=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata58.html,v retrieving revision 1.36 retrieving revision 1.37 diff -c -r1.36 -r1.37 *** www/errata58.html 2017/03/28 04:04:52 1.36 --- www/errata58.html 2017/03/28 06:41:18 1.37 *************** *** 71,77 ****

Patches for the OpenBSD base system are distributed as unified diffs. Each patch is cryptographically signed with the ! signify(1) tool and contains usage instructions. All the following patches are also available in one tar.gz file --- 71,77 ----

001: SECURITY FIX: August 30, 2015 All architectures
Inverted logic made PermitRootLogin "prohibit-password" unsafe. --- 85,91 ----
- 001: SECURITY FIX: August 30, 2015 All architectures
  Inverted logic made PermitRootLogin "prohibit-password" unsafe. *************** *** 95,101 **** A source code patch exists which remedies this problem.
  !
- 002: INTEROPERABILITY FIX: August 30, 2015 All architectures
  LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not --- 95,101 ---- A source code patch exists which remedies this problem.
  !
- 002: INTEROPERABILITY FIX: August 30, 2015 All architectures
  LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not *************** *** 105,111 **** A source code patch exists which remedies this problem.
  !
- 003: RELIABILITY FIX: September 28, 2015 All architectures
  An incorrect operation in uvm could result in system panics. --- 105,111 ---- A source code patch exists which remedies this problem.
  !
- 003: RELIABILITY FIX: September 28, 2015 All architectures
  An incorrect operation in uvm could result in system panics. *************** *** 114,120 **** A source code patch exists which remedies this problem.
  !
- 004: SECURITY FIX: October 1, 2015 All architectures
  Fix multiple reliability and security issues in smtpd:
  --- 114,120 ---- A source code patch exists which remedies this problem.
  !
- 004: SECURITY FIX: October 1, 2015 All architectures
  Fix multiple reliability and security issues in smtpd:
  *************** *** 133,139 **** A source code patch exists which remedies this problem.
  !
- 005: RELIABILITY FIX: October 14, 2015 All architectures
  A problem with timer kevents could result in a kernel hang (local denial --- 133,139 ---- A source code patch exists which remedies this problem.
  !
- 005: RELIABILITY FIX: October 14, 2015 All architectures
  A problem with timer kevents could result in a kernel hang (local denial *************** *** 142,148 **** A source code patch exists which remedies this problem.
  !
- 006: RELEASE CD ISSUE: Oct 18, 2015 All architectures
  The "src.tar.gz" file on the source tree was created on the wrong day, --- 142,148 ---- A source code patch exists which remedies this problem.
  !
- 006: RELEASE CD ISSUE: Oct 18, 2015 All architectures
  The "src.tar.gz" file on the source tree was created on the wrong day, *************** *** 153,159 **** A replacement file is available in the 5.8 release directory with the name cd-src.tar.gz; due to size of the file, check local mirrors also.
  !
- 007: RELIABILITY FIX: October 15, 2015 All architectures
  The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun --- 153,159 ---- A replacement file is available in the 5.8 release directory with the name cd-src.tar.gz; due to size of the file, check local mirrors also.
  !
- 007: RELIABILITY FIX: October 15, 2015 All architectures
  The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun *************** *** 162,168 **** A source code patch exists which remedies this problem.
  !
- 008: RELIABILITY FIX: November 9, 2015 All architectures
  Insufficient validation of RSN element group cipher values in 802.11 --- 162,168 ---- A source code patch exists which remedies this problem.
  !
- 008: RELIABILITY FIX: November 9, 2015 All architectures
  Insufficient validation of RSN element group cipher values in 802.11 *************** *** 171,177 **** A source code patch exists which remedies this problem.
  !
- 009: RELIABILITY FIX: Dec 3, 2015 All architectures
  A NULL pointer dereference could be triggered by a crafted certificate sent to --- 171,177 ---- A source code patch exists which remedies this problem.
  !
- 009: RELIABILITY FIX: Dec 3, 2015 All architectures
  A NULL pointer dereference could be triggered by a crafted certificate sent to *************** *** 180,186 **** A source code patch exists which remedies this problem.
  !
- 010: SECURITY FIX: January 14, 2016 All architectures
  Experimental roaming code in the ssh client could be tricked by a hostile sshd --- 180,186 ---- A source code patch exists which remedies this problem.
  !
- 010: SECURITY FIX: January 14, 2016 All architectures
  Experimental roaming code in the ssh client could be tricked by a hostile sshd *************** *** 193,199 **** A source code patch exists which remedies this problem.
  !
- 011: SECURITY FIX: March 10, 2016 All architectures
  --- 193,199 ---- A source code patch exists which remedies this problem.
  !
- 011: SECURITY FIX: March 10, 2016 All architectures
  *************** *** 206,212 **** A source code patch exists which remedies this problem.
  !
- 012: SECURITY FIX: March 16, 2016 All architectures
  Insufficient checks in IPv6 socket binding and UDP IPv6 option --- 206,212 ---- A source code patch exists which remedies this problem.
  !
- 012: SECURITY FIX: March 16, 2016 All architectures
  Insufficient checks in IPv6 socket binding and UDP IPv6 option *************** *** 217,223 **** A source code patch exists which remedies this problem.
  !
- 013: SECURITY FIX: May 3, 2016 All architectures
  Fix issues in the libcrypto library. --- 217,223 ---- A source code patch exists which remedies this problem.
  !
- 013: SECURITY FIX: May 3, 2016 All architectures
  Fix issues in the libcrypto library. *************** *** 234,240 **** A source code patch exists which remedies this problem.
  !
- 014: SECURITY FIX: May 17, 2016 All architectures
  Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel --- 234,240 ---- A source code patch exists which remedies this problem.
  !
- 014: SECURITY FIX: May 17, 2016 All architectures
  Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel *************** *** 244,250 **** A source code patch exists which remedies this problem.
  !
- 015: RELIABILITY FIX: May 29, 2016 All architectures
  Fix a bug in the libcrypto library when parsing certain ASN.1 elements. --- 244,250 ---- A source code patch exists which remedies this problem.
  !
- 015: RELIABILITY FIX: May 29, 2016 All architectures
  Fix a bug in the libcrypto library when parsing certain ASN.1 elements. *************** *** 253,259 **** A source code patch exists which remedies this problem.
  !
- 016: SECURITY FIX: June 2, 2016 All architectures
  Fix issues in the libexpat library to prevent multiple integer and buffer overflows. --- 253,259 ---- A source code patch exists which remedies this problem.
  !
- 016: SECURITY FIX: June 2, 2016 All architectures
  Fix issues in the libexpat library to prevent multiple integer and buffer overflows. *************** *** 262,268 **** A source code patch exists which remedies this problem.
  !
- 017: SECURITY FIX: June 6, 2016 All architectures
  Correct a problem that prevents the DSA signing algorithm from running --- 262,268 ---- A source code patch exists which remedies this problem.
  !
- 017: SECURITY FIX: June 6, 2016 All architectures
  Correct a problem that prevents the DSA signing algorithm from running *************** *** 272,278 **** A source code patch exists which remedies this problem.
  !
- 018: RELIABILITY FIX: July 14, 2016 All architectures
  Splicing sockets in a loop could cause a kernel spin. --- 272,278 ---- A source code patch exists which remedies this problem.
  !
- 018: RELIABILITY FIX: July 14, 2016 All architectures
  Splicing sockets in a loop could cause a kernel spin. *************** *** 281,287 **** A source code patch exists which remedies this problem.
  !
- 019: RELIABILITY FIX: July 14, 2016 All architectures
  ufs_readdir failed to limit size of memory allocation, leading to panics. --- 281,287 ---- A source code patch exists which remedies this problem.
  !
- 019: RELIABILITY FIX: July 14, 2016 All architectures
  ufs_readdir failed to limit size of memory allocation, leading to panics. *************** *** 290,296 **** A source code patch exists which remedies this problem.
  !
- 020: SECURITY FIX: July 14, 2016 All architectures
  The mmap extension __MAP_NOFAULT could overcommit resources and crash --- 290,296 ---- A source code patch exists which remedies this problem.
  !
- 020: SECURITY FIX: July 14, 2016 All architectures
  The mmap extension __MAP_NOFAULT could overcommit resources and crash *************** *** 300,306 **** A source code patch exists which remedies this problem.
  !
- 021: RELIABILITY FIX: July 14, 2016 All architectures
  Tick counting overflows could cause a kernel crash. --- 300,306 ---- A source code patch exists which remedies this problem.
  !
- 021: RELIABILITY FIX: July 14, 2016 All architectures
  Tick counting overflows could cause a kernel crash. *************** *** 309,315 **** A source code patch exists which remedies this problem.
  !
- 022: RELIABILITY FIX: July 14, 2016 All architectures
  Invalid file descriptor use with kevent(2) could lead to a kernel crash. --- 309,315 ---- A source code patch exists which remedies this problem.
  !
- 022: RELIABILITY FIX: July 14, 2016 All architectures
  Invalid file descriptor use with kevent(2) could lead to a kernel crash. *************** *** 318,324 **** A source code patch exists which remedies this problem.
  !
- 023: RELIABILITY FIX: July 14, 2016 All architectures
  Unchecked parameters and integer overflows in the amap allocation routines --- 318,324 ---- A source code patch exists which remedies this problem.
  !
- 023: RELIABILITY FIX: July 14, 2016 All architectures
  Unchecked parameters and integer overflows in the amap allocation routines *************** *** 329,335 **** A source code patch exists which remedies this problem.
  !
- 024: RELIABILITY FIX: July 25, 2016 All architectures
  When signaling an error to an HTTP relay client, the connection can be --- 329,335 ---- A source code patch exists which remedies this problem.
  !
- 024: RELIABILITY FIX: July 25, 2016 All architectures
  When signaling an error to an HTTP relay client, the connection can be *************** *** 339,345 **** A source code patch exists which remedies this problem.
  !
- 025: RELIABILITY FIX: August 2, 2016 All architectures --- 339,345 ---- A source code patch exists which remedies this problem.
  !
- 025: RELIABILITY FIX: August 2, 2016 All architectures *************** *** 350,356 **** A source code patch exists which remedies this problem.
  !
- 026: RELIABILITY FIX: August 2, 2016 All architectures --- 350,356 ---- A source code patch exists which remedies this problem.
  !
- 026: RELIABILITY FIX: August 2, 2016 All architectures *************** *** 361,367 **** A source code patch exists which remedies this problem.
  !
- 027: SECURITY FIX: August 6, 2016 All architectures --- 361,367 ---- A source code patch exists which remedies this problem.
  !
- 027: SECURITY FIX: August 6, 2016 All architectures *************** *** 374,380 **** A source code patch exists which remedies this problem.
  !
- 028: RELIABILITY FIX: August 6, 2016 All architectures --- 374,380 ---- A source code patch exists which remedies this problem.
  !
- 028: RELIABILITY FIX: August 6, 2016 All architectures