Return to errata54.html CVS log | Up to [local] / www |
version 1.49, 2016/08/15 02:22:06 | version 1.50, 2016/10/16 19:11:30 | ||
---|---|---|---|
|
|
||
<br> | <br> | ||
<hr> | <hr> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4.tar.gz"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4.tar.gz"> | ||
You can also fetch a tar.gz file containing all the following patches</a>. | You can also fetch a tar.gz file containing all the following patches</a>. | ||
This file is updated once a day. | This file is updated once a day. | ||
<p> | <p> | ||
|
|
||
interface destruction. | interface destruction. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/001_pflow.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/001_pflow.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
A memory corruption vulnerability exists in the post-authentication sshd process | A memory corruption vulnerability exists in the post-authentication sshd process | ||
when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is | when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is | ||
selected during kex exchange. | selected during kex exchange. | ||
Review the <a href="http://www.openssh.com/txt/gcmrekey.adv">gcmrekey advisory</a> | Review the <a href="https://www.openssh.com/txt/gcmrekey.adv">gcmrekey advisory</a> | ||
for a mitigation. | for a mitigation. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/002_sshgcm.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/002_sshgcm.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
An unprivileged user may hang the system. | An unprivileged user may hang the system. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/003_vnode.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/003_vnode.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
configurations by using a specially crafted request. | configurations by using a specially crafted request. | ||
This issue was assigned CVE-2013-4547. | This issue was assigned CVE-2013-4547. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/004_nginx.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/004_nginx.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
the application. The i386, amd64, vax and m68k platforms aren't | the application. The i386, amd64, vax and m68k platforms aren't | ||
affected. | affected. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/005_sha512.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/005_sha512.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
a buffer on the stack in the X server. | a buffer on the stack in the X server. | ||
This issue was assigned CVE-2013-6462. | This issue was assigned CVE-2013-6462. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/006_libXfont.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/006_libXfont.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS | Missing bounds checking in OpenSSL's implementation of the TLS/DTLS | ||
heartbeat extension (RFC6520) which can result in a leak of memory contents. | heartbeat extension (RFC6520) which can result in a leak of memory contents. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/007_openssl.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/007_openssl.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
A use-after-free race condition in OpenSSL's read buffer may permit an attacker | A use-after-free race condition in OpenSSL's read buffer may permit an attacker | ||
to inject data from one connection into another. | to inject data from one connection into another. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
An attacker can trigger generation of an SSL alert which could cause | An attacker can trigger generation of an SSL alert which could cause | ||
a null pointer dereference. | a null pointer dereference. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/009_openssl.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/009_openssl.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
</ul> | </ul> | ||
Please see <a href="http://lists.x.org/archives/xorg-announce/2014-May/002431.html">the advisory</a> for more information. | Please see <a href="http://lists.x.org/archives/xorg-announce/2014-May/002431.html">the advisory</a> for more information. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/010_libXfont.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/010_libXfont.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
This could enable local users to interfere with an open SMTP connection. | This could enable local users to interfere with an open SMTP connection. | ||
This issue was assigned CVE-2014-3956. | This issue was assigned CVE-2014-3956. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/011_sendmail.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/011_sendmail.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
<i>All architectures</i><br> | <i>All architectures</i><br> | ||
This patch contains a number of SSL library fixes. | This patch contains a number of SSL library fixes. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/012_openssl.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/012_openssl.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
and | and | ||
<a href="http://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a>. | <a href="http://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a>. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/013_dhcp.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/013_dhcp.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
<i>All architectures</i><br> | <i>All architectures</i><br> | ||
This patch contains a number of SSL library fixes. | This patch contains a number of SSL library fixes. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/014_openssl.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/014_openssl.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
host confusion attacks in some configurations. | host confusion attacks in some configurations. | ||
This issue was assigned CVE-2014-3616. | This issue was assigned CVE-2014-3616. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/015_nginx.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/015_nginx.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
Two remotely triggerable memory leaks in OpenSSL can lead to a denial of | Two remotely triggerable memory leaks in OpenSSL can lead to a denial of | ||
service in server applications. | service in server applications. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/016_openssl.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/016_openssl.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||
|
|
||
<i>All architectures</i><br> | <i>All architectures</i><br> | ||
Executable headers with an unaligned address will trigger a kernel panic. | Executable headers with an unaligned address will trigger a kernel panic. | ||
<br> | <br> | ||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/017_kernexec.patch"> | <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/017_kernexec.patch"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> | ||