===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata43.html,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- www/errata43.html	2019/05/27 22:55:20	1.63
+++ www/errata43.html	2019/05/28 16:32:42	1.64
@@ -85,90 +85,79 @@
 
 <ul>
 
-<li id="p013_pf">
-<strong>013: RELIABILITY FIX: April 11, 2009</strong>
+<li id="p001_openssh">
+<strong>001: SECURITY FIX: March 30, 2008</strong>
 &nbsp; <i>All architectures</i><br>
-When pf attempts to perform translation on a specially crafted IP datagram,
-a null pointer dereference will occur, resulting in a kernel panic.
-In certain configurations this may be triggered by a remote attacker.
-<br>
-Restricting translation rules to protocols that are specific to the IP version
-in use, is an effective workaround until the patch can be installed. As an
-example, for IPv4 nat/binat/rdr rules you can use:
-<pre>
-    nat/rdr ... inet proto { tcp udp icmp } ...
-</pre>
-Or for IPv6 nat/binat/rdr rules you can use:
-<pre>
-    nat/rdr ... inet6 proto { tcp udp icmp6 } ...
-</pre>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch">
+sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) <em>ForceCommand</em>
+directive was in effect, allowing users with write access to this file to
+execute arbitrary commands. This behaviour was documented, but was an unsafe
+default and an extra hassle for administrators.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/001_openssh.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p012_openssl">
-<strong>012: RELIABILITY FIX: April 8, 2009</strong>
+<li id="p002_openssh2">
+<strong>002: SECURITY FIX: April 3, 2008</strong>
 &nbsp; <i>All architectures</i><br>
-The OpenSSL ASN.1 handling code could be forced to perform invalid memory
-accesses through the use of certain invalid strings
-(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590">CVE-2009-0590</a>)
-or under certain error conditions triggerable by invalid ASN.1 structures
-(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789">CVE-2009-0789</a>).
-These vulnerabilities could be exploited to achieve a
-denial-of-service. A more detailed description of these problems is available
-in the
-<a href="http://www.openssl.org/news/secadv_20090325.txt">OpenSSL security advisory</a>, but note that the other issue described there "Incorrect Error
-Checking During CMS verification" relates to code not enabled in OpenBSD.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/012_openssl.patch">
+Avoid possible hijacking of X11-forwarded connections with sshd(8)
+by refusing to listen on a port unless all address families bind
+successfully.<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/002_openssh2.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p011_sudo">
-<strong>011: SECURITY FIX: February 22, 2009</strong>
+<li id="p003_xorg">
+<strong>003: SECURITY FIX: July 15, 2008</strong>
 &nbsp; <i>All architectures</i><br>
-sudo(8) may allow a user listed in the sudoers file to run a command
-as a different user than their access rule specifies when a Unix
-group is used in the RunAs portion of the rule.  The bug only manifests
-when the user being granted privileges is also a member of the group
-in the RunAs portion of the rule.
+Multiple vulnerabilities have been discovered in X.Org.<br>
+RENDER Extension heap buffer overflow,
+RENDER Extension crash,
+RENDER Extension memory corruption,
+MIT-SHM arbitrary memory read,
+RECORD and Security extensions memory corruption.
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360">CVE-2008-2360</a>,
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361">CVE-2008-2361</a>,
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362">CVE-2008-2362</a>,
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379">CVE-2008-1379</a>,
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377">CVE-2008-1377</a>.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/011_sudo.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/003_xorg.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p010_bgpd">
-<strong>010: RELIABILITY FIX: February 18, 2009</strong>
+<li id="p004_bind">
+<strong>004: SECURITY FIX: July 23, 2008</strong>
 &nbsp; <i>All architectures</i><br>
-bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
-the process to terminate because of the resulting corrupt path.
+<b>2nd revision, July 23, 2008</b><br>
+A vulnerability has been found with BIND. An attacker could use this vulnerability
+to poison the cache of a recursive resolving name server.
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447">CVE-2008-1447</a>.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/010_bgpd.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/004_bind.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p009_bgpd">
-<strong>009: RELIABILITY FIX: January 30, 2009</strong>
+<li id="p005_pcb">
+<strong>005: RELIABILITY FIX: July 29, 2008</strong>
 &nbsp; <i>All architectures</i><br>
-Upon reception of an invalid update with 4-byte AS attributes, bgpd -
-adhering to the RFCs - closed the session to the neighbor.
-This error in the specification allowed 3rd parties to close remote BGP
-sessions.
-In the worst case Internet connectivity could be lost.
+Some kinds of IPv6 usage would leak kernel memory (in particular, this path
+was exercised by the named(8) patch for port randomization).  Since INET6 is
+enabled by default, this condition affects all systems.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/009_bgpd.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/005_pcb.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p008_bind">
-<strong>008: SECURITY FIX: January 14, 2009</strong>
+<li id="p006_ndp">
+<strong>006: SECURITY FIX: October 2, 2008</strong>
 &nbsp; <i>All architectures</i><br>
-named(8) did not correctly check the return value of a DSA verification
-function, potentially allowing bypass of verification of DNSSEC DSA
-signatures.
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025">CVE-2009-0025</a>.
+The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
+solicitation requests maybe allowing a nearby attacker to intercept traffic.
+The attacker must have IPv6 connectivity to the same router as their target for
+this vulnerability to be exploited.
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476">CVE-2008-2476</a>.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/008_bind.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/006_ndp.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
@@ -186,82 +175,94 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p006_ndp">
-<strong>006: SECURITY FIX: October 2, 2008</strong>
+<li id="p008_bind">
+<strong>008: SECURITY FIX: January 14, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
-solicitation requests maybe allowing a nearby attacker to intercept traffic.
-The attacker must have IPv6 connectivity to the same router as their target for
-this vulnerability to be exploited.
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476">CVE-2008-2476</a>.
+named(8) did not correctly check the return value of a DSA verification
+function, potentially allowing bypass of verification of DNSSEC DSA
+signatures.
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025">CVE-2009-0025</a>.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/006_ndp.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/008_bind.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p005_pcb">
-<strong>005: RELIABILITY FIX: July 29, 2008</strong>
+<li id="p009_bgpd">
+<strong>009: RELIABILITY FIX: January 30, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-Some kinds of IPv6 usage would leak kernel memory (in particular, this path
-was exercised by the named(8) patch for port randomization).  Since INET6 is
-enabled by default, this condition affects all systems.
+Upon reception of an invalid update with 4-byte AS attributes, bgpd -
+adhering to the RFCs - closed the session to the neighbor.
+This error in the specification allowed 3rd parties to close remote BGP
+sessions.
+In the worst case Internet connectivity could be lost.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/005_pcb.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/009_bgpd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p004_bind">
-<strong>004: SECURITY FIX: July 23, 2008</strong>
+<li id="p010_bgpd">
+<strong>010: RELIABILITY FIX: February 18, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-<b>2nd revision, July 23, 2008</b><br>
-A vulnerability has been found with BIND. An attacker could use this vulnerability
-to poison the cache of a recursive resolving name server.
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447">CVE-2008-1447</a>.
+bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
+the process to terminate because of the resulting corrupt path.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/004_bind.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/010_bgpd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p003_xorg">
-<strong>003: SECURITY FIX: July 15, 2008</strong>
+<li id="p011_sudo">
+<strong>011: SECURITY FIX: February 22, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-Multiple vulnerabilities have been discovered in X.Org.<br>
-RENDER Extension heap buffer overflow,
-RENDER Extension crash,
-RENDER Extension memory corruption,
-MIT-SHM arbitrary memory read,
-RECORD and Security extensions memory corruption.
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360">CVE-2008-2360</a>,
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361">CVE-2008-2361</a>,
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362">CVE-2008-2362</a>,
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379">CVE-2008-1379</a>,
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377">CVE-2008-1377</a>.
+sudo(8) may allow a user listed in the sudoers file to run a command
+as a different user than their access rule specifies when a Unix
+group is used in the RunAs portion of the rule.  The bug only manifests
+when the user being granted privileges is also a member of the group
+in the RunAs portion of the rule.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/003_xorg.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/011_sudo.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p002_openssh2">
-<strong>002: SECURITY FIX: April 3, 2008</strong>
+<li id="p012_openssl">
+<strong>012: RELIABILITY FIX: April 8, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-Avoid possible hijacking of X11-forwarded connections with sshd(8)
-by refusing to listen on a port unless all address families bind
-successfully.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/002_openssh2.patch">
+The OpenSSL ASN.1 handling code could be forced to perform invalid memory
+accesses through the use of certain invalid strings
+(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590">CVE-2009-0590</a>)
+or under certain error conditions triggerable by invalid ASN.1 structures
+(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789">CVE-2009-0789</a>).
+These vulnerabilities could be exploited to achieve a
+denial-of-service. A more detailed description of these problems is available
+in the
+<a href="http://www.openssl.org/news/secadv_20090325.txt">OpenSSL security advisory</a>, but note that the other issue described there "Incorrect Error
+Checking During CMS verification" relates to code not enabled in OpenBSD.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/012_openssl.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p001_openssh">
-<strong>001: SECURITY FIX: March 30, 2008</strong>
+<li id="p013_pf">
+<strong>013: RELIABILITY FIX: April 11, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) <em>ForceCommand</em>
-directive was in effect, allowing users with write access to this file to
-execute arbitrary commands. This behaviour was documented, but was an unsafe
-default and an extra hassle for administrators.<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/001_openssh.patch">
+When pf attempts to perform translation on a specially crafted IP datagram,
+a null pointer dereference will occur, resulting in a kernel panic.
+In certain configurations this may be triggered by a remote attacker.
+<br>
+Restricting translation rules to protocols that are specific to the IP version
+in use, is an effective workaround until the patch can be installed. As an
+example, for IPv4 nat/binat/rdr rules you can use:
+<pre>
+    nat/rdr ... inet proto { tcp udp icmp } ...
+</pre>
+Or for IPv6 nat/binat/rdr rules you can use:
+<pre>
+    nat/rdr ... inet6 proto { tcp udp icmp6 } ...
+</pre>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
 </ul>
 
 <hr>
+1
