===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata58.html,v
retrieving revision 1.32
retrieving revision 1.33
diff -c -r1.32 -r1.33
*** www/errata58.html 2016/08/15 02:22:06 1.32
--- www/errata58.html 2016/10/16 19:11:30 1.33
***************
*** 70,76 ****
--- 70,76 ----
***************
*** 93,99 ****
Inverted logic made PermitRootLogin "prohibit-password" unsafe.
Use "no" (which is the installer default), or apply the following patch.
!
A source code patch exists which remedies this problem.
--- 93,99 ----
Inverted logic made PermitRootLogin "prohibit-password" unsafe.
Use "no" (which is the installer default), or apply the following patch.
!
A source code patch exists which remedies this problem.
***************
*** 103,109 ****
LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
include TLS extensions, resulting in such handshakes being aborted.
!
A source code patch exists which remedies this problem.
--- 103,109 ----
LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
include TLS extensions, resulting in such handshakes being aborted.
!
A source code patch exists which remedies this problem.
***************
*** 112,118 ****
All architectures
An incorrect operation in uvm could result in system panics.
!
A source code patch exists which remedies this problem.
--- 112,118 ----
All architectures
An incorrect operation in uvm could result in system panics.
!
A source code patch exists which remedies this problem.
*************** *** 131,137 ****
--- 131,137 ----
***************
*** 140,146 ****
All architectures
A problem with timer kevents could result in a kernel hang (local denial
of service).
!
A source code patch exists which remedies this problem.
--- 140,146 ----
All architectures
A problem with timer kevents could result in a kernel hang (local denial
of service).
!
A source code patch exists which remedies this problem.
***************
*** 151,157 ****
and does not match the 5.8 release builds.
!
A replacement file is available in the 5.8 release directory with the name cd-src.tar.gz; due to size of the file, check local mirrors also.
--- 151,157 ----
and does not match the 5.8 release builds.
!
A replacement file is available in the 5.8 release directory with the name cd-src.tar.gz; due to size of the file, check local mirrors also.
***************
*** 160,166 ****
All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
and memory leak, as reported by Qualys Security.
!
A source code patch exists which remedies this problem.
--- 160,166 ----
All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
and memory leak, as reported by Qualys Security.
!
A source code patch exists which remedies this problem.
***************
*** 169,175 ****
All architectures
Insufficient validation of RSN element group cipher values in 802.11
beacons and probe responses could result in system panics.
!
A source code patch exists which remedies this problem.
--- 169,175 ----
All architectures
Insufficient validation of RSN element group cipher values in 802.11
beacons and probe responses could result in system panics.
!
A source code patch exists which remedies this problem.
***************
*** 178,184 ****
All architectures
A NULL pointer deference could be triggered by a crafted certificate sent to
services configured to verify client certificates on TLS/SSL connections.
!
A source code patch exists which remedies this problem.
--- 178,184 ----
All architectures
A NULL pointer deference could be triggered by a crafted certificate sent to
services configured to verify client certificates on TLS/SSL connections.
!
A source code patch exists which remedies this problem.
***************
*** 191,210 ****
Prevent this problem immediately by adding the line "UseRoaming no" to
/etc/ssh/ssh_config.
!
A source code patch exists which remedies this problem.
--- 191,210 ----
Prevent this problem immediately by adding the line "UseRoaming no" to
/etc/ssh/ssh_config.
!
A source code patch exists which remedies this problem.
***************
*** 215,221 ****
processing allow a local user to send UDP packets with a source
(IPv6 address + port) already reserved by another user.
!
A source code patch exists which remedies this problem.
--- 215,221 ----
processing allow a local user to send UDP packets with a source
(IPv6 address + port) already reserved by another user.
!
A source code patch exists which remedies this problem.
*************** *** 232,238 ****
--- 232,238 ----
***************
*** 242,248 ****
Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel
memory contents to a local user.
!
A source code patch exists which remedies this problem.
--- 242,248 ----
Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel
memory contents to a local user.
!
A source code patch exists which remedies this problem.
***************
*** 251,257 ****
All architectures
Fix a bug in the libcrypto library when parsing certain ASN.1 elements.
!
A source code patch exists which remedies this problem.
--- 251,257 ----
All architectures
Fix a bug in the libcrypto library when parsing certain ASN.1 elements.
!
A source code patch exists which remedies this problem.
***************
*** 260,266 ****
All architectures
Fix issues in the libexpat library to prevent multiple integer and buffer overflows.
!
A source code patch exists which remedies this problem.
--- 260,266 ----
All architectures
Fix issues in the libexpat library to prevent multiple integer and buffer overflows.
!
A source code patch exists which remedies this problem.
***************
*** 270,276 ****
Correct a problem that prevents the DSA signing algorithm from running
in constant time even if the flag BN_FLG_CONSTTIME is set.
!
A source code patch exists which remedies this problem.
--- 270,276 ----
Correct a problem that prevents the DSA signing algorithm from running
in constant time even if the flag BN_FLG_CONSTTIME is set.
!
A source code patch exists which remedies this problem.
***************
*** 279,285 ****
All architectures
Splicing sockets in a loop could cause a kernel spin.
!
A source code patch exists which remedies this problem.
--- 279,285 ----
All architectures
Splicing sockets in a loop could cause a kernel spin.
!
A source code patch exists which remedies this problem.
***************
*** 288,294 ****
All architectures
ufs_readdir failed to limit size of memory allocation, leading to panics.
!
A source code patch exists which remedies this problem.
--- 288,294 ----
All architectures
ufs_readdir failed to limit size of memory allocation, leading to panics.
!
A source code patch exists which remedies this problem.
***************
*** 298,304 ****
The mmap extension __MAP_NOFAULT could overcommit resources and crash
the system.
!
A source code patch exists which remedies this problem.
--- 298,304 ----
The mmap extension __MAP_NOFAULT could overcommit resources and crash
the system.
!
A source code patch exists which remedies this problem.
***************
*** 307,313 ****
All architectures
Tick counting overflows could cause a kernel crash.
!
A source code patch exists which remedies this problem.
--- 307,313 ----
All architectures
Tick counting overflows could cause a kernel crash.
!
A source code patch exists which remedies this problem.
***************
*** 316,322 ****
All architectures
Invalid file descriptor use with kevent(2) could lead to a kernel crash.
!
A source code patch exists which remedies this problem.
--- 316,322 ----
All architectures
Invalid file descriptor use with kevent(2) could lead to a kernel crash.
!
A source code patch exists which remedies this problem.
***************
*** 327,333 ****
could cause malloc(9) to either not allocate enough memory, leading to memory
corruption, or to trigger a "malloc: allocation too large" panic.
!
A source code patch exists which remedies this problem.
--- 327,333 ----
could cause malloc(9) to either not allocate enough memory, leading to memory
corruption, or to trigger a "malloc: allocation too large" panic.
!
A source code patch exists which remedies this problem.
***************
*** 337,343 ****
When signaling an error to an HTTP relay client, the connection can be
terminated prematurely, leading to a crash.
!
A source code patch exists which remedies this problem.
--- 337,343 ----
When signaling an error to an HTTP relay client, the connection can be
terminated prematurely, leading to a crash.
!
A source code patch exists which remedies this problem.
***************
*** 348,354 ****
A missing NULL check in sysctl code results in a crash.
!
A source code patch exists which remedies this problem.
--- 348,354 ----
A missing NULL check in sysctl code results in a crash.
!
A source code patch exists which remedies this problem.
***************
*** 359,365 ****
Missing overflow checks in uvm may result in panics.
!
A source code patch exists which remedies this problem.
--- 359,365 ----
Missing overflow checks in uvm may result in panics.
!
A source code patch exists which remedies this problem.
***************
*** 372,378 ****
See the
perl5-porters announcement for details.
!
A source code patch exists which remedies this problem.
--- 372,378 ----
See the
perl5-porters announcement for details.
!
A source code patch exists which remedies this problem.
***************
*** 384,390 ****
Improve relayd's parsing of the Host-header by following RFC 7230
Section 5.4 more strictly.
!
A source code patch exists which remedies this problem.
--- 384,390 ----
Improve relayd's parsing of the Host-header by following RFC 7230
Section 5.4 more strictly.
!
A source code patch exists which remedies this problem.