===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata58.html,v
retrieving revision 1.36
retrieving revision 1.37
diff -c -r1.36 -r1.37
*** www/errata58.html 2017/03/28 04:04:52 1.36
--- www/errata58.html 2017/03/28 06:41:18 1.37
***************
*** 71,77 ****
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
! signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
--- 71,77 ----
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
! signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
***************
*** 85,91 ****
! -
001: SECURITY FIX: August 30, 2015
All architectures
Inverted logic made PermitRootLogin "prohibit-password" unsafe.
--- 85,91 ----
! -
001: SECURITY FIX: August 30, 2015
All architectures
Inverted logic made PermitRootLogin "prohibit-password" unsafe.
***************
*** 95,101 ****
A source code patch exists which remedies this problem.
!
-
002: INTEROPERABILITY FIX: August 30, 2015
All architectures
LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
--- 95,101 ----
A source code patch exists which remedies this problem.
!
-
002: INTEROPERABILITY FIX: August 30, 2015
All architectures
LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
***************
*** 105,111 ****
A source code patch exists which remedies this problem.
!
-
003: RELIABILITY FIX: September 28, 2015
All architectures
An incorrect operation in uvm could result in system panics.
--- 105,111 ----
A source code patch exists which remedies this problem.
!
-
003: RELIABILITY FIX: September 28, 2015
All architectures
An incorrect operation in uvm could result in system panics.
***************
*** 114,120 ****
A source code patch exists which remedies this problem.
!
-
004: SECURITY FIX: October 1, 2015
All architectures
Fix multiple reliability and security issues in smtpd:
--- 114,120 ----
A source code patch exists which remedies this problem.
!
-
004: SECURITY FIX: October 1, 2015
All architectures
Fix multiple reliability and security issues in smtpd:
***************
*** 133,139 ****
A source code patch exists which remedies this problem.
!
-
005: RELIABILITY FIX: October 14, 2015
All architectures
A problem with timer kevents could result in a kernel hang (local denial
--- 133,139 ----
A source code patch exists which remedies this problem.
!
-
005: RELIABILITY FIX: October 14, 2015
All architectures
A problem with timer kevents could result in a kernel hang (local denial
***************
*** 142,148 ****
A source code patch exists which remedies this problem.
!
-
006: RELEASE CD ISSUE: Oct 18, 2015
All architectures
The "src.tar.gz" file on the source tree was created on the wrong day,
--- 142,148 ----
A source code patch exists which remedies this problem.
!
-
006: RELEASE CD ISSUE: Oct 18, 2015
All architectures
The "src.tar.gz" file on the source tree was created on the wrong day,
***************
*** 153,159 ****
A replacement file is available in the 5.8 release directory with the name cd-src.tar.gz; due to size of the file, check local mirrors also.
!
-
007: RELIABILITY FIX: October 15, 2015
All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
--- 153,159 ----
A replacement file is available in the 5.8 release directory with the name cd-src.tar.gz; due to size of the file, check local mirrors also.
!
-
007: RELIABILITY FIX: October 15, 2015
All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
***************
*** 162,168 ****
A source code patch exists which remedies this problem.
!
-
008: RELIABILITY FIX: November 9, 2015
All architectures
Insufficient validation of RSN element group cipher values in 802.11
--- 162,168 ----
A source code patch exists which remedies this problem.
!
-
008: RELIABILITY FIX: November 9, 2015
All architectures
Insufficient validation of RSN element group cipher values in 802.11
***************
*** 171,177 ****
A source code patch exists which remedies this problem.
!
-
009: RELIABILITY FIX: Dec 3, 2015
All architectures
A NULL pointer dereference could be triggered by a crafted certificate sent to
--- 171,177 ----
A source code patch exists which remedies this problem.
!
-
009: RELIABILITY FIX: Dec 3, 2015
All architectures
A NULL pointer dereference could be triggered by a crafted certificate sent to
***************
*** 180,186 ****
A source code patch exists which remedies this problem.
!
-
010: SECURITY FIX: January 14, 2016
All architectures
Experimental roaming code in the ssh client could be tricked by a hostile sshd
--- 180,186 ----
A source code patch exists which remedies this problem.
!
-
010: SECURITY FIX: January 14, 2016
All architectures
Experimental roaming code in the ssh client could be tricked by a hostile sshd
***************
*** 193,199 ****
A source code patch exists which remedies this problem.
!
-
011: SECURITY FIX: March 10, 2016
All architectures
--- 193,199 ----
A source code patch exists which remedies this problem.
!
-
011: SECURITY FIX: March 10, 2016
All architectures
***************
*** 206,212 ****
A source code patch exists which remedies this problem.
!
-
012: SECURITY FIX: March 16, 2016
All architectures
Insufficient checks in IPv6 socket binding and UDP IPv6 option
--- 206,212 ----
A source code patch exists which remedies this problem.
!
-
012: SECURITY FIX: March 16, 2016
All architectures
Insufficient checks in IPv6 socket binding and UDP IPv6 option
***************
*** 217,223 ****
A source code patch exists which remedies this problem.
!
-
013: SECURITY FIX: May 3, 2016
All architectures
Fix issues in the libcrypto library.
--- 217,223 ----
A source code patch exists which remedies this problem.
!
-
013: SECURITY FIX: May 3, 2016
All architectures
Fix issues in the libcrypto library.
***************
*** 234,240 ****
A source code patch exists which remedies this problem.
!
-
014: SECURITY FIX: May 17, 2016
All architectures
Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel
--- 234,240 ----
A source code patch exists which remedies this problem.
!
-
014: SECURITY FIX: May 17, 2016
All architectures
Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel
***************
*** 244,250 ****
A source code patch exists which remedies this problem.
!
-
015: RELIABILITY FIX: May 29, 2016
All architectures
Fix a bug in the libcrypto library when parsing certain ASN.1 elements.
--- 244,250 ----
A source code patch exists which remedies this problem.
!
-
015: RELIABILITY FIX: May 29, 2016
All architectures
Fix a bug in the libcrypto library when parsing certain ASN.1 elements.
***************
*** 253,259 ****
A source code patch exists which remedies this problem.
!
-
016: SECURITY FIX: June 2, 2016
All architectures
Fix issues in the libexpat library to prevent multiple integer and buffer overflows.
--- 253,259 ----
A source code patch exists which remedies this problem.
!
-
016: SECURITY FIX: June 2, 2016
All architectures
Fix issues in the libexpat library to prevent multiple integer and buffer overflows.
***************
*** 262,268 ****
A source code patch exists which remedies this problem.
!
-
017: SECURITY FIX: June 6, 2016
All architectures
Correct a problem that prevents the DSA signing algorithm from running
--- 262,268 ----
A source code patch exists which remedies this problem.
!
-
017: SECURITY FIX: June 6, 2016
All architectures
Correct a problem that prevents the DSA signing algorithm from running
***************
*** 272,278 ****
A source code patch exists which remedies this problem.
!
-
018: RELIABILITY FIX: July 14, 2016
All architectures
Splicing sockets in a loop could cause a kernel spin.
--- 272,278 ----
A source code patch exists which remedies this problem.
!
-
018: RELIABILITY FIX: July 14, 2016
All architectures
Splicing sockets in a loop could cause a kernel spin.
***************
*** 281,287 ****
A source code patch exists which remedies this problem.
!
-
019: RELIABILITY FIX: July 14, 2016
All architectures
ufs_readdir failed to limit size of memory allocation, leading to panics.
--- 281,287 ----
A source code patch exists which remedies this problem.
!
-
019: RELIABILITY FIX: July 14, 2016
All architectures
ufs_readdir failed to limit size of memory allocation, leading to panics.
***************
*** 290,296 ****
A source code patch exists which remedies this problem.
!
-
020: SECURITY FIX: July 14, 2016
All architectures
The mmap extension __MAP_NOFAULT could overcommit resources and crash
--- 290,296 ----
A source code patch exists which remedies this problem.
!
-
020: SECURITY FIX: July 14, 2016
All architectures
The mmap extension __MAP_NOFAULT could overcommit resources and crash
***************
*** 300,306 ****
A source code patch exists which remedies this problem.
!
-
021: RELIABILITY FIX: July 14, 2016
All architectures
Tick counting overflows could cause a kernel crash.
--- 300,306 ----
A source code patch exists which remedies this problem.
!
-
021: RELIABILITY FIX: July 14, 2016
All architectures
Tick counting overflows could cause a kernel crash.
***************
*** 309,315 ****
A source code patch exists which remedies this problem.
!
-
022: RELIABILITY FIX: July 14, 2016
All architectures
Invalid file descriptor use with kevent(2) could lead to a kernel crash.
--- 309,315 ----
A source code patch exists which remedies this problem.
!
-
022: RELIABILITY FIX: July 14, 2016
All architectures
Invalid file descriptor use with kevent(2) could lead to a kernel crash.
***************
*** 318,324 ****
A source code patch exists which remedies this problem.
!
-
023: RELIABILITY FIX: July 14, 2016
All architectures
Unchecked parameters and integer overflows in the amap allocation routines
--- 318,324 ----
A source code patch exists which remedies this problem.
!
-
023: RELIABILITY FIX: July 14, 2016
All architectures
Unchecked parameters and integer overflows in the amap allocation routines
***************
*** 329,335 ****
A source code patch exists which remedies this problem.
!
-
024: RELIABILITY FIX: July 25, 2016
All architectures
When signaling an error to an HTTP relay client, the connection can be
--- 329,335 ----
A source code patch exists which remedies this problem.
!
-
024: RELIABILITY FIX: July 25, 2016
All architectures
When signaling an error to an HTTP relay client, the connection can be
***************
*** 339,345 ****
A source code patch exists which remedies this problem.
!
-
025: RELIABILITY FIX: August 2, 2016
All architectures
--- 339,345 ----
A source code patch exists which remedies this problem.
!
-
025: RELIABILITY FIX: August 2, 2016
All architectures
***************
*** 350,356 ****
A source code patch exists which remedies this problem.
!
-
026: RELIABILITY FIX: August 2, 2016
All architectures
--- 350,356 ----
A source code patch exists which remedies this problem.
!
-
026: RELIABILITY FIX: August 2, 2016
All architectures
***************
*** 361,367 ****
A source code patch exists which remedies this problem.
!
-
027: SECURITY FIX: August 6, 2016
All architectures
--- 361,367 ----
A source code patch exists which remedies this problem.
!
-
027: SECURITY FIX: August 6, 2016
All architectures
***************
*** 374,380 ****
A source code patch exists which remedies this problem.
!
-
028: RELIABILITY FIX: August 6, 2016
All architectures
--- 374,380 ----
A source code patch exists which remedies this problem.
!
-
028: RELIABILITY FIX: August 6, 2016
All architectures