===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata44.html,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- www/errata44.html 2014/03/31 03:12:47 1.39
+++ www/errata44.html 2014/03/31 16:02:48 1.40
@@ -77,7 +77,8 @@
-
-016: RELIABILITY FIX: October 28, 2009 All architectures
+016: RELIABILITY FIX: October 28, 2009
+ All architectures
getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
IP_IPCOMP_LEVEL will crash the system.
@@ -86,7 +87,8 @@
-
-015: RELIABILITY FIX: October 05, 2009 i386 only
+015: RELIABILITY FIX: October 05, 2009
+ i386 only
XMM exceptions are not correctly handled resulting in a kernel panic.
@@ -94,7 +96,8 @@
-
-014: RELIABILITY FIX: July 29, 2009 All architectures
+014: RELIABILITY FIX: July 29, 2009
+ All architectures
A vulnerability has been found in BIND's named server
(CVE-2009-0696).
An attacker could crash a server with a specially crafted dynamic update message to a
@@ -105,7 +108,8 @@
-
-013: RELIABILITY FIX: April 11, 2009 All architectures
+013: RELIABILITY FIX: April 11, 2009
+ All architectures
When pf attempts to perform translation on a specially crafted IP datagram,
a null pointer dereference will occur, resulting in a kernel panic.
In certain configurations this may be triggered by a remote attacker.
@@ -125,7 +129,8 @@
-
-012: RELIABILITY FIX: April 8, 2009 All architectures
+012: RELIABILITY FIX: April 8, 2009
+ All architectures
The OpenSSL ASN.1 handling code could be forced to perform invalid memory
accesses through the use of certain invalid strings
(CVE-2009-0590)
@@ -142,7 +147,8 @@
-
-011: SECURITY FIX: February 22, 2009 All architectures
+011: SECURITY FIX: February 22, 2009
+ All architectures
sudo(8) may allow a user listed in the sudoers file to run a command
as a different user than their access rule specifies when a Unix
group is used in the RunAs portion of the rule. The bug only manifests
@@ -154,7 +160,8 @@
-
-010: RELIABILITY FIX: February 18, 2009 All architectures
+010: RELIABILITY FIX: February 18, 2009
+ All architectures
bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
the process to terminate because of the resulting corrupt path.
@@ -163,7 +170,8 @@
-
-009: RELIABILITY FIX: January 30, 2009 All architectures
+009: RELIABILITY FIX: January 30, 2009
+ All architectures
Upon reception of an invalid update with 4-byte AS attributes, bgpd -
adhering to the RFCs - closed the session to the neighbor.
This error in the specification allowed 3rd parties to close remote BGP
@@ -175,7 +183,8 @@
-
-008: SECURITY FIX: January 14, 2009 All architectures
+008: SECURITY FIX: January 14, 2009
+ All architectures
named(8) did not correctly check the return value of a DSA verification
function, potentially allowing bypass of verification of DNSSEC DSA
signatures.
@@ -186,7 +195,8 @@
-
-007: SECURITY FIX: January 9, 2009 All architectures
+007: SECURITY FIX: January 9, 2009
+ All architectures
The OpenSSL libraries did not correctly check the return value from
certain verification functions, allowing validation to be bypassed and
permitting a remote attacker to conduct a "man in the middle attack"
@@ -199,7 +209,8 @@
-
-006: RELIABILITY FIX: November 19, 2008 All architectures
+006: RELIABILITY FIX: November 19, 2008
+ All architectures
Due to changes in the options handling this caused problems with some
DHCP clients such as Solaris/OpenSolaris and some embedded routers not
accepting DHCP offers.
@@ -209,7 +220,8 @@
-
-005: RELIABILITY FIX: November 7, 2008 All architectures
+005: RELIABILITY FIX: November 7, 2008
+ All architectures
A software bug could cause memory allocation to cause a kernel panic
accessing an array out of its bounds, when physical memory is exhausted.
@@ -218,7 +230,8 @@
-
-004: RELIABILITY FIX: November 6, 2008 All architectures
+004: RELIABILITY FIX: November 6, 2008
+ All architectures
Fix
httpd(8)'s
mod_proxy module which is broken on 64-bit architectures. Due to the bug this
@@ -230,7 +243,8 @@
-
-003: RELIABILITY FIX: November 6, 2008 All architectures
+003: RELIABILITY FIX: November 6, 2008
+ All architectures
Fix the IPv4 TCP/IP stack's TIME_WAIT socket recycling. Due to the bug this
can result in TCP connections between two IPs being reset instead of accepted
if being received on a socket in the TIME_WAIT state.
@@ -240,7 +254,8 @@
-
-002: RELIABILITY FIX: November 2, 2008 All architectures
+002: RELIABILITY FIX: November 2, 2008
+ All architectures
Due to a bug in the vr(4) driver it is possible for a system using the vr(4)
driver to panic under heavy load if the RX path runs out of mbufs.
@@ -249,7 +264,8 @@
-
-001: SECURITY FIX: November 2, 2008 All architectures
+001: SECURITY FIX: November 2, 2008
+ All architectures
The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
solicitation requests maybe allowing a nearby attacker to intercept traffic.
The attacker must have IPv6 connectivity to the same router as their target for