY FIX: March 30, 2008

All architectures

sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) ForceCommand

directive was in effect, allowing users with write access to this file to

Line 267

Line 265

</ul>

<hr>

</body>

</html>