===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata59.html,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- www/errata59.html 2016/10/13 15:27:41 1.28
+++ www/errata59.html 2016/10/16 19:11:30 1.29
@@ -69,7 +69,7 @@
@@ -89,13 +89,13 @@
@@ -106,7 +106,7 @@
processing allow a local user to send UDP packets with a source
(IPv6 address + port) already reserved by another user.
-
+
A source code patch exists which remedies this problem.
@@ -116,7 +116,7 @@
Incorrect path processing in pledge_namei() could result in unexpected
program termination of pledge(2)'d programs.
-
+
A source code patch exists which remedies this problem.
@@ -125,7 +125,7 @@
All architectures
A problem in m_dup_pkt() can result in kernel crashes with carp(4).
-
+
A source code patch exists which remedies this problem.
@@ -141,7 +141,7 @@
@@ -153,7 +153,7 @@
@@ -163,7 +163,7 @@
Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel
memory contents to a local user.
-
+
A source code patch exists which remedies this problem.
@@ -172,7 +172,7 @@
All architectures
Fix issue in the bnx(4) ethernet driver that could cause data corruption.
-
+
A source code patch exists which remedies this problem.
@@ -181,7 +181,7 @@
All architectures
Fix a bug in the libcrypto library when parsing certain ASN.1 elements.
-
+
A source code patch exists which remedies this problem.
@@ -191,7 +191,7 @@
Fix issues in the libexpat library to prevent multiple integer and
buffer overflows.
-
+
A source code patch exists which remedies this problem.
@@ -201,7 +201,7 @@
Correct a problem that prevents the DSA signing algorithm from running
in constant time even if the flag BN_FLG_CONSTTIME is set.
-
+
A source code patch exists which remedies this problem.
@@ -210,7 +210,7 @@
All architectures
Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages.
-
+
A source code patch exists which remedies this problem.
@@ -219,7 +219,7 @@
All architectures
Splicing sockets in a loop could cause a kernel spin.
-
+
A source code patch exists which remedies this problem.
@@ -229,7 +229,7 @@
Multiple processes exiting with a fd-passing control message on a
shared socket could crash the system.
-
+
A source code patch exists which remedies this problem.
@@ -238,7 +238,7 @@
All architectures
ufs_readdir failed to limit size of memory allocation, leading to panics.
-
+
A source code patch exists which remedies this problem.
@@ -248,7 +248,7 @@
The mmap extension __MAP_NOFAULT could overcommit resources and crash
the system.
-
+
A source code patch exists which remedies this problem.
@@ -258,7 +258,7 @@
A race occuring in the unlocked ARP input path can lead to a kernel
NULL dereference.
-
+
A source code patch exists which remedies this problem.
@@ -267,7 +267,7 @@
All architectures
Tick counting overflows could cause a kernel crash.
-
+
A source code patch exists which remedies this problem.
@@ -276,7 +276,7 @@
All architectures
Invalid file descriptor use with kevent(2) could lead to a kernel crash.
-
+
A source code patch exists which remedies this problem.
@@ -287,7 +287,7 @@
could cause malloc(9) to either not allocate enough memory, leading to memory
corruption, or to trigger a "malloc: allocation too large" panic.
-
+
A source code patch exists which remedies this problem.
@@ -297,7 +297,7 @@
When signaling an error to an HTTP relay client, the connection can be
terminated prematurely, leading to a crash.
-
+
A source code patch exists which remedies this problem.
@@ -308,7 +308,7 @@
A missing NULL check in sysctl code results in a crash.
-
+
A source code patch exists which remedies this problem.
@@ -319,7 +319,7 @@
Missing overflow checks in uvm may result in panics.
-
+
A source code patch exists which remedies this problem.
@@ -332,7 +332,7 @@
See the
perl5-porters announcement for details.
-
+
A source code patch exists which remedies this problem.
@@ -344,7 +344,7 @@
Improve relayd's parsing of the Host-header by following RFC 7230
Section 5.4 more strictly.
-
+
A source code patch exists which remedies this problem.
@@ -355,7 +355,7 @@
Limit the number of wscons fonts that can be loaded into the kernel.
-
+
A source code patch exists which remedies this problem.
@@ -367,7 +367,7 @@
Avoid unbounded memory growth in libssl, which can be triggered by a TLS
client repeatedly renegotiating and sending OCSP Status Request TLS extensions.
-
+
A source code patch exists which remedies this problem.
@@ -378,7 +378,7 @@
Avoid falling back to a weak digest for (EC)DH when using SNI with libssl.
-
+
A source code patch exists which remedies this problem.
@@ -390,7 +390,7 @@
Fix a number of issues in the way various X client libraries handle
server responses.
-
+
A source code patch exists which remedies this problem.