=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata47.html,v retrieving revision 1.56 retrieving revision 1.57 diff -c -r1.56 -r1.57 *** www/errata47.html 2019/05/27 22:55:20 1.56 --- www/errata47.html 2019/05/28 16:32:42 1.57 *************** *** 84,167 ****

! 013: SECURITY FIX: February 16, 2011 ! Little-endian architectures
! PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were ! not correctly handled on little-endian systems (alpha, amd64, arm, i386, ! mips64el, vax). Other address types (bare addresses "10.1.1.1" and ! prefixes "10.1.1.1/30") are not affected.
! A source code patch exists which remedies this problem.
!
! 012: SECURITY FIX: February 11, 2011 All architectures
! An incorrectly formatted ClientHello handshake message could cause ! OpenSSL to parse past the end of the message. An attacker could use this flaw ! to trigger an invalid memory access, causing a crash of an application linked ! to OpenSSL. As well, certain applications may expose the contents of parsed ! OCSP extensions, specifically the OCSP nonce extension. !
! Applications are only affected if they act as a server and call ! SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed ! that nothing in the base OS uses this. Apache httpd started using this ! in v2.3.3; this is newer than the version in ports.
! A source code patch exists which remedies this problem.
!
! 011: RELIABILITY FIX: January 13, 2011 All architectures
! sp_protocol in RTM_DELETE messages could contain garbage values ! leading to routing socket users that restrict the AF (such as ospfd) ! not seeing any of the RTM_DELETE messages.
! A source code patch exists which remedies this problem.
!
! 010: RELIABILITY FIX: December 20, 2010 All architectures
! Bring CBC oracle attack countermeasures to hardware crypto accelerator land. ! This fixes aes-ni, via xcrypt and various drivers ! (glxsb(4), ! hifn(4), ! safe(4) ! and ! ubsec(4)). ! !
! A source code patch exists which remedies this problem.
! !
! 009: SECURITY FIX: December 17, 2010 All architectures
! Insufficent initialization of the pf rule structure in the ioctl ! handler may allow userland to modify kernel memory. By default root ! privileges are needed to add or modify pf rules.
! A source code patch exists which remedies this problem.
!
! 008: RELIABILITY FIX: November 17, 2010 All architectures
! Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to ! a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded ! and use OpenSSL's internal caching mechanism. Servers that are multi-process ! and/or disable internal session caching are not affected.
! A source code patch exists which remedies this problem.
--- 84,149 ----
- ! 001: RELIABILITY FIX: March 31, 2010 ! All architectures
  ! When decrypting packets, the internal decryption functions were not ! paranoid enough in checking for underruns, which could potentially ! lead to crashes.
  ! A source code patch exists which remedies this problem.
  !
- ! 002: RELIABILITY FIX: April 4, 2010 All architectures
  ! When updating sensors showing the state of RAID volumes ! mpi(4) ! allocates temporary memory and then returns it to the kernel as ! device memory. ! This causes kernel memory usage to be misrepresented, eventually ! leading to a denial of service when a resource limit is apparently ! reached.
  ! A source code patch exists which remedies this problem.
  !
- ! 003: SECURITY FIX: April 14, 2010 All architectures
  ! In TLS connections, certain incorrectly formatted records can cause ! an OpenSSL client or server to crash due to a read attempt at NULL.
  ! A source code patch exists which remedies this problem.
  !
- ! 004: SECURITY FIX: April 23, 2010 All architectures
  ! The combination of pfsync and IPSEC may crash the kernel.
  ! A source code patch exists which remedies this problem.
  !
- ! 005: RELIABILITY FIX: May 14, 2010 All architectures
  ! Incorrectly initialized state updates can cause pfsync update storms.
  ! A source code patch exists which remedies this problem.
  !
- ! 006: RELIABILITY FIX: July 8, 2010 All architectures
  ! Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives.
  ! A source code patch exists which remedies this problem.
  *************** *** 175,239 **** A source code patch exists which remedies this problem.
  !
- ! 006: RELIABILITY FIX: July 8, 2010 All architectures
  ! Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives.
  ! A source code patch exists which remedies this problem.
  !
- ! 005: RELIABILITY FIX: May 14, 2010 All architectures
  ! Incorrectly initialized state updates can cause pfsync update storms.
  ! A source code patch exists which remedies this problem.
  !
- ! 004: SECURITY FIX: April 23, 2010 All architectures
  ! The combination of pfsync and IPSEC may crash the kernel.
  ! A source code patch exists which remedies this problem.
  !
- ! 003: SECURITY FIX: April 14, 2010 All architectures
  ! In TLS connections, certain incorrectly formatted records can cause ! an OpenSSL client or server to crash due to a read attempt at NULL.
  ! A source code patch exists which remedies this problem.
  !
- ! 002: RELIABILITY FIX: April 4, 2010 All architectures
  ! When updating sensors showing the state of RAID volumes ! mpi(4) ! allocates temporary memory and then returns it to the kernel as ! device memory. ! This causes kernel memory usage to be misrepresented, eventually ! leading to a denial of service when a resource limit is apparently ! reached.
  ! A source code patch exists which remedies this problem.
  !
- ! 001: RELIABILITY FIX: March 31, 2010 ! All architectures
  ! When decrypting packets, the internal decryption functions were not ! paranoid enough in checking for underruns, which could potentially ! lead to crashes.
  ! A source code patch exists which remedies this problem.
  --- 157,238 ---- A source code patch exists which remedies this problem.
  !
- ! 008: RELIABILITY FIX: November 17, 2010 All architectures
  ! Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to ! a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded ! and use OpenSSL's internal caching mechanism. Servers that are multi-process ! and/or disable internal session caching are not affected.
  ! A source code patch exists which remedies this problem.
  !
- ! 009: SECURITY FIX: December 17, 2010 All architectures
  ! Insufficent initialization of the pf rule structure in the ioctl ! handler may allow userland to modify kernel memory. By default root ! privileges are needed to add or modify pf rules.
  ! A source code patch exists which remedies this problem.
  !
- ! 010: RELIABILITY FIX: December 20, 2010 All architectures
  ! Bring CBC oracle attack countermeasures to hardware crypto accelerator land. ! This fixes aes-ni, via xcrypt and various drivers ! (glxsb(4), ! hifn(4), ! safe(4) ! and ! ubsec(4)). !
  ! A source code patch exists which remedies this problem.
  !
- ! 011: RELIABILITY FIX: January 13, 2011 All architectures
  ! sp_protocol in RTM_DELETE messages could contain garbage values ! leading to routing socket users that restrict the AF (such as ospfd) ! not seeing any of the RTM_DELETE messages.
  ! A source code patch exists which remedies this problem.
  !
- ! 012: SECURITY FIX: February 11, 2011 All architectures
  ! An incorrectly formatted ClientHello handshake message could cause ! OpenSSL to parse past the end of the message. An attacker could use this flaw ! to trigger an invalid memory access, causing a crash of an application linked ! to OpenSSL. As well, certain applications may expose the contents of parsed ! OCSP extensions, specifically the OCSP nonce extension. !
  ! Applications are only affected if they act as a server and call ! SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed ! that nothing in the base OS uses this. Apache httpd started using this ! in v2.3.3; this is newer than the version in ports.
  ! A source code patch exists which remedies this problem.
  !
- ! 013: SECURITY FIX: February 16, 2011 ! Little-endian architectures
  ! PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were ! not correctly handled on little-endian systems (alpha, amd64, arm, i386, ! mips64el, vax). Other address types (bare addresses "10.1.1.1" and ! prefixes "10.1.1.1/30") are not affected.
  ! A source code patch exists which remedies this problem.