=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata56.html,v retrieving revision 1.47 retrieving revision 1.48 diff -c -r1.47 -r1.48 *** www/errata56.html 2016/08/15 02:22:06 1.47 --- www/errata56.html 2016/10/16 19:11:30 1.48 *************** *** 70,76 ****

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

--- 70,76 ----

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

*************** *** 92,98 **** All architectures
Incorrect RX ring computation leads to panics under load with bge(4), em(4) and ix(4).
! A source code patch exists which remedies this problem.

--- 92,98 ---- All architectures
Incorrect RX ring computation leads to panics under load with bge(4), em(4) and ix(4).
! A source code patch exists which remedies this problem.

*************** *** 106,112 ****

  # ifconfig em0 -autoconfprivacy

! A source code patch exists which remedies this problem.

--- 106,112 ----

  # ifconfig em0 -autoconfprivacy

! A source code patch exists which remedies this problem.

*************** *** 117,123 **** host confusion attacks in some configurations. This issue was assigned CVE-2014-3616.
! A source code patch exists which remedies this problem.

--- 117,123 ---- host confusion attacks in some configurations. This issue was assigned CVE-2014-3616.
! A source code patch exists which remedies this problem.

*************** *** 126,132 **** All architectures
Executable headers with an unaligned address will trigger a kernel panic.
! A source code patch exists which remedies this problem.

--- 126,132 ---- All architectures
Executable headers with an unaligned address will trigger a kernel panic.
! A source code patch exists which remedies this problem.

*************** *** 141,147 **** but we recommend against the continued use of this obsolete protocol.

! A source code patch exists which remedies this problem.

--- 141,147 ---- but we recommend against the continued use of this obsolete protocol.

! A source code patch exists which remedies this problem.

*************** *** 150,156 **** All architectures
Certain http requests can crash relayd.
! A source code patch exists which remedies this problem.

--- 150,156 ---- All architectures
Certain http requests can crash relayd.
! A source code patch exists which remedies this problem.

*************** *** 162,168 **** from {192.0.2.1 2001:db8::1} to (pppoe0)", will have an incorrect /32 mask applied to the dynamic address.
! A source code patch exists which remedies this problem.

--- 162,168 ---- from {192.0.2.1 2001:db8::1} to (pppoe0)", will have an incorrect /32 mask applied to the dynamic address.
! A source code patch exists which remedies this problem.

*************** *** 171,177 **** All architectures
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.
! A source code patch exists which remedies this problem.

--- 171,177 ---- All architectures
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.
! A source code patch exists which remedies this problem.

*************** *** 184,190 **** want to use it. Therefore here is a "jumbo" patch that brings in the most important fixes.
! A source code patch exists which remedies this problem.
Unfortunately the source tree found on the CD set contains a slightly different --- 184,190 ---- want to use it. Therefore here is a "jumbo" patch that brings in the most important fixes.
! A source code patch exists which remedies this problem.
Unfortunately the source tree found on the CD set contains a slightly different *************** *** 199,205 **** Several bugs were fixed that allowed a crash from remote when an active pipex session exists.
! A source code patch exists which remedies this problem.

--- 199,205 ---- Several bugs were fixed that allowed a crash from remote when an active pipex session exists.
! A source code patch exists which remedies this problem.

*************** *** 209,215 **** An incorrect memcpy call would result in corrupted MAC addresses when using PPPOE.
! A source code patch exists which remedies this problem.

--- 209,215 ---- An incorrect memcpy call would result in corrupted MAC addresses when using PPPOE.
! A source code patch exists which remedies this problem.

*************** *** 219,225 **** Fix a denial of service where a malicious authority could make the resolver chase an endless series of delegations. (CVE-2014-8602)
! A source code patch exists which remedies this problem.

--- 219,225 ---- Fix a denial of service where a malicious authority could make the resolver chase an endless series of delegations. (CVE-2014-8602)
! A source code patch exists which remedies this problem.

*************** *** 229,235 **** Missing memory barriers in virtio(4) can lead to hangs with virtio devices, like vio(4) and vioblk(4).
! A source code patch exists which remedies this problem.

--- 229,235 ---- Missing memory barriers in virtio(4) can lead to hangs with virtio devices, like vio(4) and vioblk(4).
! A source code patch exists which remedies this problem.

*************** *** 242,248 ****
X Advisory
! A source code patch exists which remedies this problem.

--- 242,248 ----
X Advisory
! A source code patch exists which remedies this problem.

*************** *** 255,261 ****
Libevent Advisory
! A source code patch exists which remedies this problem.

--- 255,261 ----
Libevent Advisory
! A source code patch exists which remedies this problem.

*************** *** 267,273 **** For more information, see the X.org advisory.
! A source code patch exists which remedies this problem.

--- 267,273 ---- For more information, see the X.org advisory.
! A source code patch exists which remedies this problem.

*************** *** 276,282 **** All architectures
Don't permit TLS client connections to be downgraded to weak keys.
! A source code patch exists which remedies this problem.

--- 276,282 ---- All architectures
Don't permit TLS client connections to be downgraded to weak keys.
! A source code patch exists which remedies this problem.

*************** *** 285,291 **** All architectures
Another fix for buffer overflows in malformed fonts.
! A source code patch exists which remedies this problem.

--- 285,291 ---- All architectures
Another fix for buffer overflows in malformed fonts.
! A source code patch exists which remedies this problem.

*************** *** 297,303 **** For more information, see the X.org advisory.
! A source code patch exists which remedies this problem.
Note that the instructions should read cd /usr/xenocara/lib/libXfont.

--- 297,303 ---- For more information, see the X.org advisory.
! A source code patch exists which remedies this problem.
Note that the instructions should read cd /usr/xenocara/lib/libXfont.

*************** *** 317,323 **** For more information, see the OpenSSL advisory.
! A source code patch exists which remedies this problem.

--- 317,323 ---- For more information, see the OpenSSL advisory.
! A source code patch exists which remedies this problem.

*************** *** 327,333 **** Fix a logic error in smtpd handling of SNI. This could allow a remote user to crash the server or provoke a disconnect of other sessions.
! A source code patch exists which remedies this problem.

--- 327,333 ---- Fix a logic error in smtpd handling of SNI. This could allow a remote user to crash the server or provoke a disconnect of other sessions.
! A source code patch exists which remedies this problem.

*************** *** 337,343 **** A remote user can crash httpd by forcing the daemon to log to a file before the logging system was initialized.
! A source code patch exists which remedies this problem.

--- 337,343 ---- A remote user can crash httpd by forcing the daemon to log to a file before the logging system was initialized.
! A source code patch exists which remedies this problem.

*************** *** 346,352 **** All architectures
Malformed binaries could trigger kernel panics or view kernel memory.
! A source code patch exists which remedies this problem.

--- 346,352 ---- All architectures
Malformed binaries could trigger kernel panics or view kernel memory.
! A source code patch exists which remedies this problem.

*************** *** 361,367 ****

tar without -P would permit extraction of paths with ".." components

there was a buffer overflow in the handling of pax extension headers ! A source code patch exists which remedies this problem.
--- 361,367 ----

tar without -P would permit extraction of paths with ".." components

there was a buffer overflow in the handling of pax extension headers ! A source code patch exists which remedies this problem.
*************** *** 373,379 ****

a local user can cause smtpd to fail by writing an invalid imsg to control socket.

a local user can prevent smtpd from serving new requests by exhausting descriptors. ! A source code patch exists which remedies this problem.
--- 373,379 ----

a local user can cause smtpd to fail by writing an invalid imsg to control socket.

a local user can prevent smtpd from serving new requests by exhausting descriptors. ! A source code patch exists which remedies this problem.
*************** *** 391,397 **** For more information, see the OpenSSL advisory.
! A source code patch exists which remedies this problem.
--- 391,397 ---- For more information, see the OpenSSL advisory.
! A source code patch exists which remedies this problem.
*************** *** 400,406 **** All architectures
A TCP socket can become confused and not properly cleanup resources.
! A source code patch exists which remedies this problem.
--- 400,406 ---- All architectures
A TCP socket can become confused and not properly cleanup resources.
! A source code patch exists which remedies this problem.
*************** *** 410,416 **** A kernel memory leak could be triggered by an unprivileged user in a failure case when using execve under systrace.
! A source code patch exists which remedies this problem.
--- 410,416 ---- A kernel memory leak could be triggered by an unprivileged user in a failure case when using execve under systrace.
! A source code patch exists which remedies this problem.
*************** *** 421,427 **** the obsolete SCCS and RCS support when processing a crafted input file. This patch deletes the SCCS and RCS support.
! A source code patch exists which remedies this problem.
--- 421,427 ---- the obsolete SCCS and RCS support when processing a crafted input file. This patch deletes the SCCS and RCS support.
! A source code patch exists which remedies this problem.
*************** *** 430,436 **** All architectures
The patch utility could become desyncronized processing ed(1)-style diffs.
! A source code patch exists which remedies this problem.
--- 430,436 ---- All architectures
The patch utility could become desyncronized processing ed(1)-style diffs.
! A source code patch exists which remedies this problem.
*************** *** 449,455 ****

hardlink and symlink attacks allowed a local user to unset chflags or leak the first line of an arbitrary file. ! A source code patch exists which remedies this problem.
--- 449,455 ----

hardlink and symlink attacks allowed a local user to unset chflags or leak the first line of an arbitrary file. ! A source code patch exists which remedies this problem.
*************** *** 458,464 **** All architectures
A problem with timer kevents could result in a kernel hang (local denial of service).
! A source code patch exists which remedies this problem.
--- 458,464 ---- All architectures
A problem with timer kevents could result in a kernel hang (local denial of service).
! A source code patch exists which remedies this problem.
*************** *** 467,473 **** All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun and memory leak, as reported by Qualys Security.
! A source code patch exists which remedies this problem.
--- 467,473 ---- All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun and memory leak, as reported by Qualys Security.
! A source code patch exists which remedies this problem.