www/errata47.html - diff - 1.47

Return to errata47.html CVS log

Up to [local] / www

Diff for /www/errata47.html between version 1.46 and 1.47

version 1.46, 2016/08/15 02:22:06

version 1.47, 2016/10/16 19:11:30

Line 70

Line 70

<br>

<br>

<hr>

<hr>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7.tar.gz">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7.tar.gz">

You can also fetch a tar.gz file containing all the following patches</a>.

You can also fetch a tar.gz file containing all the following patches</a>.

This file is updated once a day.

This file is updated once a day.

<p>

<p>

Line 94

Line 94

mips64el, vax). Other address types (bare addresses "10.1.1.1" and

mips64el, vax). Other address types (bare addresses "10.1.1.1" and

prefixes "10.1.1.1/30") are not affected.

prefixes "10.1.1.1/30") are not affected.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/013_pf.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/013_pf.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 112

Line 112

that nothing in the base OS uses this. Apache httpd started using this

that nothing in the base OS uses this. Apache httpd started using this

in v2.3.3; this is newer than the version in ports.

in v2.3.3; this is newer than the version in ports.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/012_openssl.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/012_openssl.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 123

Line 123

leading to routing socket users that restrict the AF (such as ospfd)

leading to routing socket users that restrict the AF (such as ospfd)

not seeing any of the RTM_DELETE messages.

not seeing any of the RTM_DELETE messages.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/011_rtsock.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/011_rtsock.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 139

Line 139

<a href="http://man.openbsd.org/?query=ubsec&sektion=4">ubsec(4)</a>).

<a href="http://man.openbsd.org/?query=ubsec&sektion=4">ubsec(4)</a>).

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/010_cbc.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/010_cbc.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 151

Line 151

handler may allow userland to modify kernel memory. By default root

handler may allow userland to modify kernel memory. By default root

privileges are needed to add or modify pf rules.

privileges are needed to add or modify pf rules.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/009_pf.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/009_pf.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 163

Line 163

and use OpenSSL's internal caching mechanism. Servers that are multi-process

and use OpenSSL's internal caching mechanism. Servers that are multi-process

and/or disable internal session caching are not affected.

and/or disable internal session caching are not affected.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/008_openssl.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/008_openssl.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 173

Line 173

Avoid calling scsi_done() more than once in gdt(4). Fixes a kernel panic triggered by syncing disks during shut down.<br>

Avoid calling scsi_done() more than once in gdt(4). Fixes a kernel panic triggered by syncing disks during shut down.<br>

Clear the ITSDONE flag before issuing commands to the SCSI adapter. Fixes handling of retried SCSI commands.

Clear the ITSDONE flag before issuing commands to the SCSI adapter. Fixes handling of retried SCSI commands.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/007_scsi.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/007_scsi.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 182

Line 182

  <i>All architectures</i><br>

  <i>All architectures</i><br>

Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives.

Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/006_scsi.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/006_scsi.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 191

Line 191

  <i>All architectures</i><br>

  <i>All architectures</i><br>

Incorrectly initialized state updates can cause pfsync update storms.

Incorrectly initialized state updates can cause pfsync update storms.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/005_pfsync.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/005_pfsync.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 199

Line 199

<font color="#009000"><strong>004: SECURITY FIX: April 23, 2010</strong></font>

<font color="#009000"><strong>004: SECURITY FIX: April 23, 2010</strong></font>

  <i>All architectures</i><br>

  <i>All architectures</i><br>

The combination of pfsync and IPSEC may crash the kernel.<br>

The combination of pfsync and IPSEC may crash the kernel.<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/004_pfsync.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/004_pfsync.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 209

Line 209

In TLS connections, certain incorrectly formatted records can cause

In TLS connections, certain incorrectly formatted records can cause

an OpenSSL client or server to crash due to a read attempt at NULL.

an OpenSSL client or server to crash due to a read attempt at NULL.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/003_openssl.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/003_openssl.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 224

Line 224

leading to a denial of service when a resource limit is apparently

leading to a denial of service when a resource limit is apparently

reached.

reached.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/002_mpi.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/002_mpi.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>

Line 235

Line 235

paranoid enough in checking for underruns, which could potentially

paranoid enough in checking for underruns, which could potentially

lead to crashes.

lead to crashes.

<br>

<br>

<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/001_kerberos.patch">

<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/001_kerberos.patch">

A source code patch exists which remedies this problem.</a>

A source code patch exists which remedies this problem.</a>

<p>

<p>