www/errata53.html - diff

Return to errata53.html CVS log

Up to [local] / www

Diff for /www/errata53.html between version 1.23 and 1.24

version 1.23, 2014/03/31 03:12:47

version 1.24, 2014/03/31 16:02:48

Line 77

<ul>

001: RELIABILITY FIX: March 15, 2013   All architectures

001: RELIABILITY FIX: March 15, 2013

All architectures

A rare condition during session startup may cause bgpd to replace

an active session leading to unknown consequences. Bug found by

inspection (we do not know how to reproduce it, consider that a challenge).

Line 88

Line 89

002: RELIABILITY FIX: May 5, 2013   All architectures

002: RELIABILITY FIX: May 5, 2013

All architectures

A flaw exists in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4"

>vr(4)</a> driver that may cause it to not recover from some error conditions.

Line 98

Line 100

003: RELIABILITY FIX: May 17, 2013   All architectures

003: RELIABILITY FIX: May 17, 2013

All architectures

A problem exists in

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nginx&sektion=8">nginx(8)</a>

if proxy_pass is used with untrusted HTTP backend servers.

Line 112

Line 115

004: RELIABILITY FIX: May 17, 2013   All architectures

004: RELIABILITY FIX: May 17, 2013

All architectures

As discovered by Peter Philipp, it is possible for an unprivileged user

process to trigger deleting the undeletable RNF_ROOT route, resulting in

a kernel panic.

Line 123

Line 127

005: RELIABILITY FIX: May 31, 2013   All architectures

005: RELIABILITY FIX: May 31, 2013

All architectures

A local denial of service is possible by an unprivileged user if the

SIOCSIFADDR ioctl is performed upon an AF_INET6 socket with a specially

crafted parameter.

Line 133

Line 138

006: RELIABILITY FIX: June 12, 2013   All architectures

006: RELIABILITY FIX: June 12, 2013

All architectures

A denial of services was discovered where certain combinations of

TFTP options could cause OACK generation to fail, which in turn

caused a double free in tftpd.

Line 143

Line 149

007: RELIABILITY FIX: June 12, 2013   All architectures

007: RELIABILITY FIX: June 12, 2013

All architectures

Two flaws in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vio&sektion=4">vio(4)</a>

driver may cause a kernel panic, and may cause IPv6 neighbour discovery to fail

due to multicast receive problems.

Line 152

Line 159

008: RELIABILITY FIX: Nov 7, 2013   All architectures

008: RELIABILITY FIX: Nov 7, 2013

All architectures

A crash can happen on pflow(4) interface destruction.

Line 161

Line 169

009: SECURITY FIX: Nov 7, 2013   All architectures

009: SECURITY FIX: Nov 7, 2013

All architectures

A memory corruption vulnerability exists in the post-authentication sshd process

when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is

selected during kex exchange.

Line 175

Line 184

010: RELIABILITY FIX: Nov 11, 2013   All architectures

010: RELIABILITY FIX: Nov 11, 2013

All architectures

An unprivileged user may hang the system.

Line 184

Line 194

011: SECURITY FIX: Nov 21, 2013   All architectures

011: SECURITY FIX: Nov 21, 2013

All architectures

A problem exists in

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nginx&sektion=8">nginx(8)</a>

which might allow an attacker to bypass security restrictions in certain

Line 196

Line 207

012: RELIABILITY FIX: Dec 19, 2013   Strict alignment architectures

012: RELIABILITY FIX: Dec 19, 2013

Strict alignment architectures

In OpenSSL, use of the SHA384 SSL/TLS ciphers may result in a crash of

the application. The i386, amd64, vax and m68k platforms aren't

affected.

Line 206

Line 218

013: SECURITY FIX: Jan 10, 2014   All architectures

013: SECURITY FIX: Jan 10, 2014

All architectures

A BDF font file containing a longer than expected string could overflow

a buffer on the stack in the X server.

This issue was assigned CVE-2013-6462.