=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata56.html,v retrieving revision 1.47 retrieving revision 1.48 diff -u -r1.47 -r1.48 --- www/errata56.html 2016/08/15 02:22:06 1.47 +++ www/errata56.html 2016/10/16 19:11:30 1.48 @@ -70,7 +70,7 @@
- + You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

@@ -92,7 +92,7 @@   All architectures
Incorrect RX ring computation leads to panics under load with bge(4), em(4) and ix(4).
- + A source code patch exists which remedies this problem.

@@ -106,7 +106,7 @@ 

 # ifconfig em0 -autoconfprivacy
- + A source code patch exists which remedies this problem.

@@ -117,7 +117,7 @@ host confusion attacks in some configurations. This issue was assigned CVE-2014-3616.
- + A source code patch exists which remedies this problem.

@@ -126,7 +126,7 @@   All architectures
Executable headers with an unaligned address will trigger a kernel panic.
- + A source code patch exists which remedies this problem.

@@ -141,7 +141,7 @@ but we recommend against the continued use of this obsolete protocol.

- + A source code patch exists which remedies this problem.

@@ -150,7 +150,7 @@   All architectures
Certain http requests can crash relayd.
- + A source code patch exists which remedies this problem.

@@ -162,7 +162,7 @@ from {192.0.2.1 2001:db8::1} to (pppoe0)", will have an incorrect /32 mask applied to the dynamic address.
- + A source code patch exists which remedies this problem.

@@ -171,7 +171,7 @@   All architectures
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.
- + A source code patch exists which remedies this problem.

@@ -184,7 +184,7 @@ want to use it. Therefore here is a "jumbo" patch that brings in the most important fixes.
- + A source code patch exists which remedies this problem.
Unfortunately the source tree found on the CD set contains a slightly different @@ -199,7 +199,7 @@ Several bugs were fixed that allowed a crash from remote when an active pipex session exists.
- + A source code patch exists which remedies this problem.

@@ -209,7 +209,7 @@ An incorrect memcpy call would result in corrupted MAC addresses when using PPPOE.
- + A source code patch exists which remedies this problem.

@@ -219,7 +219,7 @@ Fix a denial of service where a malicious authority could make the resolver chase an endless series of delegations. (CVE-2014-8602)
- + A source code patch exists which remedies this problem.

@@ -229,7 +229,7 @@ Missing memory barriers in virtio(4) can lead to hangs with virtio devices, like vio(4) and vioblk(4).
- + A source code patch exists which remedies this problem.

@@ -242,7 +242,7 @@
X Advisory
- + A source code patch exists which remedies this problem.

@@ -255,7 +255,7 @@
Libevent Advisory
- + A source code patch exists which remedies this problem.

@@ -267,7 +267,7 @@ For more information, see the X.org advisory.
- + A source code patch exists which remedies this problem.

@@ -276,7 +276,7 @@   All architectures
Don't permit TLS client connections to be downgraded to weak keys.
- + A source code patch exists which remedies this problem.

@@ -285,7 +285,7 @@   All architectures
Another fix for buffer overflows in malformed fonts.
- + A source code patch exists which remedies this problem.

@@ -297,7 +297,7 @@ For more information, see the X.org advisory.
- + A source code patch exists which remedies this problem.
Note that the instructions should read cd /usr/xenocara/lib/libXfont.

@@ -317,7 +317,7 @@ For more information, see the OpenSSL advisory.
- + A source code patch exists which remedies this problem.

@@ -327,7 +327,7 @@ Fix a logic error in smtpd handling of SNI. This could allow a remote user to crash the server or provoke a disconnect of other sessions.
- + A source code patch exists which remedies this problem.

@@ -337,7 +337,7 @@ A remote user can crash httpd by forcing the daemon to log to a file before the logging system was initialized.
- + A source code patch exists which remedies this problem.

@@ -346,7 +346,7 @@   All architectures
Malformed binaries could trigger kernel panics or view kernel memory.
- + A source code patch exists which remedies this problem.

@@ -361,7 +361,7 @@

  • tar without -P would permit extraction of paths with ".." components
  • there was a buffer overflow in the handling of pax extension headers - + A source code patch exists which remedies this problem.

    @@ -373,7 +373,7 @@

  • a local user can cause smtpd to fail by writing an invalid imsg to control socket.
  • a local user can prevent smtpd from serving new requests by exhausting descriptors. - + A source code patch exists which remedies this problem.

    @@ -391,7 +391,7 @@ For more information, see the OpenSSL advisory.
    - + A source code patch exists which remedies this problem.

    @@ -400,7 +400,7 @@   All architectures
    A TCP socket can become confused and not properly cleanup resources.
    - + A source code patch exists which remedies this problem.

    @@ -410,7 +410,7 @@ A kernel memory leak could be triggered by an unprivileged user in a failure case when using execve under systrace.
    - + A source code patch exists which remedies this problem.

    @@ -421,7 +421,7 @@ the obsolete SCCS and RCS support when processing a crafted input file. This patch deletes the SCCS and RCS support.
    - + A source code patch exists which remedies this problem.

    @@ -430,7 +430,7 @@   All architectures
    The patch utility could become desyncronized processing ed(1)-style diffs.
    - + A source code patch exists which remedies this problem.

    @@ -449,7 +449,7 @@

  • hardlink and symlink attacks allowed a local user to unset chflags or leak the first line of an arbitrary file. - + A source code patch exists which remedies this problem.

    @@ -458,7 +458,7 @@   All architectures
    A problem with timer kevents could result in a kernel hang (local denial of service).
    - + A source code patch exists which remedies this problem.

    @@ -467,7 +467,7 @@   All architectures
    The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun and memory leak, as reported by Qualys Security.
    - + A source code patch exists which remedies this problem.