===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata56.html,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- www/errata56.html 2017/03/28 04:04:52 1.50
+++ www/errata56.html 2017/03/28 06:41:18 1.51
@@ -71,7 +71,7 @@
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
-signify(1) tool and contains
+signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
@@ -85,7 +85,7 @@
--
+
-
001: RELIABILITY FIX: September 5, 2014
All architectures
Incorrect RX ring computation leads to panics under load with bge(4), em(4) and ix(4).
@@ -94,7 +94,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
002: RELIABILITY FIX: October 1, 2014
All architectures
If IPv6 autoconf is active on an interface and the autoconfprivacy extension is used,
@@ -108,7 +108,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
003: SECURITY FIX: October 1, 2014
All architectures
nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual
@@ -119,7 +119,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
004: RELIABILITY FIX: October 20, 2014
All architectures
Executable headers with an unaligned address will trigger a kernel panic.
@@ -128,14 +128,16 @@
A source code patch exists which remedies this problem.
-
-
+
-
005: SECURITY FIX: October 20, 2014
All architectures
This patch disables the SSLv3 protocol by default.
Applications depending on SSLv3 may need to be recompiled with
+
SSL_CTX_clear_option(ctx, SSL_OP_NO_SSLv3);
+
but we recommend against the continued use of this obsolete protocol.
@@ -143,7 +145,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
006: RELIABILITY FIX: November 17, 2014
All architectures
Certain http requests can crash relayd.
@@ -152,7 +154,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
007: RELIABILITY FIX: November 17, 2014
All architectures
A PF rule using an IPv4 address
@@ -164,7 +166,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
008: RELIABILITY FIX: November 17, 2014
All architectures
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.
@@ -173,7 +175,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
009: RELIABILITY FIX: November 18, 2014
All architectures
httpd was developed very rapidly in the weeks before 5.6 release, and
@@ -191,7 +193,7 @@
to use cvs to get the latest httpd sources if interested.
-
-
+
-
010: RELIABILITY FIX: December 5, 2014
All architectures
Several bugs were fixed that allowed a crash from remote when an active pipex
@@ -201,7 +203,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
011: RELIABILITY FIX: December 5, 2014
All architectures
An incorrect memcpy call would result in corrupted MAC addresses when
@@ -211,7 +213,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
012: RELIABILITY FIX: December 9, 2014
All architectures
Fix a denial of service where a malicious authority could make the resolver chase an
@@ -221,7 +223,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
013: RELIABILITY FIX: December 9, 2014
All architectures
Missing memory barriers in virtio(4) can lead to hangs with virtio devices,
@@ -231,7 +233,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
014: SECURITY FIX: December 9, 2014
All architectures
One year after Ilja van Sprundel discovered and reported a large number
@@ -244,7 +246,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
015: SECURITY FIX: January 13, 2015
All architectures
Fix CVE-2014-6272 in libevent 1.4 event buffer handling. OpenBSD
@@ -257,7 +259,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
016: SECURITY FIX: March 3, 2015
All architectures
Information leak in the XkbSetGeometry request of X servers.
@@ -269,7 +271,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
017: SECURITY FIX: March 13, 2015
All architectures
Don't permit TLS client connections to be downgraded to weak keys.
@@ -278,7 +280,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
018: SECURITY FIX: March 13, 2015
All architectures
Another fix for buffer overflows in malformed fonts.
@@ -287,7 +289,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
019: SECURITY FIX: March 18, 2015
All architectures
Buffer overflows in libXfont
@@ -300,7 +302,7 @@
Note that the instructions should read cd /usr/xenocara/lib/libXfont
.
-
-
+
-
020: SECURITY FIX: March 19, 2015
All architectures
Fix several crash causing defects from OpenSSL.
@@ -319,7 +321,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
021: RELIABILITY FIX: April 17, 2015
All architectures
Fix a logic error in smtpd handling of SNI.
@@ -329,7 +331,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
022: RELIABILITY FIX: April 30, 2015
All architectures
A remote user can crash httpd by forcing the daemon to log to a file
@@ -339,7 +341,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
023: SECURITY FIX: April 30, 2015
All architectures
Malformed binaries could trigger kernel panics or view kernel memory.
@@ -348,7 +350,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
024: SECURITY FIX: April 30, 2015
All architectures
Multiple issues in tar/pax/cpio:
@@ -363,7 +365,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
025: RELIABILITY FIX: June 11, 2015
All architectures
Fix multiple reliability issues in smtpd:
@@ -375,7 +377,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
026: SECURITY FIX: June 11, 2015
All architectures
Fix several defects from OpenSSL:
@@ -393,7 +395,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
027: SECURITY FIX: July 14, 2015
All architectures
A TCP socket can become confused and not properly cleanup resources.
@@ -402,7 +404,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
028: RELIABILITY FIX: July 26, 2015
All architectures
A kernel memory leak could be triggered by an unprivileged user in
@@ -412,7 +414,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
029: SECURITY FIX: July 26, 2015
All architectures
The patch utility could be made to invoke arbitrary commands via
@@ -423,7 +425,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
030: SECURITY FIX: July 30, 2015
All architectures
The patch utility could become desyncronized processing ed(1)-style diffs.
@@ -432,7 +434,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
031: SECURITY FIX: October 1, 2015
All architectures
Fix multiple reliability and security issues in smtpd:
@@ -451,7 +453,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
032: RELIABILITY FIX: October 14, 2015
All architectures
A problem with timer kevents could result in a kernel hang (local denial
@@ -460,7 +462,7 @@
A source code patch exists which remedies this problem.
-
-
+
-
033: RELIABILITY FIX: October 15, 2015
All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun