===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata54.html,v
retrieving revision 1.52
retrieving revision 1.53
diff -c -r1.52 -r1.53
*** www/errata54.html 2017/03/28 04:04:52 1.52
--- www/errata54.html 2017/03/28 06:41:18 1.53
***************
*** 83,93 ****
! -
001: RELIABILITY FIX: Nov 7, 2013
All architectures
A crash can happen on
! pflow(4)
interface destruction.
--- 83,93 ----
! -
001: RELIABILITY FIX: Nov 7, 2013
All architectures
A crash can happen on
! pflow(4)
interface destruction.
***************
*** 95,101 ****
A source code patch exists which remedies this problem.
!
-
002: SECURITY FIX: Nov 7, 2013
All architectures
A memory corruption vulnerability exists in the post-authentication sshd process
--- 95,101 ----
A source code patch exists which remedies this problem.
!
-
002: SECURITY FIX: Nov 7, 2013
All architectures
A memory corruption vulnerability exists in the post-authentication sshd process
***************
*** 109,115 ****
A source code patch exists which remedies this problem.
!
-
003: RELIABILITY FIX: Nov 11, 2013
All architectures
An unprivileged user may hang the system.
--- 109,115 ----
A source code patch exists which remedies this problem.
!
-
003: RELIABILITY FIX: Nov 11, 2013
All architectures
An unprivileged user may hang the system.
***************
*** 119,129 ****
A source code patch exists which remedies this problem.
!
-
004: SECURITY FIX: Nov 21, 2013
All architectures
A problem exists in
! nginx(8)
which might allow an attacker to bypass security restrictions in certain
configurations by using a specially crafted request.
This issue was assigned CVE-2013-4547.
--- 119,129 ----
A source code patch exists which remedies this problem.
!
-
004: SECURITY FIX: Nov 21, 2013
All architectures
A problem exists in
! nginx(8)
which might allow an attacker to bypass security restrictions in certain
configurations by using a specially crafted request.
This issue was assigned CVE-2013-4547.
***************
*** 132,138 ****
A source code patch exists which remedies this problem.
!
-
005: RELIABILITY FIX: Dec 19, 2013
Strict alignment architectures
In OpenSSL, use of the SHA384 SSL/TLS ciphers may result in a crash of
--- 132,138 ----
A source code patch exists which remedies this problem.
!
-
005: RELIABILITY FIX: Dec 19, 2013
Strict alignment architectures
In OpenSSL, use of the SHA384 SSL/TLS ciphers may result in a crash of
***************
*** 143,149 ****
A source code patch exists which remedies this problem.
!
-
006: SECURITY FIX: Jan 10, 2014
All architectures
A BDF font file containing a longer than expected string could overflow
--- 143,149 ----
A source code patch exists which remedies this problem.
!
-
006: SECURITY FIX: Jan 10, 2014
All architectures
A BDF font file containing a longer than expected string could overflow
***************
*** 154,160 ****
A source code patch exists which remedies this problem.
!
-
007: SECURITY FIX: April 8, 2014
All architectures
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
--- 154,160 ----
A source code patch exists which remedies this problem.
!
-
007: SECURITY FIX: April 8, 2014
All architectures
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
***************
*** 164,170 ****
A source code patch exists which remedies this problem.
!
-
008: SECURITY FIX: April 12, 2014
All architectures
A use-after-free race condition in OpenSSL's read buffer may permit an attacker
--- 164,170 ----
A source code patch exists which remedies this problem.
!
-
008: SECURITY FIX: April 12, 2014
All architectures
A use-after-free race condition in OpenSSL's read buffer may permit an attacker
***************
*** 174,180 ****
A source code patch exists which remedies this problem.
!
-
009: RELIABILITY FIX: May 1, 2014
All architectures
An attacker can trigger generation of an SSL alert which could cause
--- 174,180 ----
A source code patch exists which remedies this problem.
!
-
009: RELIABILITY FIX: May 1, 2014
All architectures
An attacker can trigger generation of an SSL alert which could cause
***************
*** 184,190 ****
A source code patch exists which remedies this problem.
!
-
010: SECURITY FIX: May 24, 2014
All architectures with X server
X Font Service Protocol & Font metadata file handling issues in libXfont
--- 184,190 ----
A source code patch exists which remedies this problem.
!
-
010: SECURITY FIX: May 24, 2014
All architectures with X server
X Font Service Protocol & Font metadata file handling issues in libXfont
***************
*** 199,205 ****
A source code patch exists which remedies this problem.
!
-
011: SECURITY FIX: June 5, 2014
All architectures
Sendmail was not properly closing file descriptions before executing programs.
--- 199,205 ----
A source code patch exists which remedies this problem.
!
-
011: SECURITY FIX: June 5, 2014
All architectures
Sendmail was not properly closing file descriptions before executing programs.
***************
*** 210,216 ****
A source code patch exists which remedies this problem.
!
-
012: SECURITY FIX: June 6, 2014
All architectures
This patch contains a number of SSL library fixes.
--- 210,216 ----
A source code patch exists which remedies this problem.
!
-
012: SECURITY FIX: June 6, 2014
All architectures
This patch contains a number of SSL library fixes.
***************
*** 219,237 ****
A source code patch exists which remedies this problem.
!
-
013: RELIABILITY FIX: July 30, 2014
All architectures
Packets with illegal DHCP options can lead to memory exhaustion of
! dhclient(8)
and
! dhcpd(8).
A source code patch exists which remedies this problem.
!
-
014: SECURITY FIX: August 9, 2014
All architectures
This patch contains a number of SSL library fixes.
--- 219,237 ----
A source code patch exists which remedies this problem.
!
-
013: RELIABILITY FIX: July 30, 2014
All architectures
Packets with illegal DHCP options can lead to memory exhaustion of
! dhclient(8)
and
! dhcpd(8).
A source code patch exists which remedies this problem.
!
-
014: SECURITY FIX: August 9, 2014
All architectures
This patch contains a number of SSL library fixes.
***************
*** 240,246 ****
A source code patch exists which remedies this problem.
!
-
015: SECURITY FIX: October 1, 2014
All architectures
nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual
--- 240,246 ----
A source code patch exists which remedies this problem.
!
-
015: SECURITY FIX: October 1, 2014
All architectures
nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual
***************
*** 251,257 ****
A source code patch exists which remedies this problem.
!
-
016: RELIABILITY FIX: October 20, 2014
All architectures
Two remotely triggerable memory leaks in OpenSSL can lead to a denial of
--- 251,257 ----
A source code patch exists which remedies this problem.
!
-
016: RELIABILITY FIX: October 20, 2014
All architectures
Two remotely triggerable memory leaks in OpenSSL can lead to a denial of
***************
*** 261,267 ****
A source code patch exists which remedies this problem.
!
-
017: RELIABILITY FIX: October 20, 2014
All architectures
Executable headers with an unaligned address will trigger a kernel panic.
--- 261,267 ----
A source code patch exists which remedies this problem.
!
-
017: RELIABILITY FIX: October 20, 2014
All architectures
Executable headers with an unaligned address will trigger a kernel panic.