===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata44.html,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- www/errata44.html 2019/05/27 22:55:20 1.65
+++ www/errata44.html 2019/05/28 16:32:42 1.66
@@ -84,109 +84,86 @@
--
-016: RELIABILITY FIX: October 28, 2009
+
+
-
+001: SECURITY FIX: November 2, 2008
All architectures
-getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
-IP_IPCOMP_LEVEL will crash the system.
+The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
+solicitation requests maybe allowing a nearby attacker to intercept traffic.
+The attacker must have IPv6 connectivity to the same router as their target for
+this vulnerability to be exploited.
+CVE-2008-2476.
-
+
A source code patch exists which remedies this problem.
-
-
-015: RELIABILITY FIX: October 05, 2009
- i386 only
-XMM exceptions are not correctly handled resulting in a kernel panic.
-
-
-A source code patch exists which remedies this problem.
-
-
-
-
-014: RELIABILITY FIX: July 29, 2009
+
-
+002: RELIABILITY FIX: November 2, 2008
All architectures
-A vulnerability has been found in BIND's named server
-(CVE-2009-0696).
-An attacker could crash a server with a specially crafted dynamic update message to a
-zone for which the server is master.
+Due to a bug in the vr(4) driver it is possible for a system using the vr(4)
+driver to panic under heavy load if the RX path runs out of mbufs.
-
+
A source code patch exists which remedies this problem.
-
-
-013: RELIABILITY FIX: April 11, 2009
+
-
+003: RELIABILITY FIX: November 6, 2008
All architectures
-When pf attempts to perform translation on a specially crafted IP datagram,
-a null pointer dereference will occur, resulting in a kernel panic.
-In certain configurations this may be triggered by a remote attacker.
+Fix the IPv4 TCP/IP stack's TIME_WAIT socket recycling. Due to the bug this
+can result in TCP connections between two IPs being reset instead of accepted
+if being received on a socket in the TIME_WAIT state.
-Restricting translation rules to protocols that are specific to the IP version
-in use, is an effective workaround until the patch can be installed. As an
-example, for IPv4 nat/binat/rdr rules you can use:
-
- nat/rdr ... inet proto { tcp udp icmp } ...
-
-Or for IPv6 nat/binat/rdr rules you can use:
-
- nat/rdr ... inet6 proto { tcp udp icmp6 } ...
-
-
+
A source code patch exists which remedies this problem.
-
-
-012: RELIABILITY FIX: April 8, 2009
+
-
+004: RELIABILITY FIX: November 6, 2008
All architectures
-The OpenSSL ASN.1 handling code could be forced to perform invalid memory
-accesses through the use of certain invalid strings
-(CVE-2009-0590)
-or under certain error conditions triggerable by invalid ASN.1 structures
-(CVE-2009-0789).
-These vulnerabilities could be exploited to achieve a
-denial-of-service. A more detailed description of these problems is available
-in the
-OpenSSL security advisory, but note that the other issue described there "Incorrect Error
-Checking During CMS verification" relates to code not enabled in OpenBSD.
+Fix
+httpd(8)'s
+mod_proxy module which is broken on 64-bit architectures. Due to the bug this
+will result in child processes crashing when utilizing proxy rules during an
+HTTP session.
-
+
A source code patch exists which remedies this problem.
-
-
-011: SECURITY FIX: February 22, 2009
+
-
+005: RELIABILITY FIX: November 7, 2008
All architectures
-sudo(8) may allow a user listed in the sudoers file to run a command
-as a different user than their access rule specifies when a Unix
-group is used in the RunAs portion of the rule. The bug only manifests
-when the user being granted privileges is also a member of the group
-in the RunAs portion of the rule.
+A software bug could cause memory allocation to cause a kernel panic
+accessing an array out of its bounds, when physical memory is exhausted.
-
+
A source code patch exists which remedies this problem.
-
-
-010: RELIABILITY FIX: February 18, 2009
+
-
+006: RELIABILITY FIX: November 19, 2008
All architectures
-bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
-the process to terminate because of the resulting corrupt path.
+Due to changes in the options handling this caused problems with some
+DHCP clients such as Solaris/OpenSolaris and some embedded routers not
+accepting DHCP offers.
-
+
A source code patch exists which remedies this problem.
-
-
-009: RELIABILITY FIX: January 30, 2009
+
-
+007: SECURITY FIX: January 9, 2009
All architectures
-Upon reception of an invalid update with 4-byte AS attributes, bgpd -
-adhering to the RFCs - closed the session to the neighbor.
-This error in the specification allowed 3rd parties to close remote BGP
-sessions.
-In the worst case Internet connectivity could be lost.
+The OpenSSL libraries did not correctly check the return value from
+certain verification functions, allowing validation to be bypassed and
+permitting a remote attacker to conduct a "man in the middle attack"
+against SSL/TLS connections if the server is configured with a DSA or ECDSA
+certificate.
+CVE-2008-5077.
-
+
A source code patch exists which remedies this problem.
@@ -202,85 +179,109 @@
A source code patch exists which remedies this problem.
-
-
-007: SECURITY FIX: January 9, 2009
+
-
+009: RELIABILITY FIX: January 30, 2009
All architectures
-The OpenSSL libraries did not correctly check the return value from
-certain verification functions, allowing validation to be bypassed and
-permitting a remote attacker to conduct a "man in the middle attack"
-against SSL/TLS connections if the server is configured with a DSA or ECDSA
-certificate.
-CVE-2008-5077.
+Upon reception of an invalid update with 4-byte AS attributes, bgpd -
+adhering to the RFCs - closed the session to the neighbor.
+This error in the specification allowed 3rd parties to close remote BGP
+sessions.
+In the worst case Internet connectivity could be lost.
-
+
A source code patch exists which remedies this problem.
-
-
-006: RELIABILITY FIX: November 19, 2008
+
-
+010: RELIABILITY FIX: February 18, 2009
All architectures
-Due to changes in the options handling this caused problems with some
-DHCP clients such as Solaris/OpenSolaris and some embedded routers not
-accepting DHCP offers.
+bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
+the process to terminate because of the resulting corrupt path.
-
+
A source code patch exists which remedies this problem.
-
-
-005: RELIABILITY FIX: November 7, 2008
+
-
+011: SECURITY FIX: February 22, 2009
All architectures
-A software bug could cause memory allocation to cause a kernel panic
-accessing an array out of its bounds, when physical memory is exhausted.
+sudo(8) may allow a user listed in the sudoers file to run a command
+as a different user than their access rule specifies when a Unix
+group is used in the RunAs portion of the rule. The bug only manifests
+when the user being granted privileges is also a member of the group
+in the RunAs portion of the rule.
-
+
A source code patch exists which remedies this problem.
-
-
-004: RELIABILITY FIX: November 6, 2008
+
-
+012: RELIABILITY FIX: April 8, 2009
All architectures
-Fix
-httpd(8)'s
-mod_proxy module which is broken on 64-bit architectures. Due to the bug this
-will result in child processes crashing when utilizing proxy rules during an
-HTTP session.
+The OpenSSL ASN.1 handling code could be forced to perform invalid memory
+accesses through the use of certain invalid strings
+(CVE-2009-0590)
+or under certain error conditions triggerable by invalid ASN.1 structures
+(CVE-2009-0789).
+These vulnerabilities could be exploited to achieve a
+denial-of-service. A more detailed description of these problems is available
+in the
+OpenSSL security advisory, but note that the other issue described there "Incorrect Error
+Checking During CMS verification" relates to code not enabled in OpenBSD.
-
+
A source code patch exists which remedies this problem.
-
-
-003: RELIABILITY FIX: November 6, 2008
+
-
+013: RELIABILITY FIX: April 11, 2009
All architectures
-Fix the IPv4 TCP/IP stack's TIME_WAIT socket recycling. Due to the bug this
-can result in TCP connections between two IPs being reset instead of accepted
-if being received on a socket in the TIME_WAIT state.
+When pf attempts to perform translation on a specially crafted IP datagram,
+a null pointer dereference will occur, resulting in a kernel panic.
+In certain configurations this may be triggered by a remote attacker.
-
+Restricting translation rules to protocols that are specific to the IP version
+in use, is an effective workaround until the patch can be installed. As an
+example, for IPv4 nat/binat/rdr rules you can use:
+
+ nat/rdr ... inet proto { tcp udp icmp } ...
+
+Or for IPv6 nat/binat/rdr rules you can use:
+
+ nat/rdr ... inet6 proto { tcp udp icmp6 } ...
+
+
A source code patch exists which remedies this problem.
-
-
-002: RELIABILITY FIX: November 2, 2008
+
-
+014: RELIABILITY FIX: July 29, 2009
All architectures
-Due to a bug in the vr(4) driver it is possible for a system using the vr(4)
-driver to panic under heavy load if the RX path runs out of mbufs.
+A vulnerability has been found in BIND's named server
+(CVE-2009-0696).
+An attacker could crash a server with a specially crafted dynamic update message to a
+zone for which the server is master.
-
+
A source code patch exists which remedies this problem.
-
-
-001: SECURITY FIX: November 2, 2008
+
-
+015: RELIABILITY FIX: October 05, 2009
+ i386 only
+XMM exceptions are not correctly handled resulting in a kernel panic.
+
+
+A source code patch exists which remedies this problem.
+
+
+
-
+016: RELIABILITY FIX: October 28, 2009
All architectures
-The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
-solicitation requests maybe allowing a nearby attacker to intercept traffic.
-The attacker must have IPv6 connectivity to the same router as their target for
-this vulnerability to be exploited.
-CVE-2008-2476.
+getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
+IP_IPCOMP_LEVEL will crash the system.
-
+
A source code patch exists which remedies this problem.