=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata54.html,v retrieving revision 1.52 retrieving revision 1.53 diff -c -r1.52 -r1.53 *** www/errata54.html 2017/03/28 04:04:52 1.52 --- www/errata54.html 2017/03/28 06:41:18 1.53 *************** *** 83,93 ****

001: RELIABILITY FIX: Nov 7, 2013 All architectures
A crash can happen on ! pflow(4) interface destruction.
--- 83,93 ----
- 001: RELIABILITY FIX: Nov 7, 2013 All architectures
  A crash can happen on ! pflow(4) interface destruction.
  *************** *** 95,101 **** A source code patch exists which remedies this problem.
  !
- 002: SECURITY FIX: Nov 7, 2013 All architectures
  A memory corruption vulnerability exists in the post-authentication sshd process --- 95,101 ---- A source code patch exists which remedies this problem.
  !
- 002: SECURITY FIX: Nov 7, 2013 All architectures
  A memory corruption vulnerability exists in the post-authentication sshd process *************** *** 109,115 **** A source code patch exists which remedies this problem.
  !
- 003: RELIABILITY FIX: Nov 11, 2013 All architectures
  An unprivileged user may hang the system. --- 109,115 ---- A source code patch exists which remedies this problem.
  !
- 003: RELIABILITY FIX: Nov 11, 2013 All architectures
  An unprivileged user may hang the system. *************** *** 119,129 **** A source code patch exists which remedies this problem.
  !
- 004: SECURITY FIX: Nov 21, 2013 All architectures
  A problem exists in ! nginx(8) which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request. This issue was assigned CVE-2013-4547. --- 119,129 ---- A source code patch exists which remedies this problem.
  !
- 004: SECURITY FIX: Nov 21, 2013 All architectures
  A problem exists in ! nginx(8) which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request. This issue was assigned CVE-2013-4547. *************** *** 132,138 **** A source code patch exists which remedies this problem.
  !
- 005: RELIABILITY FIX: Dec 19, 2013 Strict alignment architectures
  In OpenSSL, use of the SHA384 SSL/TLS ciphers may result in a crash of --- 132,138 ---- A source code patch exists which remedies this problem.
  !
- 005: RELIABILITY FIX: Dec 19, 2013 Strict alignment architectures
  In OpenSSL, use of the SHA384 SSL/TLS ciphers may result in a crash of *************** *** 143,149 **** A source code patch exists which remedies this problem.
  !
- 006: SECURITY FIX: Jan 10, 2014 All architectures
  A BDF font file containing a longer than expected string could overflow --- 143,149 ---- A source code patch exists which remedies this problem.
  !
- 006: SECURITY FIX: Jan 10, 2014 All architectures
  A BDF font file containing a longer than expected string could overflow *************** *** 154,160 **** A source code patch exists which remedies this problem.
  !
- 007: SECURITY FIX: April 8, 2014 All architectures
  Missing bounds checking in OpenSSL's implementation of the TLS/DTLS --- 154,160 ---- A source code patch exists which remedies this problem.
  !
- 007: SECURITY FIX: April 8, 2014 All architectures
  Missing bounds checking in OpenSSL's implementation of the TLS/DTLS *************** *** 164,170 **** A source code patch exists which remedies this problem.
  !
- 008: SECURITY FIX: April 12, 2014 All architectures
  A use-after-free race condition in OpenSSL's read buffer may permit an attacker --- 164,170 ---- A source code patch exists which remedies this problem.
  !
- 008: SECURITY FIX: April 12, 2014 All architectures
  A use-after-free race condition in OpenSSL's read buffer may permit an attacker *************** *** 174,180 **** A source code patch exists which remedies this problem.
  !
- 009: RELIABILITY FIX: May 1, 2014 All architectures
  An attacker can trigger generation of an SSL alert which could cause --- 174,180 ---- A source code patch exists which remedies this problem.
  !
- 009: RELIABILITY FIX: May 1, 2014 All architectures
  An attacker can trigger generation of an SSL alert which could cause *************** *** 184,190 **** A source code patch exists which remedies this problem.
  !
- 010: SECURITY FIX: May 24, 2014 All architectures with X server
  X Font Service Protocol & Font metadata file handling issues in libXfont --- 184,190 ---- A source code patch exists which remedies this problem.
  !
- 010: SECURITY FIX: May 24, 2014 All architectures with X server
  X Font Service Protocol & Font metadata file handling issues in libXfont *************** *** 199,205 **** A source code patch exists which remedies this problem.
  !
- 011: SECURITY FIX: June 5, 2014 All architectures
  Sendmail was not properly closing file descriptions before executing programs. --- 199,205 ---- A source code patch exists which remedies this problem.
  !
- 011: SECURITY FIX: June 5, 2014 All architectures
  Sendmail was not properly closing file descriptions before executing programs. *************** *** 210,216 **** A source code patch exists which remedies this problem.
  !
- 012: SECURITY FIX: June 6, 2014 All architectures
  This patch contains a number of SSL library fixes. --- 210,216 ---- A source code patch exists which remedies this problem.
  !
- 012: SECURITY FIX: June 6, 2014 All architectures
  This patch contains a number of SSL library fixes. *************** *** 219,237 **** A source code patch exists which remedies this problem.
  !
- 013: RELIABILITY FIX: July 30, 2014 All architectures
  Packets with illegal DHCP options can lead to memory exhaustion of ! dhclient(8) and ! dhcpd(8).
  A source code patch exists which remedies this problem.
  !
- 014: SECURITY FIX: August 9, 2014 All architectures
  This patch contains a number of SSL library fixes. --- 219,237 ---- A source code patch exists which remedies this problem.
  !
- 013: RELIABILITY FIX: July 30, 2014 All architectures
  Packets with illegal DHCP options can lead to memory exhaustion of ! dhclient(8) and ! dhcpd(8).
  A source code patch exists which remedies this problem.
  !
- 014: SECURITY FIX: August 9, 2014 All architectures
  This patch contains a number of SSL library fixes. *************** *** 240,246 **** A source code patch exists which remedies this problem.
  !
- 015: SECURITY FIX: October 1, 2014 All architectures
  nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual --- 240,246 ---- A source code patch exists which remedies this problem.
  !
- 015: SECURITY FIX: October 1, 2014 All architectures
  nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual *************** *** 251,257 **** A source code patch exists which remedies this problem.
  !
- 016: RELIABILITY FIX: October 20, 2014 All architectures
  Two remotely triggerable memory leaks in OpenSSL can lead to a denial of --- 251,257 ---- A source code patch exists which remedies this problem.
  !
- 016: RELIABILITY FIX: October 20, 2014 All architectures
  Two remotely triggerable memory leaks in OpenSSL can lead to a denial of *************** *** 261,267 **** A source code patch exists which remedies this problem.
  !
- 017: RELIABILITY FIX: October 20, 2014 All architectures
  Executable headers with an unaligned address will trigger a kernel panic. --- 261,267 ---- A source code patch exists which remedies this problem.
  !
- 017: RELIABILITY FIX: October 20, 2014 All architectures
  Executable headers with an unaligned address will trigger a kernel panic.