version 1.49, 2017/03/28 04:04:52 |
version 1.50, 2017/03/28 06:41:18 |
|
|
<hr> |
<hr> |
|
|
<ul> |
<ul> |
<li id="013_pf"> |
<li id="p013_pf"> |
<font color="#009000"><strong>013: SECURITY FIX: February 16, 2011</strong></font> |
<font color="#009000"><strong>013: SECURITY FIX: February 16, 2011</strong></font> |
<i>Little-endian architectures</i><br> |
<i>Little-endian architectures</i><br> |
PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were |
PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="012_openssl"> |
<li id="p012_openssl"> |
<font color="#009000"><strong>012: SECURITY FIX: February 11, 2011</strong></font> |
<font color="#009000"><strong>012: SECURITY FIX: February 11, 2011</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
An incorrectly formatted ClientHello handshake message could cause |
An incorrectly formatted ClientHello handshake message could cause |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="011_rtsock"> |
<li id="p011_rtsock"> |
<font color="#009000"><strong>011: RELIABILITY FIX: January 13, 2011</strong></font> |
<font color="#009000"><strong>011: RELIABILITY FIX: January 13, 2011</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
sp_protocol in RTM_DELETE messages could contain garbage values |
sp_protocol in RTM_DELETE messages could contain garbage values |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="010_cbc"> |
<li id="p010_cbc"> |
<font color="#009000"><strong>010: RELIABILITY FIX: December 20, 2010</strong></font> |
<font color="#009000"><strong>010: RELIABILITY FIX: December 20, 2010</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Bring CBC oracle attack countermeasures to hardware crypto accelerator land. |
Bring CBC oracle attack countermeasures to hardware crypto accelerator land. |
This fixes aes-ni, via xcrypt and various drivers |
This fixes aes-ni, via xcrypt and various drivers |
(<a href="http://man.openbsd.org/?query=glxsb&arch=i386&sektion=4">glxsb(4)</a>, |
(<a href="http://man.openbsd.org/OpenBSD-4.7/glxsb.4">glxsb(4)</a>, |
<a href="http://man.openbsd.org/?query=hifn&sektion=4">hifn(4)</a>, |
<a href="http://man.openbsd.org/OpenBSD-4.7/hifn.4">hifn(4)</a>, |
<a href="http://man.openbsd.org/?query=safe&sektion=4">safe(4)</a> |
<a href="http://man.openbsd.org/OpenBSD-4.7/safe.4">safe(4)</a> |
and |
and |
<a href="http://man.openbsd.org/?query=ubsec&sektion=4">ubsec(4)</a>). |
<a href="http://man.openbsd.org/OpenBSD-4.7/ubsec.4">ubsec(4)</a>). |
|
|
<br> |
<br> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/010_cbc.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/010_cbc.patch"> |
|
|
<p> |
<p> |
|
|
|
|
<li id="009_pf"> |
<li id="p009_pf"> |
<font color="#009000"><strong>009: SECURITY FIX: December 17, 2010</strong></font> |
<font color="#009000"><strong>009: SECURITY FIX: December 17, 2010</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Insufficent initialization of the pf rule structure in the ioctl |
Insufficent initialization of the pf rule structure in the ioctl |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="008_openssl"> |
<li id="p008_openssl"> |
<font color="#009000"><strong>008: RELIABILITY FIX: November 17, 2010</strong></font> |
<font color="#009000"><strong>008: RELIABILITY FIX: November 17, 2010</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to |
Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="007_scsi"> |
<li id="p007_scsi"> |
<font color="#009000"><strong>007: RELIABILITY FIX: September 14, 2010</strong></font> |
<font color="#009000"><strong>007: RELIABILITY FIX: September 14, 2010</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Avoid calling scsi_done() more than once in gdt(4). Fixes a kernel panic triggered by syncing disks during shut down.<br> |
Avoid calling scsi_done() more than once in gdt(4). Fixes a kernel panic triggered by syncing disks during shut down.<br> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="006_scsi"> |
<li id="p006_scsi"> |
<font color="#009000"><strong>006: RELIABILITY FIX: July 8, 2010</strong></font> |
<font color="#009000"><strong>006: RELIABILITY FIX: July 8, 2010</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives. |
Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives. |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="005_pfsync"> |
<li id="p005_pfsync"> |
<font color="#009000"><strong>005: RELIABILITY FIX: May 14, 2010</strong></font> |
<font color="#009000"><strong>005: RELIABILITY FIX: May 14, 2010</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Incorrectly initialized state updates can cause pfsync update storms. |
Incorrectly initialized state updates can cause pfsync update storms. |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="004_pfsync"> |
<li id="p004_pfsync"> |
<font color="#009000"><strong>004: SECURITY FIX: April 23, 2010</strong></font> |
<font color="#009000"><strong>004: SECURITY FIX: April 23, 2010</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The combination of pfsync and IPSEC may crash the kernel.<br> |
The combination of pfsync and IPSEC may crash the kernel.<br> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="003_openssl"> |
<li id="p003_openssl"> |
<font color="#009000"><strong>003: SECURITY FIX: April 14, 2010</strong></font> |
<font color="#009000"><strong>003: SECURITY FIX: April 14, 2010</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
In TLS connections, certain incorrectly formatted records can cause |
In TLS connections, certain incorrectly formatted records can cause |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="002_mpi"> |
<li id="p002_mpi"> |
<font color="#009000"><strong>002: RELIABILITY FIX: April 4, 2010</strong></font> |
<font color="#009000"><strong>002: RELIABILITY FIX: April 4, 2010</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
When updating sensors showing the state of RAID volumes |
When updating sensors showing the state of RAID volumes |
<a href="http://man.openbsd.org/?query=mpi&sektion=4">mpi(4)</a> |
<a href="http://man.openbsd.org/OpenBSD-4.7/mpi.4">mpi(4)</a> |
allocates temporary memory and then returns it to the kernel as |
allocates temporary memory and then returns it to the kernel as |
device memory. |
device memory. |
This causes kernel memory usage to be misrepresented, eventually |
This causes kernel memory usage to be misrepresented, eventually |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="001_kerberos"> |
<li id="p001_kerberos"> |
<font color="#009000"><strong>001: RELIABILITY FIX: March 31, 2010</strong></font> |
<font color="#009000"><strong>001: RELIABILITY FIX: March 31, 2010</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
When decrypting packets, the internal decryption functions were not |
When decrypting packets, the internal decryption functions were not |