===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata56.html,v
retrieving revision 1.50
retrieving revision 1.51
diff -c -r1.50 -r1.51
*** www/errata56.html 2017/03/28 04:04:52 1.50
--- www/errata56.html 2017/03/28 06:41:18 1.51
***************
*** 71,77 ****
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
! signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
--- 71,77 ----
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
! signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
***************
*** 85,91 ****
! -
001: RELIABILITY FIX: September 5, 2014
All architectures
Incorrect RX ring computation leads to panics under load with bge(4), em(4) and ix(4).
--- 85,91 ----
! -
001: RELIABILITY FIX: September 5, 2014
All architectures
Incorrect RX ring computation leads to panics under load with bge(4), em(4) and ix(4).
***************
*** 94,100 ****
A source code patch exists which remedies this problem.
!
-
002: RELIABILITY FIX: October 1, 2014
All architectures
If IPv6 autoconf is active on an interface and the autoconfprivacy extension is used,
--- 94,100 ----
A source code patch exists which remedies this problem.
!
-
002: RELIABILITY FIX: October 1, 2014
All architectures
If IPv6 autoconf is active on an interface and the autoconfprivacy extension is used,
***************
*** 108,114 ****
A source code patch exists which remedies this problem.
!
-
003: SECURITY FIX: October 1, 2014
All architectures
nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual
--- 108,114 ----
A source code patch exists which remedies this problem.
!
-
003: SECURITY FIX: October 1, 2014
All architectures
nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual
***************
*** 119,125 ****
A source code patch exists which remedies this problem.
!
-
004: RELIABILITY FIX: October 20, 2014
All architectures
Executable headers with an unaligned address will trigger a kernel panic.
--- 119,125 ----
A source code patch exists which remedies this problem.
!
-
004: RELIABILITY FIX: October 20, 2014
All architectures
Executable headers with an unaligned address will trigger a kernel panic.
***************
*** 128,141 ****
A source code patch exists which remedies this problem.
!
-
005: SECURITY FIX: October 20, 2014
All architectures
This patch disables the SSLv3 protocol by default.
Applications depending on SSLv3 may need to be recompiled with
SSL_CTX_clear_option(ctx, SSL_OP_NO_SSLv3);
but we recommend against the continued use of this obsolete protocol.
--- 128,143 ----
A source code patch exists which remedies this problem.
!
-
005: SECURITY FIX: October 20, 2014
All architectures
This patch disables the SSLv3 protocol by default.
Applications depending on SSLv3 may need to be recompiled with
+
SSL_CTX_clear_option(ctx, SSL_OP_NO_SSLv3);
+
but we recommend against the continued use of this obsolete protocol.
***************
*** 143,149 ****
A source code patch exists which remedies this problem.
!
-
006: RELIABILITY FIX: November 17, 2014
All architectures
Certain http requests can crash relayd.
--- 145,151 ----
A source code patch exists which remedies this problem.
!
-
006: RELIABILITY FIX: November 17, 2014
All architectures
Certain http requests can crash relayd.
***************
*** 152,158 ****
A source code patch exists which remedies this problem.
!
-
007: RELIABILITY FIX: November 17, 2014
All architectures
A PF rule using an IPv4 address
--- 154,160 ----
A source code patch exists which remedies this problem.
!
-
007: RELIABILITY FIX: November 17, 2014
All architectures
A PF rule using an IPv4 address
***************
*** 164,170 ****
A source code patch exists which remedies this problem.
!
-
008: RELIABILITY FIX: November 17, 2014
All architectures
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.
--- 166,172 ----
A source code patch exists which remedies this problem.
!
-
008: RELIABILITY FIX: November 17, 2014
All architectures
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.
***************
*** 173,179 ****
A source code patch exists which remedies this problem.
!
-
009: RELIABILITY FIX: November 18, 2014
All architectures
httpd was developed very rapidly in the weeks before 5.6 release, and
--- 175,181 ----
A source code patch exists which remedies this problem.
!
-
009: RELIABILITY FIX: November 18, 2014
All architectures
httpd was developed very rapidly in the weeks before 5.6 release, and
***************
*** 191,197 ****
to use cvs to get the latest httpd sources if interested.
!
-
010: RELIABILITY FIX: December 5, 2014
All architectures
Several bugs were fixed that allowed a crash from remote when an active pipex
--- 193,199 ----
to use cvs to get the latest httpd sources if interested.
!
-
010: RELIABILITY FIX: December 5, 2014
All architectures
Several bugs were fixed that allowed a crash from remote when an active pipex
***************
*** 201,207 ****
A source code patch exists which remedies this problem.
!
-
011: RELIABILITY FIX: December 5, 2014
All architectures
An incorrect memcpy call would result in corrupted MAC addresses when
--- 203,209 ----
A source code patch exists which remedies this problem.
!
-
011: RELIABILITY FIX: December 5, 2014
All architectures
An incorrect memcpy call would result in corrupted MAC addresses when
***************
*** 211,217 ****
A source code patch exists which remedies this problem.
!
-
012: RELIABILITY FIX: December 9, 2014
All architectures
Fix a denial of service where a malicious authority could make the resolver chase an
--- 213,219 ----
A source code patch exists which remedies this problem.
!
-
012: RELIABILITY FIX: December 9, 2014
All architectures
Fix a denial of service where a malicious authority could make the resolver chase an
***************
*** 221,227 ****
A source code patch exists which remedies this problem.
!
-
013: RELIABILITY FIX: December 9, 2014
All architectures
Missing memory barriers in virtio(4) can lead to hangs with virtio devices,
--- 223,229 ----
A source code patch exists which remedies this problem.
!
-
013: RELIABILITY FIX: December 9, 2014
All architectures
Missing memory barriers in virtio(4) can lead to hangs with virtio devices,
***************
*** 231,237 ****
A source code patch exists which remedies this problem.
!
-
014: SECURITY FIX: December 9, 2014
All architectures
One year after Ilja van Sprundel discovered and reported a large number
--- 233,239 ----
A source code patch exists which remedies this problem.
!
-
014: SECURITY FIX: December 9, 2014
All architectures
One year after Ilja van Sprundel discovered and reported a large number
***************
*** 244,250 ****
A source code patch exists which remedies this problem.
!
-
015: SECURITY FIX: January 13, 2015
All architectures
Fix CVE-2014-6272 in libevent 1.4 event buffer handling. OpenBSD
--- 246,252 ----
A source code patch exists which remedies this problem.
!
-
015: SECURITY FIX: January 13, 2015
All architectures
Fix CVE-2014-6272 in libevent 1.4 event buffer handling. OpenBSD
***************
*** 257,263 ****
A source code patch exists which remedies this problem.
!
-
016: SECURITY FIX: March 3, 2015
All architectures
Information leak in the XkbSetGeometry request of X servers.
--- 259,265 ----
A source code patch exists which remedies this problem.
!
-
016: SECURITY FIX: March 3, 2015
All architectures
Information leak in the XkbSetGeometry request of X servers.
***************
*** 269,275 ****
A source code patch exists which remedies this problem.
!
-
017: SECURITY FIX: March 13, 2015
All architectures
Don't permit TLS client connections to be downgraded to weak keys.
--- 271,277 ----
A source code patch exists which remedies this problem.
!
-
017: SECURITY FIX: March 13, 2015
All architectures
Don't permit TLS client connections to be downgraded to weak keys.
***************
*** 278,284 ****
A source code patch exists which remedies this problem.
!
-
018: SECURITY FIX: March 13, 2015
All architectures
Another fix for buffer overflows in malformed fonts.
--- 280,286 ----
A source code patch exists which remedies this problem.
!
-
018: SECURITY FIX: March 13, 2015
All architectures
Another fix for buffer overflows in malformed fonts.
***************
*** 287,293 ****
A source code patch exists which remedies this problem.
!
-
019: SECURITY FIX: March 18, 2015
All architectures
Buffer overflows in libXfont
--- 289,295 ----
A source code patch exists which remedies this problem.
!
-
019: SECURITY FIX: March 18, 2015
All architectures
Buffer overflows in libXfont
***************
*** 300,306 ****
Note that the instructions should read cd /usr/xenocara/lib/libXfont
.
!
-
020: SECURITY FIX: March 19, 2015
All architectures
Fix several crash causing defects from OpenSSL.
--- 302,308 ----
Note that the instructions should read cd /usr/xenocara/lib/libXfont
.
!
-
020: SECURITY FIX: March 19, 2015
All architectures
Fix several crash causing defects from OpenSSL.
***************
*** 319,325 ****
A source code patch exists which remedies this problem.
!
-
021: RELIABILITY FIX: April 17, 2015
All architectures
Fix a logic error in smtpd handling of SNI.
--- 321,327 ----
A source code patch exists which remedies this problem.
!
-
021: RELIABILITY FIX: April 17, 2015
All architectures
Fix a logic error in smtpd handling of SNI.
***************
*** 329,335 ****
A source code patch exists which remedies this problem.
!
-
022: RELIABILITY FIX: April 30, 2015
All architectures
A remote user can crash httpd by forcing the daemon to log to a file
--- 331,337 ----
A source code patch exists which remedies this problem.
!
-
022: RELIABILITY FIX: April 30, 2015
All architectures
A remote user can crash httpd by forcing the daemon to log to a file
***************
*** 339,345 ****
A source code patch exists which remedies this problem.
!
-
023: SECURITY FIX: April 30, 2015
All architectures
Malformed binaries could trigger kernel panics or view kernel memory.
--- 341,347 ----
A source code patch exists which remedies this problem.
!
-
023: SECURITY FIX: April 30, 2015
All architectures
Malformed binaries could trigger kernel panics or view kernel memory.
***************
*** 348,354 ****
A source code patch exists which remedies this problem.
!
-
024: SECURITY FIX: April 30, 2015
All architectures
Multiple issues in tar/pax/cpio:
--- 350,356 ----
A source code patch exists which remedies this problem.
!
-
024: SECURITY FIX: April 30, 2015
All architectures
Multiple issues in tar/pax/cpio:
***************
*** 363,369 ****
A source code patch exists which remedies this problem.
!
-
025: RELIABILITY FIX: June 11, 2015
All architectures
Fix multiple reliability issues in smtpd:
--- 365,371 ----
A source code patch exists which remedies this problem.
!
-
025: RELIABILITY FIX: June 11, 2015
All architectures
Fix multiple reliability issues in smtpd:
***************
*** 375,381 ****
A source code patch exists which remedies this problem.
!
-
026: SECURITY FIX: June 11, 2015
All architectures
Fix several defects from OpenSSL:
--- 377,383 ----
A source code patch exists which remedies this problem.
!
-
026: SECURITY FIX: June 11, 2015
All architectures
Fix several defects from OpenSSL:
***************
*** 393,399 ****
A source code patch exists which remedies this problem.
!
-
027: SECURITY FIX: July 14, 2015
All architectures
A TCP socket can become confused and not properly cleanup resources.
--- 395,401 ----
A source code patch exists which remedies this problem.
!
-
027: SECURITY FIX: July 14, 2015
All architectures
A TCP socket can become confused and not properly cleanup resources.
***************
*** 402,408 ****
A source code patch exists which remedies this problem.
!
-
028: RELIABILITY FIX: July 26, 2015
All architectures
A kernel memory leak could be triggered by an unprivileged user in
--- 404,410 ----
A source code patch exists which remedies this problem.
!
-
028: RELIABILITY FIX: July 26, 2015
All architectures
A kernel memory leak could be triggered by an unprivileged user in
***************
*** 412,418 ****
A source code patch exists which remedies this problem.
!
-
029: SECURITY FIX: July 26, 2015
All architectures
The patch utility could be made to invoke arbitrary commands via
--- 414,420 ----
A source code patch exists which remedies this problem.
!
-
029: SECURITY FIX: July 26, 2015
All architectures
The patch utility could be made to invoke arbitrary commands via
***************
*** 423,429 ****
A source code patch exists which remedies this problem.
!
-
030: SECURITY FIX: July 30, 2015
All architectures
The patch utility could become desyncronized processing ed(1)-style diffs.
--- 425,431 ----
A source code patch exists which remedies this problem.
!
-
030: SECURITY FIX: July 30, 2015
All architectures
The patch utility could become desyncronized processing ed(1)-style diffs.
***************
*** 432,438 ****
A source code patch exists which remedies this problem.
!
-
031: SECURITY FIX: October 1, 2015
All architectures
Fix multiple reliability and security issues in smtpd:
--- 434,440 ----
A source code patch exists which remedies this problem.
!
-
031: SECURITY FIX: October 1, 2015
All architectures
Fix multiple reliability and security issues in smtpd:
***************
*** 451,457 ****
A source code patch exists which remedies this problem.
!
-
032: RELIABILITY FIX: October 14, 2015
All architectures
A problem with timer kevents could result in a kernel hang (local denial
--- 453,459 ----
A source code patch exists which remedies this problem.
!
-
032: RELIABILITY FIX: October 14, 2015
All architectures
A problem with timer kevents could result in a kernel hang (local denial
***************
*** 460,466 ****
A source code patch exists which remedies this problem.
!
-
033: RELIABILITY FIX: October 15, 2015
All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
--- 462,468 ----
A source code patch exists which remedies this problem.
!
-
033: RELIABILITY FIX: October 15, 2015
All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun