=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata59.html,v retrieving revision 1.28 retrieving revision 1.29 diff -c -r1.28 -r1.29 *** www/errata59.html 2016/10/13 15:27:41 1.28 --- www/errata59.html 2016/10/16 19:11:30 1.29 *************** *** 69,75 ****

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

--- 69,75 ----

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

*************** *** 89,101 ****

001: SECURITY FIX: March 10, 2016 All architectures
! Lack of credential sanitization allows injection of commands to xauth(1).
Prevent this problem immediately by not using the "X11Forwarding" feature (which is disabled by default)
! A source code patch exists which remedies this problem.

--- 89,101 ----

*************** *** 106,112 **** processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user.
! A source code patch exists which remedies this problem.

--- 106,112 ---- processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user.
! A source code patch exists which remedies this problem.

*************** *** 116,122 **** Incorrect path processing in pledge_namei() could result in unexpected program termination of pledge(2)'d programs.
! A source code patch exists which remedies this problem.

--- 116,122 ---- Incorrect path processing in pledge_namei() could result in unexpected program termination of pledge(2)'d programs.
! A source code patch exists which remedies this problem.

*************** *** 125,131 **** All architectures
A problem in m_dup_pkt() can result in kernel crashes with carp(4).
! A source code patch exists which remedies this problem.

--- 125,131 ---- All architectures
A problem in m_dup_pkt() can result in kernel crashes with carp(4).
! A source code patch exists which remedies this problem.

*************** *** 141,147 ****

EVP_EncryptUpdate overflow (CVE-2016-2106)

ASN.1 BIO excessive memory allocation (CVE-2016-2109) ! A source code patch exists which remedies this problem.

--- 141,147 ----

EVP_EncryptUpdate overflow (CVE-2016-2106)

ASN.1 BIO excessive memory allocation (CVE-2016-2109) ! A source code patch exists which remedies this problem.

*************** *** 153,159 ****

Fix logic issue in smtp state machine that can lead to invalid state and result in crash.

Plug file pointer leak that can lead to resources exhaustion and result in crash. ! A source code patch exists which remedies this problem.

--- 153,159 ----

Fix logic issue in smtp state machine that can lead to invalid state and result in crash.

Plug file pointer leak that can lead to resources exhaustion and result in crash. ! A source code patch exists which remedies this problem.

*************** *** 163,169 **** Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel memory contents to a local user.
! A source code patch exists which remedies this problem.

--- 163,169 ---- Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel memory contents to a local user.
! A source code patch exists which remedies this problem.

*************** *** 172,178 **** All architectures
Fix issue in the bnx(4) ethernet driver that could cause data corruption.
! A source code patch exists which remedies this problem.

--- 172,178 ---- All architectures
Fix issue in the bnx(4) ethernet driver that could cause data corruption.
! A source code patch exists which remedies this problem.

*************** *** 181,187 **** All architectures
Fix a bug in the libcrypto library when parsing certain ASN.1 elements.
! A source code patch exists which remedies this problem.

--- 181,187 ---- All architectures
Fix a bug in the libcrypto library when parsing certain ASN.1 elements.
! A source code patch exists which remedies this problem.

*************** *** 191,197 **** Fix issues in the libexpat library to prevent multiple integer and buffer overflows.
! A source code patch exists which remedies this problem.

--- 191,197 ---- Fix issues in the libexpat library to prevent multiple integer and buffer overflows.
! A source code patch exists which remedies this problem.

*************** *** 201,207 **** Correct a problem that prevents the DSA signing algorithm from running in constant time even if the flag BN_FLG_CONSTTIME is set.
! A source code patch exists which remedies this problem.

--- 201,207 ---- Correct a problem that prevents the DSA signing algorithm from running in constant time even if the flag BN_FLG_CONSTTIME is set.
! A source code patch exists which remedies this problem.

*************** *** 210,216 **** All architectures
Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages.
! A source code patch exists which remedies this problem.

--- 210,216 ---- All architectures
Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages.
! A source code patch exists which remedies this problem.

*************** *** 219,225 **** All architectures
Splicing sockets in a loop could cause a kernel spin.
! A source code patch exists which remedies this problem.

--- 219,225 ---- All architectures
Splicing sockets in a loop could cause a kernel spin.
! A source code patch exists which remedies this problem.

*************** *** 229,235 **** Multiple processes exiting with a fd-passing control message on a shared socket could crash the system.
! A source code patch exists which remedies this problem.

--- 229,235 ---- Multiple processes exiting with a fd-passing control message on a shared socket could crash the system.
! A source code patch exists which remedies this problem.

*************** *** 238,244 **** All architectures
ufs_readdir failed to limit size of memory allocation, leading to panics.
! A source code patch exists which remedies this problem.

--- 238,244 ---- All architectures
ufs_readdir failed to limit size of memory allocation, leading to panics.
! A source code patch exists which remedies this problem.

*************** *** 248,254 **** The mmap extension __MAP_NOFAULT could overcommit resources and crash the system.
! A source code patch exists which remedies this problem.

--- 248,254 ---- The mmap extension __MAP_NOFAULT could overcommit resources and crash the system.
! A source code patch exists which remedies this problem.

*************** *** 258,264 **** A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference.
! A source code patch exists which remedies this problem.

--- 258,264 ---- A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference.
! A source code patch exists which remedies this problem.

*************** *** 267,273 **** All architectures
Tick counting overflows could cause a kernel crash.
! A source code patch exists which remedies this problem.

--- 267,273 ---- All architectures
Tick counting overflows could cause a kernel crash.
! A source code patch exists which remedies this problem.

*************** *** 276,282 **** All architectures
Invalid file descriptor use with kevent(2) could lead to a kernel crash.
! A source code patch exists which remedies this problem.

--- 276,282 ---- All architectures
Invalid file descriptor use with kevent(2) could lead to a kernel crash.
! A source code patch exists which remedies this problem.

*************** *** 287,293 **** could cause malloc(9) to either not allocate enough memory, leading to memory corruption, or to trigger a "malloc: allocation too large" panic.
! A source code patch exists which remedies this problem.

--- 287,293 ---- could cause malloc(9) to either not allocate enough memory, leading to memory corruption, or to trigger a "malloc: allocation too large" panic.
! A source code patch exists which remedies this problem.

*************** *** 297,303 **** When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash.
! A source code patch exists which remedies this problem.

--- 297,303 ---- When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash.
! A source code patch exists which remedies this problem.

*************** *** 308,314 ****
A missing NULL check in sysctl code results in a crash.
! A source code patch exists which remedies this problem.

--- 308,314 ----
A missing NULL check in sysctl code results in a crash.
! A source code patch exists which remedies this problem.

*************** *** 319,325 ****
Missing overflow checks in uvm may result in panics.
! A source code patch exists which remedies this problem.

--- 319,325 ----
Missing overflow checks in uvm may result in panics.
! A source code patch exists which remedies this problem.

*************** *** 332,338 **** See the perl5-porters announcement for details.
! A source code patch exists which remedies this problem.

--- 332,338 ---- See the perl5-porters announcement for details.
! A source code patch exists which remedies this problem.

*************** *** 344,350 **** Improve relayd's parsing of the Host-header by following RFC 7230 Section 5.4 more strictly.
! A source code patch exists which remedies this problem.

--- 344,350 ---- Improve relayd's parsing of the Host-header by following RFC 7230 Section 5.4 more strictly.
! A source code patch exists which remedies this problem.

*************** *** 355,361 ****
Limit the number of wscons fonts that can be loaded into the kernel.
! A source code patch exists which remedies this problem.

--- 355,361 ----
Limit the number of wscons fonts that can be loaded into the kernel.
! A source code patch exists which remedies this problem.

*************** *** 367,373 **** Avoid unbounded memory growth in libssl, which can be triggered by a TLS client repeatedly renegotiating and sending OCSP Status Request TLS extensions.
! A source code patch exists which remedies this problem.

--- 367,373 ---- Avoid unbounded memory growth in libssl, which can be triggered by a TLS client repeatedly renegotiating and sending OCSP Status Request TLS extensions.
! A source code patch exists which remedies this problem.

*************** *** 378,384 ****
Avoid falling back to a weak digest for (EC)DH when using SNI with libssl.
! A source code patch exists which remedies this problem.

--- 378,384 ----
Avoid falling back to a weak digest for (EC)DH when using SNI with libssl.
! A source code patch exists which remedies this problem.

*************** *** 390,396 **** Fix a number of issues in the way various X client libraries handle server responses.
! A source code patch exists which remedies this problem.

--- 390,396 ---- Fix a number of issues in the way various X client libraries handle server responses.
! A source code patch exists which remedies this problem.