=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata54.html,v retrieving revision 1.49 retrieving revision 1.50 diff -u -r1.49 -r1.50 --- www/errata54.html 2016/08/15 02:22:06 1.49 +++ www/errata54.html 2016/10/16 19:11:30 1.50 @@ -70,7 +70,7 @@
- + You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

@@ -94,7 +94,7 @@ interface destruction.
- + A source code patch exists which remedies this problem.

@@ -104,11 +104,11 @@ A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during kex exchange. -Review the gcmrekey advisory +Review the gcmrekey advisory for a mitigation.
- + A source code patch exists which remedies this problem.

@@ -118,7 +118,7 @@ An unprivileged user may hang the system.
- + A source code patch exists which remedies this problem.

@@ -131,7 +131,7 @@ configurations by using a specially crafted request. This issue was assigned CVE-2013-4547.
- + A source code patch exists which remedies this problem.

@@ -142,7 +142,7 @@ the application. The i386, amd64, vax and m68k platforms aren't affected.
- + A source code patch exists which remedies this problem.

@@ -153,7 +153,7 @@ a buffer on the stack in the X server. This issue was assigned CVE-2013-6462.
- + A source code patch exists which remedies this problem.

@@ -163,7 +163,7 @@ Missing bounds checking in OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520) which can result in a leak of memory contents.
- + A source code patch exists which remedies this problem.

@@ -173,7 +173,7 @@ A use-after-free race condition in OpenSSL's read buffer may permit an attacker to inject data from one connection into another.
- + A source code patch exists which remedies this problem.

@@ -183,7 +183,7 @@ An attacker can trigger generation of an SSL alert which could cause a null pointer dereference.
- + A source code patch exists which remedies this problem.

@@ -198,7 +198,7 @@ Please see the advisory for more information.
- + A source code patch exists which remedies this problem.

@@ -209,7 +209,7 @@ This could enable local users to interfere with an open SMTP connection. This issue was assigned CVE-2014-3956.
- + A source code patch exists which remedies this problem.

@@ -218,7 +218,7 @@   All architectures
This patch contains a number of SSL library fixes.
- + A source code patch exists which remedies this problem.

@@ -230,7 +230,7 @@ and dhcpd(8).
- + A source code patch exists which remedies this problem.

@@ -239,7 +239,7 @@   All architectures
This patch contains a number of SSL library fixes.
- + A source code patch exists which remedies this problem.

@@ -250,7 +250,7 @@ host confusion attacks in some configurations. This issue was assigned CVE-2014-3616.
- + A source code patch exists which remedies this problem.

@@ -260,7 +260,7 @@ Two remotely triggerable memory leaks in OpenSSL can lead to a denial of service in server applications.
- + A source code patch exists which remedies this problem.

@@ -269,7 +269,7 @@   All architectures
Executable headers with an unaligned address will trigger a kernel panic.
- + A source code patch exists which remedies this problem.