=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata55.html,v retrieving revision 1.52 retrieving revision 1.53 diff -c -r1.52 -r1.53 *** www/errata55.html 2017/03/28 04:04:52 1.52 --- www/errata55.html 2017/03/28 06:41:18 1.53 *************** *** 72,78 ****

Patches for the OpenBSD base system are distributed as unified diffs. Each patch is cryptographically signed with the ! signify(1) tool and contains usage instructions. All the following patches are also available in one tar.gz file --- 72,78 ----

001: RELIABILITY FIX: March 15, 2014 All architectures
Memory corruption happens during --- 86,92 ----
- 001: RELIABILITY FIX: March 15, 2014 All architectures
  Memory corruption happens during *************** *** 96,102 **** A source code patch exists which remedies this problem.
  !
- 002: SECURITY FIX: April 8, 2014 All architectures
  Missing bounds checking in OpenSSL's implementation of the TLS/DTLS --- 96,102 ---- A source code patch exists which remedies this problem.
  !
- 002: SECURITY FIX: April 8, 2014 All architectures
  Missing bounds checking in OpenSSL's implementation of the TLS/DTLS *************** *** 106,123 **** A source code patch exists which remedies this problem.
  !
- 003: SECURITY FIX: April 9, 2014 All architectures
  Missing hostname check for HTTPS connections in the ! ftp(1) utility.
  A source code patch exists which remedies this problem.
  !
- 004: SECURITY FIX: April 12, 2014 All architectures
  A use-after-free race condition in OpenSSL's read buffer may permit an attacker --- 106,123 ---- A source code patch exists which remedies this problem.
  !
- 003: SECURITY FIX: April 9, 2014 All architectures
  Missing hostname check for HTTPS connections in the ! ftp(1) utility.
  A source code patch exists which remedies this problem.
  !
- 004: SECURITY FIX: April 12, 2014 All architectures
  A use-after-free race condition in OpenSSL's read buffer may permit an attacker *************** *** 127,133 **** A source code patch exists which remedies this problem.
  !
- 005: RELIABILITY FIX: May 1, 2014 All architectures
  An attacker can trigger generation of an SSL alert which could cause --- 127,133 ---- A source code patch exists which remedies this problem.
  !
- 005: RELIABILITY FIX: May 1, 2014 All architectures
  An attacker can trigger generation of an SSL alert which could cause *************** *** 137,143 **** A source code patch exists which remedies this problem.
  !
- 006: SECURITY FIX: May 24, 2014 All architectures with X server
  X Font Service Protocol & Font metadata file handling issues in libXfont --- 137,143 ---- A source code patch exists which remedies this problem.
  !
- 006: SECURITY FIX: May 24, 2014 All architectures with X server
  X Font Service Protocol & Font metadata file handling issues in libXfont *************** *** 152,158 **** A source code patch exists which remedies this problem.
  !
- 007: SECURITY FIX: June 5, 2014 All architectures
  Sendmail was not properly closing file descriptions before executing programs. --- 152,158 ---- A source code patch exists which remedies this problem.
  !
- 007: SECURITY FIX: June 5, 2014 All architectures
  Sendmail was not properly closing file descriptions before executing programs. *************** *** 163,169 **** A source code patch exists which remedies this problem.
  !
- 008: SECURITY FIX: June 6, 2014 All architectures
  This patch contains a number of SSL library fixes. --- 163,169 ---- A source code patch exists which remedies this problem.
  !
- 008: SECURITY FIX: June 6, 2014 All architectures
  This patch contains a number of SSL library fixes. *************** *** 172,190 **** A source code patch exists which remedies this problem.
  !
- 009: RELIABILITY FIX: July 30, 2014 All architectures
  Packets with illegal DHCP options can lead to memory exhaustion of ! dhclient(8) and ! dhcpd(8).
  A source code patch exists which remedies this problem.
  !
- 010: SECURITY FIX: August 9, 2014 All architectures
  This patch contains a number of SSL library fixes. --- 172,190 ---- A source code patch exists which remedies this problem.
  !
- 009: RELIABILITY FIX: July 30, 2014 All architectures
  Packets with illegal DHCP options can lead to memory exhaustion of ! dhclient(8) and ! dhcpd(8).
  A source code patch exists which remedies this problem.
  !
- 010: SECURITY FIX: August 9, 2014 All architectures
  This patch contains a number of SSL library fixes. *************** *** 193,199 **** A source code patch exists which remedies this problem.
  !
- 011: SECURITY FIX: October 1, 2014 All architectures
  nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual --- 193,199 ---- A source code patch exists which remedies this problem.
  !
- 011: SECURITY FIX: October 1, 2014 All architectures
  nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual *************** *** 204,210 **** A source code patch exists which remedies this problem.
  !
- 012: RELIABILITY FIX: October 20, 2014 All architectures
  Two remotely triggerable memory leaks in OpenSSL can lead to a denial of --- 204,210 ---- A source code patch exists which remedies this problem.
  !
- 012: RELIABILITY FIX: October 20, 2014 All architectures
  Two remotely triggerable memory leaks in OpenSSL can lead to a denial of *************** *** 214,220 **** A source code patch exists which remedies this problem.
  !
- 013: RELIABILITY FIX: October 20, 2014 All architectures
  Executable headers with an unaligned address will trigger a kernel panic. --- 214,220 ---- A source code patch exists which remedies this problem.
  !
- 013: RELIABILITY FIX: October 20, 2014 All architectures
  Executable headers with an unaligned address will trigger a kernel panic. *************** *** 223,229 **** A source code patch exists which remedies this problem.
  !
- 014: RELIABILITY FIX: November 17, 2014 All architectures
  A PF rule using an IPv4 address --- 223,229 ---- A source code patch exists which remedies this problem.
  !
- 014: RELIABILITY FIX: November 17, 2014 All architectures
  A PF rule using an IPv4 address *************** *** 235,241 **** A source code patch exists which remedies this problem.
  !
- 015: RELIABILITY FIX: November 17, 2014 All architectures
  Querying an invalid hostname with gethostbyname(3) could cause a NULL deref. --- 235,241 ---- A source code patch exists which remedies this problem.
  !
- 015: RELIABILITY FIX: November 17, 2014 All architectures
  Querying an invalid hostname with gethostbyname(3) could cause a NULL deref. *************** *** 244,250 **** A source code patch exists which remedies this problem.
  !
- 016: RELIABILITY FIX: December 5, 2014 All architectures
  Several bugs were fixed that allowed a crash from remote when an active pipex --- 244,250 ---- A source code patch exists which remedies this problem.
  !
- 016: RELIABILITY FIX: December 5, 2014 All architectures
  Several bugs were fixed that allowed a crash from remote when an active pipex *************** *** 254,260 **** A source code patch exists which remedies this problem.
  !
- 017: RELIABILITY FIX: December 5, 2014 All architectures
  An incorrect memcpy call would result in corrupted MAC addresses when --- 254,260 ---- A source code patch exists which remedies this problem.
  !
- 017: RELIABILITY FIX: December 5, 2014 All architectures
  An incorrect memcpy call would result in corrupted MAC addresses when *************** *** 264,270 **** A source code patch exists which remedies this problem.
  !
- 018: RELIABILITY FIX: December 9, 2014 All architectures
  Several bugs in virtio(4) can lead to hangs with virtio devices, --- 264,270 ---- A source code patch exists which remedies this problem.
  !
- 018: RELIABILITY FIX: December 9, 2014 All architectures
  Several bugs in virtio(4) can lead to hangs with virtio devices, *************** *** 274,280 **** A source code patch exists which remedies this problem.
  !
- 019: SECURITY FIX: December 9, 2014 All architectures
  One year after Ilja van Sprundel discovered and reported a large number --- 274,280 ---- A source code patch exists which remedies this problem.
  !
- 019: SECURITY FIX: December 9, 2014 All architectures
  One year after Ilja van Sprundel discovered and reported a large number *************** *** 287,293 **** A source code patch exists which remedies this problem.
  !
- 020: SECURITY FIX: January 13, 2015 All architectures
  Fix CVE-2014-6272 in libevent 1.4 event buffer handling. OpenBSD --- 287,293 ---- A source code patch exists which remedies this problem.
  !
- 020: SECURITY FIX: January 13, 2015 All architectures
  Fix CVE-2014-6272 in libevent 1.4 event buffer handling. OpenBSD *************** *** 300,306 **** A source code patch exists which remedies this problem.
  !
- 021: SECURITY FIX: March 3, 2015 All architectures
  Information leak in the XkbSetGeometry request of X servers. --- 300,306 ---- A source code patch exists which remedies this problem.
  !
- 021: SECURITY FIX: March 3, 2015 All architectures
  Information leak in the XkbSetGeometry request of X servers. *************** *** 312,318 **** A source code patch exists which remedies this problem.
  !
- 022: SECURITY FIX: March 13, 2015 All architectures
  Another fix for buffer overflows in malformed fonts. --- 312,318 ---- A source code patch exists which remedies this problem.
  !
- 022: SECURITY FIX: March 13, 2015 All architectures
  Another fix for buffer overflows in malformed fonts. *************** *** 321,327 **** A source code patch exists which remedies this problem.
  !
- 023: SECURITY FIX: March 18, 2015 All architectures
  Buffer overflows in libXfont --- 321,327 ---- A source code patch exists which remedies this problem.
  !
- 023: SECURITY FIX: March 18, 2015 All architectures
  Buffer overflows in libXfont *************** *** 334,340 ****
  Note that the instructions should read cd /usr/xenocara/lib/libXfont.
  !
- 024: SECURITY FIX: March 19, 2015 All architectures
  Fix two possible crash causing defects.
  --- 334,340 ----
  Note that the instructions should read cd /usr/xenocara/lib/libXfont.
  !
- 024: SECURITY FIX: March 19, 2015 All architectures
  Fix two possible crash causing defects.
  *************** *** 349,355 ****
  Note that instructions should read cd /usr/src/lib/libssl/crypto.
  !
- 025: RELIABILITY FIX: April 17, 2015 All architectures
  Fix a logic error in smtpd handling of SNI. --- 349,355 ----
  Note that instructions should read cd /usr/src/lib/libssl/crypto.
  !
- 025: RELIABILITY FIX: April 17, 2015 All architectures
  Fix a logic error in smtpd handling of SNI.