===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata55.html,v
retrieving revision 1.49
retrieving revision 1.50
diff -c -r1.49 -r1.50
*** www/errata55.html 2016/08/15 02:22:06 1.49
--- www/errata55.html 2016/10/16 19:11:30 1.50
***************
*** 71,77 ****
--- 71,77 ----
***************
*** 94,100 ****
Memory corruption happens during
ICMP reflection handling. ICMP reflection is disabled by default.
!
A source code patch exists which remedies this problem.
--- 94,100 ----
Memory corruption happens during
ICMP reflection handling. ICMP reflection is disabled by default.
!
A source code patch exists which remedies this problem.
***************
*** 104,110 ****
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
heartbeat extension (RFC6520) which can result in a leak of memory contents.
!
A source code patch exists which remedies this problem.
--- 104,110 ----
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
heartbeat extension (RFC6520) which can result in a leak of memory contents.
!
A source code patch exists which remedies this problem.
***************
*** 115,121 ****
ftp(1)
utility.
!
A source code patch exists which remedies this problem.
--- 115,121 ----
ftp(1)
utility.
!
A source code patch exists which remedies this problem.
***************
*** 125,131 ****
A use-after-free race condition in OpenSSL's read buffer may permit an attacker
to inject data from one connection into another.
!
A source code patch exists which remedies this problem.
--- 125,131 ----
A use-after-free race condition in OpenSSL's read buffer may permit an attacker
to inject data from one connection into another.
!
A source code patch exists which remedies this problem.
***************
*** 135,141 ****
An attacker can trigger generation of an SSL alert which could cause
a null pointer dereference.
!
A source code patch exists which remedies this problem.
--- 135,141 ----
An attacker can trigger generation of an SSL alert which could cause
a null pointer dereference.
!
A source code patch exists which remedies this problem.
***************
*** 150,156 ****
Please see the advisory for more information.
!
A source code patch exists which remedies this problem.
--- 150,156 ----
Please see the advisory for more information.
!
A source code patch exists which remedies this problem.
***************
*** 161,167 ****
This could enable local users to interfere with an open SMTP connection.
This issue was assigned CVE-2014-3956.
!
A source code patch exists which remedies this problem.
--- 161,167 ----
This could enable local users to interfere with an open SMTP connection.
This issue was assigned CVE-2014-3956.
!
A source code patch exists which remedies this problem.
***************
*** 170,176 ****
All architectures
This patch contains a number of SSL library fixes.
!
A source code patch exists which remedies this problem.
--- 170,176 ----
All architectures
This patch contains a number of SSL library fixes.
!
A source code patch exists which remedies this problem.
***************
*** 182,188 ****
and
dhcpd(8).
!
A source code patch exists which remedies this problem.
--- 182,188 ----
and
dhcpd(8).
!
A source code patch exists which remedies this problem.
***************
*** 191,197 ****
All architectures
This patch contains a number of SSL library fixes.
!
A source code patch exists which remedies this problem.
--- 191,197 ----
All architectures
This patch contains a number of SSL library fixes.
!
A source code patch exists which remedies this problem.
***************
*** 202,208 ****
host confusion attacks in some configurations.
This issue was assigned CVE-2014-3616.
!
A source code patch exists which remedies this problem.
--- 202,208 ----
host confusion attacks in some configurations.
This issue was assigned CVE-2014-3616.
!
A source code patch exists which remedies this problem.
***************
*** 212,218 ****
Two remotely triggerable memory leaks in OpenSSL can lead to a denial of
service in server applications.
!
A source code patch exists which remedies this problem.
--- 212,218 ----
Two remotely triggerable memory leaks in OpenSSL can lead to a denial of
service in server applications.
!
A source code patch exists which remedies this problem.
***************
*** 221,227 ****
All architectures
Executable headers with an unaligned address will trigger a kernel panic.
!
A source code patch exists which remedies this problem.
--- 221,227 ----
All architectures
Executable headers with an unaligned address will trigger a kernel panic.
!
A source code patch exists which remedies this problem.
***************
*** 233,239 ****
from {192.0.2.1 2001:db8::1} to (pppoe0)", will have an incorrect /32
mask applied to the dynamic address.
!
A source code patch exists which remedies this problem.
--- 233,239 ----
from {192.0.2.1 2001:db8::1} to (pppoe0)", will have an incorrect /32
mask applied to the dynamic address.
!
A source code patch exists which remedies this problem.
***************
*** 242,248 ****
All architectures
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.
!
A source code patch exists which remedies this problem.
--- 242,248 ----
All architectures
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.
!
A source code patch exists which remedies this problem.
***************
*** 252,258 ****
Several bugs were fixed that allowed a crash from remote when an active pipex
session exists.
!
A source code patch exists which remedies this problem.
--- 252,258 ----
Several bugs were fixed that allowed a crash from remote when an active pipex
session exists.
!
A source code patch exists which remedies this problem.
***************
*** 262,268 ****
An incorrect memcpy call would result in corrupted MAC addresses when
using PPPOE.
!
A source code patch exists which remedies this problem.
--- 262,268 ----
An incorrect memcpy call would result in corrupted MAC addresses when
using PPPOE.
!
A source code patch exists which remedies this problem.
***************
*** 272,278 ****
Several bugs in virtio(4) can lead to hangs with virtio devices,
like vio(4) and vioblk(4).
!
A source code patch exists which remedies this problem.
--- 272,278 ----
Several bugs in virtio(4) can lead to hangs with virtio devices,
like vio(4) and vioblk(4).
!
A source code patch exists which remedies this problem.
***************
*** 285,291 ****
X Advisory
!
A source code patch exists which remedies this problem.
--- 285,291 ----
X Advisory
!
A source code patch exists which remedies this problem.
***************
*** 298,304 ****
Libevent Advisory
!
A source code patch exists which remedies this problem.
--- 298,304 ----
Libevent Advisory
!
A source code patch exists which remedies this problem.
***************
*** 310,316 ****
For more information, see the
X.org advisory.
!
A source code patch exists which remedies this problem.
--- 310,316 ----
For more information, see the
X.org advisory.
!
A source code patch exists which remedies this problem.
***************
*** 319,325 ****
All architectures
Another fix for buffer overflows in malformed fonts.
!
A source code patch exists which remedies this problem.
--- 319,325 ----
All architectures
Another fix for buffer overflows in malformed fonts.
!
A source code patch exists which remedies this problem.
***************
*** 331,337 ****
For more information, see the
X.org advisory.
!
A source code patch exists which remedies this problem.
Note that the instructions should read cd /usr/xenocara/lib/libXfont
.
--- 331,337 ----
For more information, see the
X.org advisory.
!
A source code patch exists which remedies this problem.
Note that the instructions should read cd /usr/xenocara/lib/libXfont
.
***************
*** 346,352 ****
For more information, see the
OpenSSL advisory.
!
A source code patch exists which remedies this problem.
Note that instructions should read cd /usr/src/lib/libssl/crypto
.
--- 346,352 ----
For more information, see the
OpenSSL advisory.
!
A source code patch exists which remedies this problem.
Note that instructions should read cd /usr/src/lib/libssl/crypto
.
***************
*** 357,363 ****
Fix a logic error in smtpd handling of SNI.
This could allow a remote user to crash the server or provoke a disconnect of other sessions.
!
A source code patch exists which remedies this problem.
--- 357,363 ----
Fix a logic error in smtpd handling of SNI.
This could allow a remote user to crash the server or provoke a disconnect of other sessions.
!
A source code patch exists which remedies this problem.