www/errata56.html - diff

Return to errata56.html CVS log

Up to [local] / www

Diff for /www/errata56.html between version 1.50 and 1.51

version 1.50, 2017/03/28 04:04:52

version 1.51, 2017/03/28 06:41:18

Line 71

Patches for the OpenBSD base system are distributed as unified diffs.

Each patch is cryptographically signed with the

<a href="http://man.openbsd.org/signify">signify(1)</a> tool and contains

<a href="http://man.openbsd.org/OpenBSD-5.6/signify.1">signify(1)</a> tool and contains

usage instructions.

All the following patches are also available in one

Line 85

<ul>

001: RELIABILITY FIX: September 5, 2014

All architectures

Incorrect RX ring computation leads to panics under load with bge(4), em(4) and ix(4).

Line 94

A source code patch exists which remedies this problem.</a>

002: RELIABILITY FIX: October 1, 2014

All architectures

If IPv6 autoconf is active on an interface and the autoconfprivacy extension is used,

Line 108

A source code patch exists which remedies this problem.</a>

003: SECURITY FIX: October 1, 2014

All architectures

nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual

Line 119

A source code patch exists which remedies this problem.</a>

004: RELIABILITY FIX: October 20, 2014

All architectures

Executable headers with an unaligned address will trigger a kernel panic.

Line 128

A source code patch exists which remedies this problem.</a>

005: SECURITY FIX: October 20, 2014

All architectures

This patch disables the SSLv3 protocol by default.

Applications depending on SSLv3 may need to be recompiled with

<pre> SSL_CTX_clear_option(ctx, SSL_OP_NO_SSLv3);</pre>

but we recommend against the continued use of this obsolete protocol.

Line 143

Line 145

A source code patch exists which remedies this problem.</a>

006: RELIABILITY FIX: November 17, 2014

All architectures

Certain http requests can crash relayd.

Line 152

Line 154

A source code patch exists which remedies this problem.</a>

007: RELIABILITY FIX: November 17, 2014

All architectures

A PF rule using an IPv4 address

Line 164

Line 166

A source code patch exists which remedies this problem.</a>

008: RELIABILITY FIX: November 17, 2014

All architectures

Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.

Line 173

Line 175

A source code patch exists which remedies this problem.</a>

009: RELIABILITY FIX: November 18, 2014

All architectures

httpd was developed very rapidly in the weeks before 5.6 release, and

Line 191

Line 193

to use cvs to get the latest httpd sources if interested.

010: RELIABILITY FIX: December 5, 2014

All architectures

Several bugs were fixed that allowed a crash from remote when an active pipex

Line 201

Line 203

A source code patch exists which remedies this problem.</a>

011: RELIABILITY FIX: December 5, 2014

All architectures

An incorrect memcpy call would result in corrupted MAC addresses when

Line 211

Line 213

A source code patch exists which remedies this problem.</a>

012: RELIABILITY FIX: December 9, 2014

All architectures

Fix a denial of service where a malicious authority could make the resolver chase an

Line 221

Line 223

A source code patch exists which remedies this problem.</a>

013: RELIABILITY FIX: December 9, 2014

All architectures

Missing memory barriers in virtio(4) can lead to hangs with virtio devices,

Line 231

Line 233

A source code patch exists which remedies this problem.</a>

014: SECURITY FIX: December 9, 2014

All architectures

One year after Ilja van Sprundel discovered and reported a large number

Line 244

Line 246

A source code patch exists which remedies this problem.</a>

015: SECURITY FIX: January 13, 2015

All architectures

Fix CVE-2014-6272 in libevent 1.4 event buffer handling. OpenBSD

Line 257

Line 259

A source code patch exists which remedies this problem.</a>

016: SECURITY FIX: March 3, 2015

All architectures

Information leak in the XkbSetGeometry request of X servers.

Line 269

Line 271

A source code patch exists which remedies this problem.</a>

017: SECURITY FIX: March 13, 2015

All architectures

Don't permit TLS client connections to be downgraded to weak keys.

Line 278

Line 280

A source code patch exists which remedies this problem.</a>

018: SECURITY FIX: March 13, 2015

All architectures

Another fix for buffer overflows in malformed fonts.

Line 287

Line 289

A source code patch exists which remedies this problem.</a>

019: SECURITY FIX: March 18, 2015

All architectures

Buffer overflows in libXfont

Line 300

Line 302

Note that the instructions should read <code>cd /usr/xenocara/lib/libXfont</code>.

020: SECURITY FIX: March 19, 2015

All architectures

Fix several crash causing defects from OpenSSL.

Line 319

Line 321

A source code patch exists which remedies this problem.</a>

021: RELIABILITY FIX: April 17, 2015

All architectures

Fix a logic error in smtpd handling of SNI.

Line 329

Line 331

A source code patch exists which remedies this problem.</a>

022: RELIABILITY FIX: April 30, 2015

All architectures

A remote user can crash httpd by forcing the daemon to log to a file

Line 339

Line 341

A source code patch exists which remedies this problem.</a>

023: SECURITY FIX: April 30, 2015

All architectures

Malformed binaries could trigger kernel panics or view kernel memory.

Line 348

Line 350

A source code patch exists which remedies this problem.</a>

024: SECURITY FIX: April 30, 2015

All architectures

Multiple issues in tar/pax/cpio:

Line 363

Line 365

A source code patch exists which remedies this problem.</a>

025: RELIABILITY FIX: June 11, 2015

All architectures

Fix multiple reliability issues in smtpd:

Line 375

Line 377

A source code patch exists which remedies this problem.</a>

026: SECURITY FIX: June 11, 2015

All architectures

Fix several defects from OpenSSL:

Line 393

Line 395

A source code patch exists which remedies this problem.</a>

027: SECURITY FIX: July 14, 2015

All architectures

A TCP socket can become confused and not properly cleanup resources.

Line 402

Line 404

A source code patch exists which remedies this problem.</a>

028: RELIABILITY FIX: July 26, 2015

All architectures

A kernel memory leak could be triggered by an unprivileged user in

Line 412

Line 414

A source code patch exists which remedies this problem.</a>

029: SECURITY FIX: July 26, 2015

All architectures

The patch utility could be made to invoke arbitrary commands via

Line 423

Line 425

A source code patch exists which remedies this problem.</a>

030: SECURITY FIX: July 30, 2015

All architectures

The patch utility could become desyncronized processing ed(1)-style diffs.

Line 432

Line 434

A source code patch exists which remedies this problem.</a>

031: SECURITY FIX: October 1, 2015

All architectures

Fix multiple reliability and security issues in smtpd:

Line 451

Line 453

A source code patch exists which remedies this problem.</a>

032: RELIABILITY FIX: October 14, 2015

All architectures

A problem with timer kevents could result in a kernel hang (local denial

Line 460

Line 462

A source code patch exists which remedies this problem.</a>

033: RELIABILITY FIX: October 15, 2015

All architectures

The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun