===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata47.html,v
retrieving revision 1.49
retrieving revision 1.50
diff -c -r1.49 -r1.50
*** www/errata47.html 2017/03/28 04:04:52 1.49
--- www/errata47.html 2017/03/28 06:41:18 1.50
***************
*** 82,88 ****
! -
013: SECURITY FIX: February 16, 2011
Little-endian architectures
PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were
--- 82,88 ----
! -
013: SECURITY FIX: February 16, 2011
Little-endian architectures
PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were
***************
*** 94,100 ****
A source code patch exists which remedies this problem.
!
-
012: SECURITY FIX: February 11, 2011
All architectures
An incorrectly formatted ClientHello handshake message could cause
--- 94,100 ----
A source code patch exists which remedies this problem.
!
-
012: SECURITY FIX: February 11, 2011
All architectures
An incorrectly formatted ClientHello handshake message could cause
***************
*** 112,118 ****
A source code patch exists which remedies this problem.
!
-
011: RELIABILITY FIX: January 13, 2011
All architectures
sp_protocol in RTM_DELETE messages could contain garbage values
--- 112,118 ----
A source code patch exists which remedies this problem.
!
-
011: RELIABILITY FIX: January 13, 2011
All architectures
sp_protocol in RTM_DELETE messages could contain garbage values
***************
*** 123,138 ****
A source code patch exists which remedies this problem.
!
-
010: RELIABILITY FIX: December 20, 2010
All architectures
Bring CBC oracle attack countermeasures to hardware crypto accelerator land.
This fixes aes-ni, via xcrypt and various drivers
! (glxsb(4),
! hifn(4),
! safe(4)
and
! ubsec(4)).
--- 123,138 ----
A source code patch exists which remedies this problem.
!
-
010: RELIABILITY FIX: December 20, 2010
All architectures
Bring CBC oracle attack countermeasures to hardware crypto accelerator land.
This fixes aes-ni, via xcrypt and various drivers
! (glxsb(4),
! hifn(4),
! safe(4)
and
! ubsec(4)).
***************
*** 140,146 ****
!
-
009: SECURITY FIX: December 17, 2010
All architectures
Insufficent initialization of the pf rule structure in the ioctl
--- 140,146 ----
!
-
009: SECURITY FIX: December 17, 2010
All architectures
Insufficent initialization of the pf rule structure in the ioctl
***************
*** 151,157 ****
A source code patch exists which remedies this problem.
!
-
008: RELIABILITY FIX: November 17, 2010
All architectures
Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to
--- 151,157 ----
A source code patch exists which remedies this problem.
!
-
008: RELIABILITY FIX: November 17, 2010
All architectures
Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to
***************
*** 163,169 ****
A source code patch exists which remedies this problem.
!
-
007: RELIABILITY FIX: September 14, 2010
All architectures
Avoid calling scsi_done() more than once in gdt(4). Fixes a kernel panic triggered by syncing disks during shut down.
--- 163,169 ----
A source code patch exists which remedies this problem.
!
-
007: RELIABILITY FIX: September 14, 2010
All architectures
Avoid calling scsi_done() more than once in gdt(4). Fixes a kernel panic triggered by syncing disks during shut down.
***************
*** 173,179 ****
A source code patch exists which remedies this problem.
!
-
006: RELIABILITY FIX: July 8, 2010
All architectures
Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives.
--- 173,179 ----
A source code patch exists which remedies this problem.
!
-
006: RELIABILITY FIX: July 8, 2010
All architectures
Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives.
***************
*** 182,188 ****
A source code patch exists which remedies this problem.
!
-
005: RELIABILITY FIX: May 14, 2010
All architectures
Incorrectly initialized state updates can cause pfsync update storms.
--- 182,188 ----
A source code patch exists which remedies this problem.
!
-
005: RELIABILITY FIX: May 14, 2010
All architectures
Incorrectly initialized state updates can cause pfsync update storms.
***************
*** 191,197 ****
A source code patch exists which remedies this problem.
!
-
004: SECURITY FIX: April 23, 2010
All architectures
The combination of pfsync and IPSEC may crash the kernel.
--- 191,197 ----
A source code patch exists which remedies this problem.
!
-
004: SECURITY FIX: April 23, 2010
All architectures
The combination of pfsync and IPSEC may crash the kernel.
***************
*** 199,205 ****
A source code patch exists which remedies this problem.
!
-
003: SECURITY FIX: April 14, 2010
All architectures
In TLS connections, certain incorrectly formatted records can cause
--- 199,205 ----
A source code patch exists which remedies this problem.
!
-
003: SECURITY FIX: April 14, 2010
All architectures
In TLS connections, certain incorrectly formatted records can cause
***************
*** 209,219 ****
A source code patch exists which remedies this problem.
!
-
002: RELIABILITY FIX: April 4, 2010
All architectures
When updating sensors showing the state of RAID volumes
! mpi(4)
allocates temporary memory and then returns it to the kernel as
device memory.
This causes kernel memory usage to be misrepresented, eventually
--- 209,219 ----
A source code patch exists which remedies this problem.
!
-
002: RELIABILITY FIX: April 4, 2010
All architectures
When updating sensors showing the state of RAID volumes
! mpi(4)
allocates temporary memory and then returns it to the kernel as
device memory.
This causes kernel memory usage to be misrepresented, eventually
***************
*** 224,230 ****
A source code patch exists which remedies this problem.
!
-
001: RELIABILITY FIX: March 31, 2010
All architectures
When decrypting packets, the internal decryption functions were not
--- 224,230 ----
A source code patch exists which remedies this problem.
!
-
001: RELIABILITY FIX: March 31, 2010
All architectures
When decrypting packets, the internal decryption functions were not