===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata46.html,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- www/errata46.html 2014/03/31 03:12:47 1.28
+++ www/errata46.html 2014/03/31 16:02:48 1.29
@@ -77,7 +77,8 @@
-
-012: RELIABILITY FIX: May 14, 2010 All architectures
+012: RELIABILITY FIX: May 14, 2010
+ All architectures
Insufficient protection of the trunk interface queues may cause
LACP trunks to fail under load.
@@ -86,7 +87,8 @@
-
-011: RELIABILITY FIX: May 14, 2010 All architectures
+011: RELIABILITY FIX: May 14, 2010
+ All architectures
Incorrectly initialized state updates can cause pfsync update storms.
@@ -94,7 +96,8 @@
-
-010: SECURITY FIX: April 14, 2010 All architectures
+010: SECURITY FIX: April 14, 2010
+ All architectures
In TLS connections, certain incorrectly formatted records can cause
an OpenSSL client or server to crash due to a read attempt at NULL.
@@ -103,7 +106,8 @@
-
-009: RELIABILITY FIX: April 4, 2010 All architectures
+009: RELIABILITY FIX: April 4, 2010
+ All architectures
When updating sensors showing the state of RAID volumes
mpi(4)
allocates temporary memory and then returns it to the kernel as
@@ -117,7 +121,8 @@
-
-008: RELIABILITY FIX: March 31, 2010 All architectures
+008: RELIABILITY FIX: March 31, 2010
+ All architectures
When decrypting packets, the internal decryption functions were not
paranoid enough in checking for underruns, which could potentially
lead to crashes.
@@ -127,7 +132,8 @@
-
-007: RELIABILITY FIX: March 12, 2010 All architectures
+007: RELIABILITY FIX: March 12, 2010
+ All architectures
Due to a null pointer dereference, it would be possible to crash ftpd when
handling glob(3)'ing requests. This is non-exploitable.
@@ -136,7 +142,8 @@
-
-006: SECURITY FIX: March 12, 2010 All architectures
+006: SECURITY FIX: March 12, 2010
+ All architectures
OpenSSL is susceptible to a buffer overflow due to a failure
to check for NULL returns from bn_wexpand function calls.
@@ -145,7 +152,8 @@
-
-005: RELIABILITY FIX: January 29, 2010 All architectures
+005: RELIABILITY FIX: January 29, 2010
+ All architectures
By using ptrace(2) on an ancestor process, a loop in the process tree
could be created, violating assumptions in other parts of the kernel
and resulting in infinite loops.
@@ -155,7 +163,8 @@
-
-004: SECURITY FIX: November 26, 2009 All architectures
+004: SECURITY FIX: November 26, 2009
+ All architectures
The SSL/TLS protocol is subject to man-in-the-middle attacks related to
renegotiation (see CVE-2009-3555, draft-ietf-tls-renegotiation-00).
OpenSSL permitted this protocol feature by default and had no way to
@@ -166,7 +175,8 @@
-
-003: RELIABILITY FIX: October 28, 2009 All architectures
+003: RELIABILITY FIX: October 28, 2009
+ All architectures
getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
IP_IPCOMP_LEVEL will crash the system.
@@ -175,7 +185,8 @@
-
-002: RELIABILITY FIX: October 05, 2009 i386 only
+002: RELIABILITY FIX: October 05, 2009
+ i386 only
XMM exceptions are not correctly handled resulting in a kernel panic.
@@ -183,7 +194,8 @@
-
-001: RELIABILITY FIX: July 29, 2009 All architectures
+001: RELIABILITY FIX: July 29, 2009
+ All architectures
A vulnerability has been found in BIND's named server
(CVE-2009-0696).
An attacker could crash a server with a specially crafted dynamic update message to a