=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus41.html,v retrieving revision 1.4 retrieving revision 1.5 diff -c -r1.4 -r1.5 *** www/plus41.html 2007/03/08 17:58:54 1.4 --- www/plus41.html 2007/03/13 01:44:49 1.5 *************** *** 921,927 ****
  • Various binutils and gcc(1) additions to handle 32-bit SuperH cpus.
  • In pf.conf(5), make 'flags S/SA keep state' the implicit default for filter rules. !
  • SECURITY FIX: Integer overflow in systrace(4)'s STRIOCREPLACE support. This could be exploited for DoS, limited kmem reads or local privilege escalation.
    A source code patch is available.
    [Applied to stable]
  • Update OpenSSH to 4.4.
  • Always allow read-only opens on (s)vnd devices, despite the type of the first open (svnd vs vnd). --- 921,927 ----
  • Various binutils and gcc(1) additions to handle 32-bit SuperH cpus.
  • In pf.conf(5), make 'flags S/SA keep state' the implicit default for filter rules. !
  • SECURITY FIX: Integer overflow in systrace(4)'s STRIOCREPLACE support. This could be exploited for DoS, limited kmem reads or local privilege escalation.
    A source code patch is available.
    [Applied to stable]
  • Update OpenSSH to 4.4.
  • Always allow read-only opens on (s)vnd devices, despite the type of the first open (svnd vs vnd). *************** *** 930,936 ****
  • Fix for write(1) to handle cases where the utmp file is missing.
  • Fixes for pci(4) where unit numbers do not match PCI Bus number.
  • SECURITY FIX: Several problems have been found in OpenSSL. While parsing certain invalid ASN.1 structures an error condition is mishandled, possibly resulting in an infinite loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL pointer may be dereferenced in the SSL version 2 client code. In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used.
    ! A source code patch is available.
    [Applied to stable]
  • Use 64 bit daddr type for physical block numbers in the filesystem code. --- 930,936 ----
  • Fix for write(1) to handle cases where the utmp file is missing.
  • Fixes for pci(4) where unit numbers do not match PCI Bus number.
  • SECURITY FIX: Several problems have been found in OpenSSL. While parsing certain invalid ASN.1 structures an error condition is mishandled, possibly resulting in an infinite loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL pointer may be dereferenced in the SSL version 2 client code. In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used.
    ! A source code patch is available.
    [Applied to stable]
  • Use 64 bit daddr type for physical block numbers in the filesystem code. *************** *** 1062,1068 ****
    OpenBSD www@openbsd.org !
    $OpenBSD: plus41.html,v 1.4 2007/03/08 17:58:54 jasper Exp $ --- 1062,1068 ----
    OpenBSD www@openbsd.org !
    $OpenBSD: plus41.html,v 1.5 2007/03/13 01:44:49 deraadt Exp $