=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata57.html,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- www/errata57.html 2016/08/15 02:22:06 1.41 +++ www/errata57.html 2016/10/16 19:11:30 1.42 @@ -70,7 +70,7 @@
- + You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

@@ -105,7 +105,7 @@ For more information, see the X.org advisory.
- + A source code patch exists which remedies this problem.
Note that the instructions should read cd /usr/xenocara/lib/libXfont.

@@ -125,7 +125,7 @@ For more information, see the OpenSSL advisory.
- + A source code patch exists which remedies this problem.

@@ -135,7 +135,7 @@ Fix a logic error in smtpd handling of SNI. This could allow a remote user to crash the server or provoke a disconnect of other sessions.
- + A source code patch exists which remedies this problem.

@@ -145,7 +145,7 @@ A remote user can crash httpd by forcing the daemon to log to a file before the logging system was initialized.
- + A source code patch exists which remedies this problem.

@@ -154,7 +154,7 @@   All architectures
Malformed binaries could trigger kernel panics or view kernel memory.
- + A source code patch exists which remedies this problem.

@@ -169,7 +169,7 @@

  • tar without -P would permit extraction of paths with ".." components
  • there was a buffer overflow in the handling of pax extension headers - + A source code patch exists which remedies this problem.

    @@ -181,7 +181,7 @@

  • a local user can cause smtpd to fail by writing an invalid imsg to control socket.
  • a local user can prevent smtpd from serving new requests by exhausting descriptors. - + A source code patch exists which remedies this problem.

    @@ -199,7 +199,7 @@ For more information, see the OpenSSL advisory.
    - + A source code patch exists which remedies this problem.

    @@ -208,7 +208,7 @@   All architectures
    A TCP socket can become confused and not properly cleanup resources.
    - + A source code patch exists which remedies this problem.

    @@ -218,7 +218,7 @@ A kernel memory leak could be triggered by an unprivileged user in a failure case when using execve under systrace.
    - + A source code patch exists which remedies this problem.

    @@ -229,7 +229,7 @@ the obsolete RCS support when processing a crafted input file. This patch deletes the RCS support.
    - + A source code patch exists which remedies this problem.

    @@ -238,7 +238,7 @@   All architectures
    The patch utility could become desyncronized processing ed(1)-style diffs.
    - + A source code patch exists which remedies this problem.

    @@ -248,7 +248,7 @@ A change to sshd resulted in incorrect permissions being applied to pseudo terminal devices, allowing local users to write to (but not read from) them.
    - + A source code patch exists which remedies this problem.

    @@ -258,7 +258,7 @@ Various problems were identified in relayd and merged back from current to 5.7 in this maintanance update.
    - + A source code patch exists which remedies this problem.

    @@ -267,7 +267,7 @@   All architectures
    An incorrect operation in uvm could result in system panics.
    - + A source code patch exists which remedies this problem.

    @@ -286,7 +286,7 @@

  • hardlink and symlink attacks allowed a local user to unset chflags or leak the first line of an arbitrary file. - + A source code patch exists which remedies this problem.

    @@ -295,7 +295,7 @@   All architectures
    A problem with timer kevents could result in a kernel hang (local denial of service).
    - + A source code patch exists which remedies this problem.

    @@ -304,7 +304,7 @@   All architectures
    The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun and memory leak, as reported by Qualys Security.
    - + A source code patch exists which remedies this problem.

    @@ -313,7 +313,7 @@   All architectures
    Insufficient validation of RSN element group cipher values in 802.11 beacons and probe responses could result in system panics.
    - + A source code patch exists which remedies this problem.

    @@ -322,7 +322,7 @@   All architectures
    A NULL pointer deference could be triggered by a crafted certificate sent to services configured to verify client certificates on TLS/SSL connections.
    - + A source code patch exists which remedies this problem.

    @@ -335,20 +335,20 @@ Prevent this problem immediately by adding the line "UseRoaming no" to /etc/ssh/ssh_config.
    - + A source code patch exists which remedies this problem.

  • 023: SECURITY FIX: March 10, 2016   All architectures
    - + Lack of credential sanitization allows injection of commands to xauth(1).
    Prevent this problem immediately by not using the "X11Forwarding" feature (which is disabled by default)
    - + A source code patch exists which remedies this problem.

    @@ -359,7 +359,7 @@ processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user.
    - + A source code patch exists which remedies this problem.