===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata43.html,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- www/errata43.html 2019/05/27 22:55:20 1.63
+++ www/errata43.html 2019/05/28 16:32:42 1.64
@@ -85,90 +85,79 @@
--
-013: RELIABILITY FIX: April 11, 2009
+
-
+001: SECURITY FIX: March 30, 2008
All architectures
-When pf attempts to perform translation on a specially crafted IP datagram,
-a null pointer dereference will occur, resulting in a kernel panic.
-In certain configurations this may be triggered by a remote attacker.
-
-Restricting translation rules to protocols that are specific to the IP version
-in use, is an effective workaround until the patch can be installed. As an
-example, for IPv4 nat/binat/rdr rules you can use:
-
- nat/rdr ... inet proto { tcp udp icmp } ...
-
-Or for IPv6 nat/binat/rdr rules you can use:
-
- nat/rdr ... inet6 proto { tcp udp icmp6 } ...
-
-
+sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) ForceCommand
+directive was in effect, allowing users with write access to this file to
+execute arbitrary commands. This behaviour was documented, but was an unsafe
+default and an extra hassle for administrators.
+
A source code patch exists which remedies this problem.
-
-
-012: RELIABILITY FIX: April 8, 2009
+
-
+002: SECURITY FIX: April 3, 2008
All architectures
-The OpenSSL ASN.1 handling code could be forced to perform invalid memory
-accesses through the use of certain invalid strings
-(CVE-2009-0590)
-or under certain error conditions triggerable by invalid ASN.1 structures
-(CVE-2009-0789).
-These vulnerabilities could be exploited to achieve a
-denial-of-service. A more detailed description of these problems is available
-in the
-OpenSSL security advisory, but note that the other issue described there "Incorrect Error
-Checking During CMS verification" relates to code not enabled in OpenBSD.
-
-
+Avoid possible hijacking of X11-forwarded connections with sshd(8)
+by refusing to listen on a port unless all address families bind
+successfully.
+
A source code patch exists which remedies this problem.
-
-
-011: SECURITY FIX: February 22, 2009
+
-
+003: SECURITY FIX: July 15, 2008
All architectures
-sudo(8) may allow a user listed in the sudoers file to run a command
-as a different user than their access rule specifies when a Unix
-group is used in the RunAs portion of the rule. The bug only manifests
-when the user being granted privileges is also a member of the group
-in the RunAs portion of the rule.
+Multiple vulnerabilities have been discovered in X.Org.
+RENDER Extension heap buffer overflow,
+RENDER Extension crash,
+RENDER Extension memory corruption,
+MIT-SHM arbitrary memory read,
+RECORD and Security extensions memory corruption.
+CVE-2008-2360,
+CVE-2008-2361,
+CVE-2008-2362,
+CVE-2008-1379,
+CVE-2008-1377.
-
+
A source code patch exists which remedies this problem.
-
-
-010: RELIABILITY FIX: February 18, 2009
+
-
+004: SECURITY FIX: July 23, 2008
All architectures
-bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
-the process to terminate because of the resulting corrupt path.
+2nd revision, July 23, 2008
+A vulnerability has been found with BIND. An attacker could use this vulnerability
+to poison the cache of a recursive resolving name server.
+CVE-2008-1447.
-
+
A source code patch exists which remedies this problem.
-
-
-009: RELIABILITY FIX: January 30, 2009
+
-
+005: RELIABILITY FIX: July 29, 2008
All architectures
-Upon reception of an invalid update with 4-byte AS attributes, bgpd -
-adhering to the RFCs - closed the session to the neighbor.
-This error in the specification allowed 3rd parties to close remote BGP
-sessions.
-In the worst case Internet connectivity could be lost.
+Some kinds of IPv6 usage would leak kernel memory (in particular, this path
+was exercised by the named(8) patch for port randomization). Since INET6 is
+enabled by default, this condition affects all systems.
-
+
A source code patch exists which remedies this problem.
-
-
-008: SECURITY FIX: January 14, 2009
+
-
+006: SECURITY FIX: October 2, 2008
All architectures
-named(8) did not correctly check the return value of a DSA verification
-function, potentially allowing bypass of verification of DNSSEC DSA
-signatures.
-CVE-2009-0025.
+The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
+solicitation requests maybe allowing a nearby attacker to intercept traffic.
+The attacker must have IPv6 connectivity to the same router as their target for
+this vulnerability to be exploited.
+CVE-2008-2476.
-
+
A source code patch exists which remedies this problem.
@@ -186,82 +175,94 @@
A source code patch exists which remedies this problem.
-
-
-006: SECURITY FIX: October 2, 2008
+
-
+008: SECURITY FIX: January 14, 2009
All architectures
-The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
-solicitation requests maybe allowing a nearby attacker to intercept traffic.
-The attacker must have IPv6 connectivity to the same router as their target for
-this vulnerability to be exploited.
-CVE-2008-2476.
+named(8) did not correctly check the return value of a DSA verification
+function, potentially allowing bypass of verification of DNSSEC DSA
+signatures.
+CVE-2009-0025.
-
+
A source code patch exists which remedies this problem.
-
-
-005: RELIABILITY FIX: July 29, 2008
+
-
+009: RELIABILITY FIX: January 30, 2009
All architectures
-Some kinds of IPv6 usage would leak kernel memory (in particular, this path
-was exercised by the named(8) patch for port randomization). Since INET6 is
-enabled by default, this condition affects all systems.
+Upon reception of an invalid update with 4-byte AS attributes, bgpd -
+adhering to the RFCs - closed the session to the neighbor.
+This error in the specification allowed 3rd parties to close remote BGP
+sessions.
+In the worst case Internet connectivity could be lost.
-
+
A source code patch exists which remedies this problem.
-
-
-004: SECURITY FIX: July 23, 2008
+
-
+010: RELIABILITY FIX: February 18, 2009
All architectures
-2nd revision, July 23, 2008
-A vulnerability has been found with BIND. An attacker could use this vulnerability
-to poison the cache of a recursive resolving name server.
-CVE-2008-1447.
+bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
+the process to terminate because of the resulting corrupt path.
-
+
A source code patch exists which remedies this problem.
-
-
-003: SECURITY FIX: July 15, 2008
+
-
+011: SECURITY FIX: February 22, 2009
All architectures
-Multiple vulnerabilities have been discovered in X.Org.
-RENDER Extension heap buffer overflow,
-RENDER Extension crash,
-RENDER Extension memory corruption,
-MIT-SHM arbitrary memory read,
-RECORD and Security extensions memory corruption.
-CVE-2008-2360,
-CVE-2008-2361,
-CVE-2008-2362,
-CVE-2008-1379,
-CVE-2008-1377.
+sudo(8) may allow a user listed in the sudoers file to run a command
+as a different user than their access rule specifies when a Unix
+group is used in the RunAs portion of the rule. The bug only manifests
+when the user being granted privileges is also a member of the group
+in the RunAs portion of the rule.
-
+
A source code patch exists which remedies this problem.
-
-
-002: SECURITY FIX: April 3, 2008
+
-
+012: RELIABILITY FIX: April 8, 2009
All architectures
-Avoid possible hijacking of X11-forwarded connections with sshd(8)
-by refusing to listen on a port unless all address families bind
-successfully.
-
+The OpenSSL ASN.1 handling code could be forced to perform invalid memory
+accesses through the use of certain invalid strings
+(CVE-2009-0590)
+or under certain error conditions triggerable by invalid ASN.1 structures
+(CVE-2009-0789).
+These vulnerabilities could be exploited to achieve a
+denial-of-service. A more detailed description of these problems is available
+in the
+OpenSSL security advisory, but note that the other issue described there "Incorrect Error
+Checking During CMS verification" relates to code not enabled in OpenBSD.
+
+
A source code patch exists which remedies this problem.
-
-
-001: SECURITY FIX: March 30, 2008
+
-
+013: RELIABILITY FIX: April 11, 2009
All architectures
-sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) ForceCommand
-directive was in effect, allowing users with write access to this file to
-execute arbitrary commands. This behaviour was documented, but was an unsafe
-default and an extra hassle for administrators.
-
+When pf attempts to perform translation on a specially crafted IP datagram,
+a null pointer dereference will occur, resulting in a kernel panic.
+In certain configurations this may be triggered by a remote attacker.
+
+Restricting translation rules to protocols that are specific to the IP version
+in use, is an effective workaround until the patch can be installed. As an
+example, for IPv4 nat/binat/rdr rules you can use:
+
+ nat/rdr ... inet proto { tcp udp icmp } ...
+
+Or for IPv6 nat/binat/rdr rules you can use:
+
+ nat/rdr ... inet6 proto { tcp udp icmp6 } ...
+
+
A source code patch exists which remedies this problem.
+1