===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata44.html,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- www/errata44.html	2019/05/27 22:55:20	1.65
+++ www/errata44.html	2019/05/28 16:32:42	1.66
@@ -84,109 +84,86 @@
 <hr>
 
 <ul>
-<li id="p016_getsockopt">
-<strong>016: RELIABILITY FIX: October 28, 2009</strong>
+
+<li id="p001_ndp">
+<strong>001: SECURITY FIX: November 2, 2008</strong>
 &nbsp; <i>All architectures</i><br>
-getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
-IP_IPCOMP_LEVEL will crash the system.
+The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
+solicitation requests maybe allowing a nearby attacker to intercept traffic.
+The attacker must have IPv6 connectivity to the same router as their target for
+this vulnerability to be exploited.
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476">CVE-2008-2476</a>.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/016_getsockopt.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p015_xmm">
-<strong>015: RELIABILITY FIX: October 05, 2009</strong>
-&nbsp; <i>i386 only</i><br>
-XMM exceptions are not correctly handled resulting in a kernel panic.
-<br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/i386/015_xmm.patch">
-A source code patch exists which remedies this problem.</a>
-<p>
-
-<li id="p014_bind">
-<strong>014: RELIABILITY FIX: July 29, 2009</strong>
+<li id="p002_vr">
+<strong>002: RELIABILITY FIX: November 2, 2008</strong>
 &nbsp; <i>All architectures</i><br>
-A vulnerability has been found in BIND's named server
-(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696">CVE-2009-0696</a>).
-An attacker could crash a server with a specially crafted dynamic update message to a
-zone for which the server is master.
+Due to a bug in the vr(4) driver it is possible for a system using the vr(4)
+driver to panic under heavy load if the RX path runs out of mbufs.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/014_bind.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/002_vr.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p013_pf">
-<strong>013: RELIABILITY FIX: April 11, 2009</strong>
+<li id="p003_tcpinput">
+<strong>003: RELIABILITY FIX: November 6, 2008</strong>
 &nbsp; <i>All architectures</i><br>
-When pf attempts to perform translation on a specially crafted IP datagram,
-a null pointer dereference will occur, resulting in a kernel panic.
-In certain configurations this may be triggered by a remote attacker.
+Fix the IPv4 TCP/IP stack's TIME_WAIT socket recycling. Due to the bug this
+can result in TCP connections between two IPs being reset instead of accepted
+if being received on a socket in the TIME_WAIT state.
 <br>
-Restricting translation rules to protocols that are specific to the IP version
-in use, is an effective workaround until the patch can be installed. As an
-example, for IPv4 nat/binat/rdr rules you can use:
-<pre>
-    nat/rdr ... inet proto { tcp udp icmp } ...
-</pre>
-Or for IPv6 nat/binat/rdr rules you can use:
-<pre>
-    nat/rdr ... inet6 proto { tcp udp icmp6 } ...
-</pre>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/013_pf.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/003_tcpinput.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p012_openssl">
-<strong>012: RELIABILITY FIX: April 8, 2009</strong>
+<li id="p004_httpd">
+<strong>004: RELIABILITY FIX: November 6, 2008</strong>
 &nbsp; <i>All architectures</i><br>
-The OpenSSL ASN.1 handling code could be forced to perform invalid memory
-accesses through the use of certain invalid strings
-(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590">CVE-2009-0590</a>)
-or under certain error conditions triggerable by invalid ASN.1 structures
-(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789">CVE-2009-0789</a>).
-These vulnerabilities could be exploited to achieve a
-denial-of-service. A more detailed description of these problems is available
-in the
-<a href="http://www.openssl.org/news/secadv_20090325.txt">OpenSSL security advisory</a>, but note that the other issue described there "Incorrect Error
-Checking During CMS verification" relates to code not enabled in OpenBSD.
+Fix
+<a href="https://man.openbsd.org/OpenBSD-4.4/httpd.8">httpd(8)</a>'s
+mod_proxy module which is broken on 64-bit architectures. Due to the bug this
+will result in child processes crashing when utilizing proxy rules during an
+HTTP session.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/012_openssl.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/004_httpd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p011_sudo">
-<strong>011: SECURITY FIX: February 22, 2009</strong>
+<li id="p005_pglistalloc">
+<strong>005: RELIABILITY FIX: November 7, 2008</strong>
 &nbsp; <i>All architectures</i><br>
-sudo(8) may allow a user listed in the sudoers file to run a command
-as a different user than their access rule specifies when a Unix
-group is used in the RunAs portion of the rule.  The bug only manifests
-when the user being granted privileges is also a member of the group
-in the RunAs portion of the rule.
+A software bug could cause memory allocation to cause a kernel panic
+accessing an array out of its bounds, when physical memory is exhausted.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/011_sudo.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/005_pglistalloc.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p010_bgpd">
-<strong>010: RELIABILITY FIX: February 18, 2009</strong>
+<li id="p006_dhcpd">
+<strong>006: RELIABILITY FIX: November 19, 2008</strong>
 &nbsp; <i>All architectures</i><br>
-bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
-the process to terminate because of the resulting corrupt path.
+Due to changes in the options handling this caused problems with some
+DHCP clients such as Solaris/OpenSolaris and some embedded routers not
+accepting DHCP offers.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/010_bgpd.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/006_dhcpd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p009_bgpd">
-<strong>009: RELIABILITY FIX: January 30, 2009</strong>
+<li id="p007_openssl">
+<strong>007: SECURITY FIX: January 9, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-Upon reception of an invalid update with 4-byte AS attributes, bgpd -
-adhering to the RFCs - closed the session to the neighbor.
-This error in the specification allowed 3rd parties to close remote BGP
-sessions.
-In the worst case Internet connectivity could be lost.
+The OpenSSL libraries did not correctly check the return value from
+certain verification functions, allowing validation to be bypassed and
+permitting a remote attacker to conduct a "man in the middle attack"
+against SSL/TLS connections if the server is configured with a DSA or ECDSA
+certificate.
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077">CVE-2008-5077</a>.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/009_bgpd.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/007_openssl.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
@@ -202,85 +179,109 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p007_openssl">
-<strong>007: SECURITY FIX: January 9, 2009</strong>
+<li id="p009_bgpd">
+<strong>009: RELIABILITY FIX: January 30, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-The OpenSSL libraries did not correctly check the return value from
-certain verification functions, allowing validation to be bypassed and
-permitting a remote attacker to conduct a "man in the middle attack"
-against SSL/TLS connections if the server is configured with a DSA or ECDSA
-certificate.
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077">CVE-2008-5077</a>.
+Upon reception of an invalid update with 4-byte AS attributes, bgpd -
+adhering to the RFCs - closed the session to the neighbor.
+This error in the specification allowed 3rd parties to close remote BGP
+sessions.
+In the worst case Internet connectivity could be lost.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/007_openssl.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/009_bgpd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p006_dhcpd">
-<strong>006: RELIABILITY FIX: November 19, 2008</strong>
+<li id="p010_bgpd">
+<strong>010: RELIABILITY FIX: February 18, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-Due to changes in the options handling this caused problems with some
-DHCP clients such as Solaris/OpenSolaris and some embedded routers not
-accepting DHCP offers.
+bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
+the process to terminate because of the resulting corrupt path.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/006_dhcpd.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/010_bgpd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p005_pglistalloc">
-<strong>005: RELIABILITY FIX: November 7, 2008</strong>
+<li id="p011_sudo">
+<strong>011: SECURITY FIX: February 22, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-A software bug could cause memory allocation to cause a kernel panic
-accessing an array out of its bounds, when physical memory is exhausted.
+sudo(8) may allow a user listed in the sudoers file to run a command
+as a different user than their access rule specifies when a Unix
+group is used in the RunAs portion of the rule.  The bug only manifests
+when the user being granted privileges is also a member of the group
+in the RunAs portion of the rule.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/005_pglistalloc.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/011_sudo.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p004_httpd">
-<strong>004: RELIABILITY FIX: November 6, 2008</strong>
+<li id="p012_openssl">
+<strong>012: RELIABILITY FIX: April 8, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-Fix
-<a href="https://man.openbsd.org/OpenBSD-4.4/httpd.8">httpd(8)</a>'s
-mod_proxy module which is broken on 64-bit architectures. Due to the bug this
-will result in child processes crashing when utilizing proxy rules during an
-HTTP session.
+The OpenSSL ASN.1 handling code could be forced to perform invalid memory
+accesses through the use of certain invalid strings
+(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590">CVE-2009-0590</a>)
+or under certain error conditions triggerable by invalid ASN.1 structures
+(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789">CVE-2009-0789</a>).
+These vulnerabilities could be exploited to achieve a
+denial-of-service. A more detailed description of these problems is available
+in the
+<a href="http://www.openssl.org/news/secadv_20090325.txt">OpenSSL security advisory</a>, but note that the other issue described there "Incorrect Error
+Checking During CMS verification" relates to code not enabled in OpenBSD.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/004_httpd.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/012_openssl.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p003_tcpinput">
-<strong>003: RELIABILITY FIX: November 6, 2008</strong>
+<li id="p013_pf">
+<strong>013: RELIABILITY FIX: April 11, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-Fix the IPv4 TCP/IP stack's TIME_WAIT socket recycling. Due to the bug this
-can result in TCP connections between two IPs being reset instead of accepted
-if being received on a socket in the TIME_WAIT state.
+When pf attempts to perform translation on a specially crafted IP datagram,
+a null pointer dereference will occur, resulting in a kernel panic.
+In certain configurations this may be triggered by a remote attacker.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/003_tcpinput.patch">
+Restricting translation rules to protocols that are specific to the IP version
+in use, is an effective workaround until the patch can be installed. As an
+example, for IPv4 nat/binat/rdr rules you can use:
+<pre>
+    nat/rdr ... inet proto { tcp udp icmp } ...
+</pre>
+Or for IPv6 nat/binat/rdr rules you can use:
+<pre>
+    nat/rdr ... inet6 proto { tcp udp icmp6 } ...
+</pre>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/013_pf.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p002_vr">
-<strong>002: RELIABILITY FIX: November 2, 2008</strong>
+<li id="p014_bind">
+<strong>014: RELIABILITY FIX: July 29, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-Due to a bug in the vr(4) driver it is possible for a system using the vr(4)
-driver to panic under heavy load if the RX path runs out of mbufs.
+A vulnerability has been found in BIND's named server
+(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696">CVE-2009-0696</a>).
+An attacker could crash a server with a specially crafted dynamic update message to a
+zone for which the server is master.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/002_vr.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/014_bind.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="p001_ndp">
-<strong>001: SECURITY FIX: November 2, 2008</strong>
+<li id="p015_xmm">
+<strong>015: RELIABILITY FIX: October 05, 2009</strong>
+&nbsp; <i>i386 only</i><br>
+XMM exceptions are not correctly handled resulting in a kernel panic.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/i386/015_xmm.patch">
+A source code patch exists which remedies this problem.</a>
+<p>
+
+<li id="p016_getsockopt">
+<strong>016: RELIABILITY FIX: October 28, 2009</strong>
 &nbsp; <i>All architectures</i><br>
-The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
-solicitation requests maybe allowing a nearby attacker to intercept traffic.
-The attacker must have IPv6 connectivity to the same router as their target for
-this vulnerability to be exploited.
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476">CVE-2008-2476</a>.
+getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
+IP_IPCOMP_LEVEL will crash the system.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/016_getsockopt.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
