===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata47.html,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- www/errata47.html 2014/03/31 03:12:47 1.30
+++ www/errata47.html 2014/03/31 16:02:48 1.31
@@ -77,7 +77,8 @@
-
-013: SECURITY FIX: February 16, 2011 Little-endian architectures
+013: SECURITY FIX: February 16, 2011
+ Little-endian architectures
PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were
not correctly handled on little-endian systems (alpha, amd64, arm, i386,
mips64el, vax). Other address types (bare addresses "10.1.1.1" and
@@ -88,7 +89,8 @@
-
-012: SECURITY FIX: February 11, 2011 All architectures
+012: SECURITY FIX: February 11, 2011
+ All architectures
An incorrectly formatted ClientHello handshake message could cause
OpenSSL to parse past the end of the message. An attacker could use this flaw
to trigger an invalid memory access, causing a crash of an application linked
@@ -105,7 +107,8 @@
-
-011: RELIABILITY FIX: January 13, 2011 All architectures
+011: RELIABILITY FIX: January 13, 2011
+ All architectures
sp_protocol in RTM_DELETE messages could contain garbage values
leading to routing socket users that restrict the AF (such as ospfd)
not seeing any of the RTM_DELETE messages.
@@ -115,7 +118,8 @@
-
-010: RELIABILITY FIX: December 20, 2010 All architectures
+010: RELIABILITY FIX: December 20, 2010
+ All architectures
Bring CBC oracle attack countermeasures to hardware crypto accelerator land.
This fixes aes-ni, via xcrypt and various drivers
(glxsb(4),
@@ -131,7 +135,8 @@
-
-009: SECURITY FIX: December 17, 2010 All architectures
+009: SECURITY FIX: December 17, 2010
+ All architectures
Insufficent initialization of the pf rule structure in the ioctl
handler may allow userland to modify kernel memory. By default root
privileges are needed to add or modify pf rules.
@@ -141,7 +146,8 @@
-
-008: RELIABILITY FIX: November 17, 2010 All architectures
+008: RELIABILITY FIX: November 17, 2010
+ All architectures
Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to
a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded
and use OpenSSL's internal caching mechanism. Servers that are multi-process
@@ -152,7 +158,8 @@
-
-007: RELIABILITY FIX: September 14, 2010 All architectures
+007: RELIABILITY FIX: September 14, 2010
+ All architectures
Avoid calling scsi_done() more than once in gdt(4). Fixes a kernel panic triggered by syncing disks during shut down.
Clear the ITSDONE flag before issuing commands to the SCSI adapter. Fixes handling of retried SCSI commands.
@@ -161,7 +168,8 @@
-
-006: RELIABILITY FIX: July 8, 2010 All architectures
+006: RELIABILITY FIX: July 8, 2010
+ All architectures
Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives.
@@ -169,7 +177,8 @@
-
-005: RELIABILITY FIX: May 14, 2010 All architectures
+005: RELIABILITY FIX: May 14, 2010
+ All architectures
Incorrectly initialized state updates can cause pfsync update storms.
@@ -177,14 +186,16 @@
-
-004: SECURITY FIX: April 23, 2010 All architectures
+004: SECURITY FIX: April 23, 2010
+ All architectures
The combination of pfsync and IPSEC may crash the kernel.
A source code patch exists which remedies this problem.
-
-003: SECURITY FIX: April 14, 2010 All architectures
+003: SECURITY FIX: April 14, 2010
+ All architectures
In TLS connections, certain incorrectly formatted records can cause
an OpenSSL client or server to crash due to a read attempt at NULL.
@@ -193,7 +204,8 @@
-
-002: RELIABILITY FIX: April 4, 2010 All architectures
+002: RELIABILITY FIX: April 4, 2010
+ All architectures
When updating sensors showing the state of RAID volumes
mpi(4)
allocates temporary memory and then returns it to the kernel as
@@ -207,7 +219,8 @@
-
-001: RELIABILITY FIX: March 31, 2010 All architectures
+001: RELIABILITY FIX: March 31, 2010
+ All architectures
When decrypting packets, the internal decryption functions were not
paranoid enough in checking for underruns, which could potentially
lead to crashes.