| version 1.6, 2011/01/13 16:36:58 |
version 1.7, 2011/02/16 20:37:28 |
|
|
| <a name="zaurus"></a> |
<a name="zaurus"></a> |
| |
|
| <ul> |
<ul> |
| |
<li><a name="010_sis"></a> |
| |
<font color="#009000"><strong>010: RELIABILITY FIX: February 16, 2011</strong></font> <i>All architectures</i><br> |
| |
The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sis&sektion=4">sis(4)</a> |
| |
driver may hand over stale ring descriptors to the hardware if the compiler decides |
| |
to re-order stores or if the hardware does store-reordering. |
| |
<br> |
| |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.8/common/010_sis.patch"> |
| |
A source code patch exists which remedies this problem</a>.<br> |
| |
<p> |
| |
|
| |
<li><a name="009_pf"></a> |
| |
<font color="#009000"><strong>009: SECURITY FIX: February 16, 2011</strong></font> <i>Little-endian |
| |
architectures</i><br> |
| |
PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were |
| |
not correctly handled on little-endian systems (alpha, amd64, arm, i386, |
| |
mips64el, vax). Other address types (bare addresses "10.1.1.1" and |
| |
prefixes "10.1.1.1/30") are not affected. |
| |
<br> |
| |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.8/common/009_pf.patch"> |
| |
A source code patch exists which remedies this problem</a>.<br> |
| |
<p> |
| |
|
| |
<li><a name="008_openssl"></a> |
| |
<font color="#009000"><strong>008: SECURITY FIX: February 11, 2011</strong></font> <i>All architectures</i><br> |
| |
An incorrectly formatted ClientHello handshake message could cause |
| |
OpenSSL to parse past the end of the message. An attacker could use this flaw |
| |
to trigger an invalid memory access, causing a crash of an application linked |
| |
to OpenSSL. As well, certain applications may expose the contents of parsed |
| |
OCSP extensions, specifically the OCSP nonce extension. |
| |
<p> |
| |
Applications are only affected if they act as a server and call |
| |
SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed |
| |
that nothing in the base OS uses this. Apache httpd started using this |
| |
in v2.3.3; this is newer than the version in ports. |
| |
<br> |
| |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.8/common/008_openssl.patch"> |
| |
A source code patch exists which remedies this problem</a>.<br> |
| |
<p> |
| |
|
| <li><a name="007_rtsock"></a> |
<li><a name="007_rtsock"></a> |
| <font color="#009000"><strong>007: RELIABILITY FIX: January 13, 2011</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>007: RELIABILITY FIX: January 13, 2011</strong></font> <i>All architectures</i><br> |
| sp_protocol in RTM_DELETE messages could contain garbage values |
sp_protocol in RTM_DELETE messages could contain garbage values |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata48.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www