www/errata56.html - diff

Return to errata56.html CVS log

Up to [local] / www

Diff for /www/errata56.html between version 1.56 and 1.57

version 1.56, 2019/04/02 12:46:57

version 1.57, 2019/05/27 22:55:20

Line 1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<!doctype html>

<html>

<head>

<title>OpenBSD 5.6 Errata</title>

</head>

<!--

IMPORTANT REMINDER

IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE

-->

<h2>

OpenBSD</a>

OpenBSD</a>

5.6 Errata

5.6 Errata

</h2>

<hr>

Line 90

Line 88

<ul>

001: RELIABILITY FIX: September 5, 2014

001: RELIABILITY FIX: September 5, 2014

All architectures

Incorrect RX ring computation leads to panics under load with bge(4), em(4) and ix(4).

Line 99

Line 97

002: RELIABILITY FIX: October 1, 2014

002: RELIABILITY FIX: October 1, 2014

All architectures

If IPv6 autoconf is active on an interface and the autoconfprivacy extension is used,

redundant addresses are added whenever an autoconfprivacy address expires.

Line 113

Line 111

003: SECURITY FIX: October 1, 2014

003: SECURITY FIX: October 1, 2014

All architectures

nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual

host confusion attacks in some configurations.

Line 124

Line 122

004: RELIABILITY FIX: October 20, 2014

004: RELIABILITY FIX: October 20, 2014

All architectures

Executable headers with an unaligned address will trigger a kernel panic.

Line 133

Line 131

005: SECURITY FIX: October 20, 2014

005: SECURITY FIX: October 20, 2014

All architectures

This patch disables the SSLv3 protocol by default.

Line 150

Line 148

006: RELIABILITY FIX: November 17, 2014

006: RELIABILITY FIX: November 17, 2014

All architectures

Certain http requests can crash relayd.

Line 159

Line 157

007: RELIABILITY FIX: November 17, 2014

007: RELIABILITY FIX: November 17, 2014

All architectures

A PF rule using an IPv4 address

followed by an IPv6 address and then a dynamic address, e.g. "pass

Line 171

Line 169

008: RELIABILITY FIX: November 17, 2014

008: RELIABILITY FIX: November 17, 2014

All architectures

Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.

Line 180

Line 178

009: RELIABILITY FIX: November 18, 2014

009: RELIABILITY FIX: November 18, 2014

All architectures

httpd was developed very rapidly in the weeks before 5.6 release, and

it has a few flaws. It would be nice to get these flaws fully

Line 198

Line 196

010: RELIABILITY FIX: December 5, 2014

010: RELIABILITY FIX: December 5, 2014

All architectures

Several bugs were fixed that allowed a crash from remote when an active pipex

session exists.

Line 208

Line 206

011: RELIABILITY FIX: December 5, 2014

011: RELIABILITY FIX: December 5, 2014

All architectures

An incorrect memcpy call would result in corrupted MAC addresses when

using PPPOE.

Line 218

Line 216

012: RELIABILITY FIX: December 9, 2014

012: RELIABILITY FIX: December 9, 2014

All architectures

Fix a denial of service where a malicious authority could make the resolver chase an

endless series of delegations. (CVE-2014-8602)

Line 228

Line 226

013: RELIABILITY FIX: December 9, 2014

013: RELIABILITY FIX: December 9, 2014

All architectures

Missing memory barriers in virtio(4) can lead to hangs with virtio devices,

like vio(4) and vioblk(4).

Line 238

Line 236

014: SECURITY FIX: December 9, 2014

014: SECURITY FIX: December 9, 2014

All architectures

One year after Ilja van Sprundel discovered and reported a large number

of issues in the way the X server code base handles requests from X clients,

Line 251

Line 249

015: SECURITY FIX: January 13, 2015

015: SECURITY FIX: January 13, 2015

All architectures

Fix CVE-2014-6272 in libevent 1.4 event buffer handling. OpenBSD

base uses it for the programs: cu tmux ftp-proxy httpd ldapd relayd

Line 264

Line 262

016: SECURITY FIX: March 3, 2015

016: SECURITY FIX: March 3, 2015

All architectures

Information leak in the XkbSetGeometry request of X servers.

Line 276

Line 274

017: SECURITY FIX: March 13, 2015

017: SECURITY FIX: March 13, 2015

All architectures

Don't permit TLS client connections to be downgraded to weak keys.

Line 285

Line 283

018: SECURITY FIX: March 13, 2015

018: SECURITY FIX: March 13, 2015

All architectures

Another fix for buffer overflows in malformed fonts.

Line 294

Line 292

019: SECURITY FIX: March 18, 2015

019: SECURITY FIX: March 18, 2015

All architectures

Buffer overflows in libXfont

Line 307

Line 305

020: SECURITY FIX: March 19, 2015

020: SECURITY FIX: March 19, 2015

All architectures

Fix several crash causing defects from OpenSSL.

These include:

Line 326

Line 324

021: RELIABILITY FIX: April 17, 2015

021: RELIABILITY FIX: April 17, 2015

All architectures

Fix a logic error in smtpd handling of SNI.

This could allow a remote user to crash the server or provoke a disconnect of other sessions.

Line 336

Line 334

022: RELIABILITY FIX: April 30, 2015

022: RELIABILITY FIX: April 30, 2015

All architectures

A remote user can crash httpd by forcing the daemon to log to a file

before the logging system was initialized.

Line 346

Line 344

023: SECURITY FIX: April 30, 2015

023: SECURITY FIX: April 30, 2015

All architectures

Malformed binaries could trigger kernel panics or view kernel memory.

Line 355

Line 353

024: SECURITY FIX: April 30, 2015

024: SECURITY FIX: April 30, 2015

All architectures

Multiple issues in tar/pax/cpio:

<ul>

Line 370

Line 368

025: RELIABILITY FIX: June 11, 2015

025: RELIABILITY FIX: June 11, 2015

All architectures

Fix multiple reliability issues in smtpd:

<ul>

Line 382

Line 380

026: SECURITY FIX: June 11, 2015

026: SECURITY FIX: June 11, 2015

All architectures

Fix several defects from OpenSSL:

<ul>

Line 400

Line 398

027: SECURITY FIX: July 14, 2015

027: SECURITY FIX: July 14, 2015

All architectures

A TCP socket can become confused and not properly cleanup resources.

Line 409

Line 407

028: RELIABILITY FIX: July 26, 2015

028: RELIABILITY FIX: July 26, 2015

All architectures

A kernel memory leak could be triggered by an unprivileged user in

a failure case when using execve under systrace.

Line 419

Line 417

029: SECURITY FIX: July 26, 2015

029: SECURITY FIX: July 26, 2015

All architectures

The patch utility could be made to invoke arbitrary commands via

the obsolete SCCS and RCS support when processing a crafted input file.

Line 430

Line 428

030: SECURITY FIX: July 30, 2015

030: SECURITY FIX: July 30, 2015

All architectures

The patch utility could become desyncronized processing ed(1)-style diffs.

Line 439

Line 437

031: SECURITY FIX: October 1, 2015

031: SECURITY FIX: October 1, 2015

All architectures

Fix multiple reliability and security issues in smtpd:

<ul>

Line 458

Line 456

032: RELIABILITY FIX: October 14, 2015

032: RELIABILITY FIX: October 14, 2015

All architectures

A problem with timer kevents could result in a kernel hang (local denial

of service).

Line 467

Line 465

033: RELIABILITY FIX: October 15, 2015

033: RELIABILITY FIX: October 15, 2015

All architectures

The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun

and memory leak, as reported by Qualys Security.

Line 478

Line 476

</ul>

<hr>

</body>

</html>