=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata59.html,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- www/errata59.html 2016/10/13 15:27:41 1.28 +++ www/errata59.html 2016/10/16 19:11:30 1.29 @@ -69,7 +69,7 @@
- + You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.

@@ -89,13 +89,13 @@

  • 001: SECURITY FIX: March 10, 2016   All architectures
    - + Lack of credential sanitization allows injection of commands to xauth(1).
    Prevent this problem immediately by not using the "X11Forwarding" feature (which is disabled by default)
    - + A source code patch exists which remedies this problem.

    @@ -106,7 +106,7 @@ processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user.
    - + A source code patch exists which remedies this problem.

    @@ -116,7 +116,7 @@ Incorrect path processing in pledge_namei() could result in unexpected program termination of pledge(2)'d programs.
    - + A source code patch exists which remedies this problem.

    @@ -125,7 +125,7 @@   All architectures
    A problem in m_dup_pkt() can result in kernel crashes with carp(4).
    - + A source code patch exists which remedies this problem.

    @@ -141,7 +141,7 @@

  • EVP_EncryptUpdate overflow (CVE-2016-2106)
  • ASN.1 BIO excessive memory allocation (CVE-2016-2109) - + A source code patch exists which remedies this problem.

    @@ -153,7 +153,7 @@

  • Fix logic issue in smtp state machine that can lead to invalid state and result in crash.
  • Plug file pointer leak that can lead to resources exhaustion and result in crash. - + A source code patch exists which remedies this problem.

    @@ -163,7 +163,7 @@ Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel memory contents to a local user.
    - + A source code patch exists which remedies this problem.

    @@ -172,7 +172,7 @@   All architectures
    Fix issue in the bnx(4) ethernet driver that could cause data corruption.
    - + A source code patch exists which remedies this problem.

    @@ -181,7 +181,7 @@   All architectures
    Fix a bug in the libcrypto library when parsing certain ASN.1 elements.
    - + A source code patch exists which remedies this problem.

    @@ -191,7 +191,7 @@ Fix issues in the libexpat library to prevent multiple integer and buffer overflows.
    - + A source code patch exists which remedies this problem.

    @@ -201,7 +201,7 @@ Correct a problem that prevents the DSA signing algorithm from running in constant time even if the flag BN_FLG_CONSTTIME is set.
    - + A source code patch exists which remedies this problem.

    @@ -210,7 +210,7 @@   All architectures
    Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages.
    - + A source code patch exists which remedies this problem.

    @@ -219,7 +219,7 @@   All architectures
    Splicing sockets in a loop could cause a kernel spin.
    - + A source code patch exists which remedies this problem.

    @@ -229,7 +229,7 @@ Multiple processes exiting with a fd-passing control message on a shared socket could crash the system.
    - + A source code patch exists which remedies this problem.

    @@ -238,7 +238,7 @@   All architectures
    ufs_readdir failed to limit size of memory allocation, leading to panics.
    - + A source code patch exists which remedies this problem.

    @@ -248,7 +248,7 @@ The mmap extension __MAP_NOFAULT could overcommit resources and crash the system.
    - + A source code patch exists which remedies this problem.

    @@ -258,7 +258,7 @@ A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference.
    - + A source code patch exists which remedies this problem.

    @@ -267,7 +267,7 @@   All architectures
    Tick counting overflows could cause a kernel crash.
    - + A source code patch exists which remedies this problem.

    @@ -276,7 +276,7 @@   All architectures
    Invalid file descriptor use with kevent(2) could lead to a kernel crash.
    - + A source code patch exists which remedies this problem.

    @@ -287,7 +287,7 @@ could cause malloc(9) to either not allocate enough memory, leading to memory corruption, or to trigger a "malloc: allocation too large" panic.
    - + A source code patch exists which remedies this problem.

    @@ -297,7 +297,7 @@ When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash.
    - + A source code patch exists which remedies this problem.

    @@ -308,7 +308,7 @@
    A missing NULL check in sysctl code results in a crash.
    - + A source code patch exists which remedies this problem.

    @@ -319,7 +319,7 @@
    Missing overflow checks in uvm may result in panics.
    - + A source code patch exists which remedies this problem.

    @@ -332,7 +332,7 @@ See the perl5-porters announcement for details.
    - + A source code patch exists which remedies this problem.

    @@ -344,7 +344,7 @@ Improve relayd's parsing of the Host-header by following RFC 7230 Section 5.4 more strictly.
    - + A source code patch exists which remedies this problem.

    @@ -355,7 +355,7 @@
    Limit the number of wscons fonts that can be loaded into the kernel.
    - + A source code patch exists which remedies this problem.

    @@ -367,7 +367,7 @@ Avoid unbounded memory growth in libssl, which can be triggered by a TLS client repeatedly renegotiating and sending OCSP Status Request TLS extensions.
    - + A source code patch exists which remedies this problem.

    @@ -378,7 +378,7 @@
    Avoid falling back to a weak digest for (EC)DH when using SNI with libssl.
    - + A source code patch exists which remedies this problem.

    @@ -390,7 +390,7 @@ Fix a number of issues in the way various X client libraries handle server responses.
    - + A source code patch exists which remedies this problem.