===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata45.html,v
retrieving revision 1.36
retrieving revision 1.37
diff -c -r1.36 -r1.37
*** www/errata45.html 2014/03/31 03:12:47 1.36
--- www/errata45.html 2014/03/31 16:02:48 1.37
***************
*** 77,83 ****
-
! 016: SECURITY FIX: April 14, 2010 All architectures
In TLS connections, certain incorrectly formatted records can cause
an OpenSSL client or server to crash due to a read attempt at NULL.
--- 77,84 ----
-
! 016: SECURITY FIX: April 14, 2010
! All architectures
In TLS connections, certain incorrectly formatted records can cause
an OpenSSL client or server to crash due to a read attempt at NULL.
***************
*** 86,92 ****
-
! 015: RELIABILITY FIX: April 4, 2010 All architectures
When updating sensors showing the state of RAID volumes
mpi(4)
allocates temporary memory and then returns it to the kernel as
--- 87,94 ----
-
! 015: RELIABILITY FIX: April 4, 2010
! All architectures
When updating sensors showing the state of RAID volumes
mpi(4)
allocates temporary memory and then returns it to the kernel as
***************
*** 100,106 ****
-
! 014: RELIABILITY FIX: March 31, 2010 All architectures
When decrypting packets, the internal decryption functions were not
paranoid enough in checking for underruns, which could potentially
lead to crashes.
--- 102,109 ----
-
! 014: RELIABILITY FIX: March 31, 2010
! All architectures
When decrypting packets, the internal decryption functions were not
paranoid enough in checking for underruns, which could potentially
lead to crashes.
***************
*** 110,116 ****
-
! 013: RELIABILITY FIX: March 12, 2010 All architectures
Due to a null pointer dereference, it would be possible to crash ftpd when
handling glob(3)'ing requests. This is non-exploitable.
--- 113,120 ----
-
! 013: RELIABILITY FIX: March 12, 2010
! All architectures
Due to a null pointer dereference, it would be possible to crash ftpd when
handling glob(3)'ing requests. This is non-exploitable.
***************
*** 119,125 ****
-
! 012: SECURITY FIX: March 12, 2010 All architectures
OpenSSL is susceptible to a buffer overflow due to a failure
to check for NULL returns from bn_wexpand function calls.
--- 123,130 ----
-
! 012: SECURITY FIX: March 12, 2010
! All architectures
OpenSSL is susceptible to a buffer overflow due to a failure
to check for NULL returns from bn_wexpand function calls.
***************
*** 128,134 ****
-
! 011: RELIABILITY FIX: January 29, 2010 All architectures
By using ptrace(2) on an ancestor process, a loop in the process tree
could be created, violating assumptions in other parts of the kernel
and resulting in infinite loops.
--- 133,140 ----
-
! 011: RELIABILITY FIX: January 29, 2010
! All architectures
By using ptrace(2) on an ancestor process, a loop in the process tree
could be created, violating assumptions in other parts of the kernel
and resulting in infinite loops.
***************
*** 138,144 ****
-
! 010: SECURITY FIX: November 26, 2009 All architectures
The SSL/TLS protocol is subject to man-in-the-middle attacks related to
renegotiation (see CVE-2009-3555, draft-ietf-tls-renegotiation-00).
OpenSSL permitted this protocol feature by default and had no way to
--- 144,151 ----
-
! 010: SECURITY FIX: November 26, 2009
! All architectures
The SSL/TLS protocol is subject to man-in-the-middle attacks related to
renegotiation (see CVE-2009-3555, draft-ietf-tls-renegotiation-00).
OpenSSL permitted this protocol feature by default and had no way to
***************
*** 149,155 ****
-
! 009: RELIABILITY FIX: October 28, 2009 All architectures
getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
IP_IPCOMP_LEVEL will crash the system.
--- 156,163 ----
-
! 009: RELIABILITY FIX: October 28, 2009
! All architectures
getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
IP_IPCOMP_LEVEL will crash the system.
***************
*** 158,164 ****
-
! 008: RELIABILITY FIX: October 05, 2009 i386 only
XMM exceptions are not correctly handled resulting in a kernel panic.
--- 166,173 ----
-
! 008: RELIABILITY FIX: October 05, 2009
! i386 only
XMM exceptions are not correctly handled resulting in a kernel panic.
***************
*** 166,172 ****
-
! 007: RELIABILITY FIX: July 29, 2009 All architectures
A vulnerability has been found in BIND's named server
(CVE-2009-0696).
An attacker could crash a server with a specially crafted dynamic update message to a
--- 175,182 ----
-
! 007: RELIABILITY FIX: July 29, 2009
! All architectures
A vulnerability has been found in BIND's named server
(CVE-2009-0696).
An attacker could crash a server with a specially crafted dynamic update message to a
***************
*** 177,183 ****
-
! 006: RELIABILITY FIX: June 24, 2009 All architectures
An off-by-one error in the inflate function in Zlib.xs in the
Compress::Raw::Zlib perl module before 2.017 (CVE-2009-1391),
as used in AMaViS, SpamAssassin, and possibly other products,
--- 187,194 ----
-
! 006: RELIABILITY FIX: June 24, 2009
! All architectures
An off-by-one error in the inflate function in Zlib.xs in the
Compress::Raw::Zlib perl module before 2.017 (CVE-2009-1391),
as used in AMaViS, SpamAssassin, and possibly other products,
***************
*** 191,197 ****
-
! 005: RELIABILITY FIX: April 24, 2009 All architectures
On very high system load, an audio interrupt may occur while the
audio process is filling audio ring buffers. This triggers bogus
(and useless) correction code in the
--- 202,209 ----
-
! 005: RELIABILITY FIX: April 24, 2009
! All architectures
On very high system load, an audio interrupt may occur while the
audio process is filling audio ring buffers. This triggers bogus
(and useless) correction code in the
***************
*** 204,210 ****
-
! 004: RELIABILITY FIX: April 24, 2009 All architectures
In server mode when in full-duplex mode (the default)
aucat(1)
will send each synchronization message twice, causing client applications
--- 216,223 ----
-
! 004: RELIABILITY FIX: April 24, 2009
! All architectures
In server mode when in full-duplex mode (the default)
aucat(1)
will send each synchronization message twice, causing client applications
***************
*** 216,222 ****
-
! 003: RELIABILITY FIX: April 24, 2009 i386 only
When DMA'able memory is mapped by device drivers, the
mapping flags and protection are partially uninitialized.
Depending on the calling context, this may cause devices to misbehave, like
--- 229,236 ----
-
! 003: RELIABILITY FIX: April 24, 2009
! i386 only
When DMA'able memory is mapped by device drivers, the
mapping flags and protection are partially uninitialized.
Depending on the calling context, this may cause devices to misbehave, like
***************
*** 229,235 ****
-
! 002: RELIABILITY FIX: April 11, 2009 All architectures
When pf attempts to perform translation on a specially crafted IP datagram,
a null pointer dereference will occur, resulting in a kernel panic.
In certain configurations this may be triggered by a remote attacker.
--- 243,250 ----
-
! 002: RELIABILITY FIX: April 11, 2009
! All architectures
When pf attempts to perform translation on a specially crafted IP datagram,
a null pointer dereference will occur, resulting in a kernel panic.
In certain configurations this may be triggered by a remote attacker.
***************
*** 249,255 ****
-
! 001: RELIABILITY FIX: April 8, 2009 All architectures
The OpenSSL ASN.1 handling code could be forced to perform invalid memory
accesses through the use of certain invalid strings
(CVE-2009-0590)
--- 264,271 ----
-
! 001: RELIABILITY FIX: April 8, 2009
! All architectures
The OpenSSL ASN.1 handling code could be forced to perform invalid memory
accesses through the use of certain invalid strings
(CVE-2009-0590)