www/errata55.html - diff

Return to errata55.html CVS log

Up to [local] / www

Diff for /www/errata55.html between version 1.58 and 1.59

version 1.58, 2019/04/02 12:46:57

version 1.59, 2019/05/27 22:55:20

Line 1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<!doctype html>

<html>

<head>

<title>OpenBSD 5.5 Errata</title>

</head>

<!--

IMPORTANT REMINDER

Line 15

Line 14

-->

<h2>

OpenBSD</a>

OpenBSD</a>

5.5 Errata

5.5 Errata

</h2>

<hr>

Line 91

Line 89

<ul>

001: RELIABILITY FIX: March 15, 2014

001: RELIABILITY FIX: March 15, 2014

All architectures

Memory corruption happens during

ICMP reflection handling. ICMP reflection is disabled by default.

Line 101

Line 99

002: SECURITY FIX: April 8, 2014

002: SECURITY FIX: April 8, 2014

All architectures

Missing bounds checking in OpenSSL's implementation of the TLS/DTLS

heartbeat extension (RFC6520) which can result in a leak of memory contents.

Line 111

Line 109

003: SECURITY FIX: April 9, 2014

003: SECURITY FIX: April 9, 2014

All architectures

Missing hostname check for HTTPS connections in the

Line 122

Line 120

004: SECURITY FIX: April 12, 2014

004: SECURITY FIX: April 12, 2014

All architectures

A use-after-free race condition in OpenSSL's read buffer may permit an attacker

to inject data from one connection into another.

Line 132

Line 130

005: RELIABILITY FIX: May 1, 2014

005: RELIABILITY FIX: May 1, 2014

All architectures

An attacker can trigger generation of an SSL alert which could cause

a null pointer dereference.

Line 142

Line 140

006: SECURITY FIX: May 24, 2014

006: SECURITY FIX: May 24, 2014

All architectures with X server

X Font Service Protocol & Font metadata file handling issues in libXfont

<ul>

Line 157

Line 155

007: SECURITY FIX: June 5, 2014

007: SECURITY FIX: June 5, 2014

All architectures

Sendmail was not properly closing file descriptions before executing programs.

This could enable local users to interfere with an open SMTP connection.

Line 168

Line 166

008: SECURITY FIX: June 6, 2014

008: SECURITY FIX: June 6, 2014

All architectures

This patch contains a number of SSL library fixes.

Line 177

Line 175

009: RELIABILITY FIX: July 30, 2014

009: RELIABILITY FIX: July 30, 2014

All architectures

Packets with illegal DHCP options can lead to memory exhaustion of

<a href="https://man.openbsd.org/OpenBSD-5.5/dhclient.8">dhclient(8)</a>

Line 189

Line 187

010: SECURITY FIX: August 9, 2014

010: SECURITY FIX: August 9, 2014

All architectures

This patch contains a number of SSL library fixes.

Line 198

Line 196

011: SECURITY FIX: October 1, 2014

011: SECURITY FIX: October 1, 2014

All architectures

nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual

host confusion attacks in some configurations.

Line 209

Line 207

012: RELIABILITY FIX: October 20, 2014

012: RELIABILITY FIX: October 20, 2014

All architectures

Two remotely triggerable memory leaks in OpenSSL can lead to a denial of

service in server applications.

Line 219

Line 217

013: RELIABILITY FIX: October 20, 2014

013: RELIABILITY FIX: October 20, 2014

All architectures

Executable headers with an unaligned address will trigger a kernel panic.

Line 228

Line 226

014: RELIABILITY FIX: November 17, 2014

014: RELIABILITY FIX: November 17, 2014

All architectures

A PF rule using an IPv4 address

followed by an IPv6 address and then a dynamic address, e.g. "pass

Line 240

Line 238

015: RELIABILITY FIX: November 17, 2014

015: RELIABILITY FIX: November 17, 2014

All architectures

Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.

Line 249

Line 247

016: RELIABILITY FIX: December 5, 2014

016: RELIABILITY FIX: December 5, 2014

All architectures

Several bugs were fixed that allowed a crash from remote when an active pipex

session exists.

Line 259

Line 257

017: RELIABILITY FIX: December 5, 2014

017: RELIABILITY FIX: December 5, 2014

All architectures

An incorrect memcpy call would result in corrupted MAC addresses when

using PPPOE.

Line 269

Line 267

018: RELIABILITY FIX: December 9, 2014

018: RELIABILITY FIX: December 9, 2014

All architectures

Several bugs in virtio(4) can lead to hangs with virtio devices,

like vio(4) and vioblk(4).

Line 279

Line 277

019: SECURITY FIX: December 9, 2014

019: SECURITY FIX: December 9, 2014

All architectures

One year after Ilja van Sprundel discovered and reported a large number

of issues in the way the X server code base handles requests from X clients,

Line 292

Line 290

020: SECURITY FIX: January 13, 2015

020: SECURITY FIX: January 13, 2015

All architectures

Fix CVE-2014-6272 in libevent 1.4 event buffer handling. OpenBSD

base uses it for the programs: cu tmux ftp-proxy httpd ldapd relayd

Line 305

Line 303

021: SECURITY FIX: March 3, 2015

021: SECURITY FIX: March 3, 2015

All architectures

Information leak in the XkbSetGeometry request of X servers.

Line 317

Line 315

022: SECURITY FIX: March 13, 2015

022: SECURITY FIX: March 13, 2015

All architectures

Another fix for buffer overflows in malformed fonts.

Line 326

Line 324

023: SECURITY FIX: March 18, 2015

023: SECURITY FIX: March 18, 2015

All architectures

Buffer overflows in libXfont

Line 339

Line 337

024: SECURITY FIX: March 19, 2015

024: SECURITY FIX: March 19, 2015

All architectures

Fix two possible crash causing defects.

CVE-2015-0286 - Apply fix from OpenSSL for ASN1_TYPE_cmp.

Line 354

Line 352

025: RELIABILITY FIX: April 17, 2015

025: RELIABILITY FIX: April 17, 2015

All architectures

Fix a logic error in smtpd handling of SNI.

This could allow a remote user to crash the server or provoke a disconnect of other sessions.

Line 366

Line 364

</ul>

<hr>

</body>

</html>