===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata45.html,v
retrieving revision 1.52
retrieving revision 1.53
diff -c -r1.52 -r1.53
*** www/errata45.html 2016/08/15 02:22:06 1.52
--- www/errata45.html 2016/10/16 19:11:30 1.53
***************
*** 70,76 ****
--- 70,76 ----
***************
*** 92,98 ****
In TLS connections, certain incorrectly formatted records can cause
an OpenSSL client or server to crash due to a read attempt at NULL.
!
A source code patch exists which remedies this problem.
--- 92,98 ----
In TLS connections, certain incorrectly formatted records can cause
an OpenSSL client or server to crash due to a read attempt at NULL.
!
A source code patch exists which remedies this problem.
***************
*** 107,113 ****
leading to a denial of service when a resource limit is apparently
reached.
!
A source code patch exists which remedies this problem.
--- 107,113 ----
leading to a denial of service when a resource limit is apparently
reached.
!
A source code patch exists which remedies this problem.
***************
*** 118,124 ****
paranoid enough in checking for underruns, which could potentially
lead to crashes.
!
A source code patch exists which remedies this problem.
--- 118,124 ----
paranoid enough in checking for underruns, which could potentially
lead to crashes.
!
A source code patch exists which remedies this problem.
***************
*** 128,134 ****
Due to a null pointer dereference, it would be possible to crash ftpd when
handling glob(3)'ing requests. This is non-exploitable.
!
A source code patch exists which remedies this problem.
--- 128,134 ----
Due to a null pointer dereference, it would be possible to crash ftpd when
handling glob(3)'ing requests. This is non-exploitable.
!
A source code patch exists which remedies this problem.
***************
*** 138,144 ****
OpenSSL is susceptible to a buffer overflow due to a failure
to check for NULL returns from bn_wexpand function calls.
!
A source code patch exists which remedies this problem.
--- 138,144 ----
OpenSSL is susceptible to a buffer overflow due to a failure
to check for NULL returns from bn_wexpand function calls.
!
A source code patch exists which remedies this problem.
***************
*** 149,155 ****
could be created, violating assumptions in other parts of the kernel
and resulting in infinite loops.
!
A source code patch exists which remedies this problem.
--- 149,155 ----
could be created, violating assumptions in other parts of the kernel
and resulting in infinite loops.
!
A source code patch exists which remedies this problem.
***************
*** 161,167 ****
OpenSSL permitted this protocol feature by default and had no way to
disable it.
!
A source code patch exists which remedies this problem.
--- 161,167 ----
OpenSSL permitted this protocol feature by default and had no way to
disable it.
!
A source code patch exists which remedies this problem.
***************
*** 171,177 ****
getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
IP_IPCOMP_LEVEL will crash the system.
!
A source code patch exists which remedies this problem.
--- 171,177 ----
getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
IP_IPCOMP_LEVEL will crash the system.
!
A source code patch exists which remedies this problem.
***************
*** 180,186 ****
i386 only
XMM exceptions are not correctly handled resulting in a kernel panic.
!
A source code patch exists which remedies this problem.
--- 180,186 ----
i386 only
XMM exceptions are not correctly handled resulting in a kernel panic.
!
A source code patch exists which remedies this problem.
***************
*** 192,198 ****
An attacker could crash a server with a specially crafted dynamic update message to a
zone for which the server is master.
!
A source code patch exists which remedies this problem.
--- 192,198 ----
An attacker could crash a server with a specially crafted dynamic update message to a
zone for which the server is master.
!
A source code patch exists which remedies this problem.
***************
*** 206,212 ****
(hang or crash) via a crafted zlib compressed stream that
triggers a heap-based buffer overflow.
!
A source code patch exists which remedies this problem.
--- 206,212 ----
(hang or crash) via a crafted zlib compressed stream that
triggers a heap-based buffer overflow.
!
A source code patch exists which remedies this problem.
***************
*** 221,227 ****
driver causing the audio application to go out of sync, and in turn causing
continuous stuttering until the application is restarted.
!
A source code patch exists which remedies this problem.
--- 221,227 ----
driver causing the audio application to go out of sync, and in turn causing
continuous stuttering until the application is restarted.
!
A source code patch exists which remedies this problem.
***************
*** 234,240 ****
to think that buffer underruns are occuring. Depending on the
application, this may cause the sound to stutter.
!
A source code patch exists which remedies this problem.
--- 234,240 ----
to think that buffer underruns are occuring. Depending on the
application, this may cause the sound to stutter.
!
A source code patch exists which remedies this problem.
***************
*** 248,254 ****
to stutter, but other anomalies might be observed for other
device types.
!
A source code patch exists which remedies this problem.
--- 248,254 ----
to stutter, but other anomalies might be observed for other
device types.
!
A source code patch exists which remedies this problem.
*************** *** 269,275 ****
nat/rdr ... inet6 proto { tcp udp icmp6 } ...! A source code patch exists which remedies this problem.
--- 269,275 ----
nat/rdr ... inet6 proto { tcp udp icmp6 } ...! A source code patch exists which remedies this problem.
***************
*** 287,293 ****
OpenSSL security advisory, but note that the other issue described there "Incorrect Error
Checking During CMS verification" relates to code not enabled in OpenBSD.
!
A source code patch exists which remedies this problem.
--- 287,293 ----
OpenSSL security advisory, but note that the other issue described there "Incorrect Error
Checking During CMS verification" relates to code not enabled in OpenBSD.
!
A source code patch exists which remedies this problem.