www/82798: 4.11 and 5.4 errata pages need updating regarding to
security advisores
Daniel Gerzo
danger at rulez.sk
Wed Jun 29 22:40:03 GMT 2005
>Number: 82798
>Category: www
>Synopsis: 4.11 and 5.4 errata pages need updating regarding to security advisores
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-www
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: doc-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jun 29 22:40:00 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Daniel Gerzo
>Release: FreeBSD 5.4
>Organization:
rulez.sk
>Environment:
System: FreeBSD daemon.rulez.sk 5.4 FreeBSD 5.4 #2: Fri May 27 23:16:31 CEST 2005 danger at daemon.rulez.sk:/usr/obj/usr/src/sys/daemon i386
>Description:
the errata pages for FreeBSD 5.4 and 4.11 releases are outdated regarding to new
security advisores. this patch fixes the problem. Also, the 5.4 pages contained
the bind9 SA, but 5.4 release isn't affected with it.
>How-To-Repeat:
check:
http://www.freebsd.org/releases/4.11R/errata.html
http://www.freebsd.org/releases/5.4R/errata.html
>Fix:
here are diffs:
--- article.5.4.sgml.diff begins here ---
--- article.5.4.sgml.orig Fri Jun 24 10:52:41 2005
+++ article.5.4.sgml Thu Jun 30 00:16:50 2005
@@ -113,6 +113,55 @@
<tbody>
<row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc"
+ >SA-05:02.sendfile</ulink></entry>
+ <entry>4 April 2005</entry>
+ <entry><para>sendfile kernel memory disclosure</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc"
+ >SA-05:03.amd64</ulink></entry>
+ <entry>6 April 2005</entry>
+ <entry><para>unprivileged hardware access on amd64</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc"
+ >SA-05:04.ifconf</ulink></entry>
+ <entry>15 April 2005</entry>
+ <entry><para>Kernel memory disclosure in ifconf()</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:05.cvs.asc"
+ >SA-05:05.cvs</ulink></entry>
+ <entry>22 April 2005</entry>
+ <entry><para>Multiple vulnerabilities in CVS</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc"
+ >SA-05:06.iir</ulink></entry>
+ <entry>6 May 2005</entry>
+ <entry><para>Incorrect permissions on /dev/iir</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc"
+ >SA-05:07.ldt</ulink></entry>
+ <entry>6 May 2005</entry>
+ <entry><para>Local kernel memory disclosure in i386_get_ldt</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc"
+ >SA-05:08.kmem</ulink></entry>
+ <entry>6 May 2005</entry>
+ <entry><para>Local kernel memory disclosure</para></entry>
+ </row>
+
+ <row>
<entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc"
>SA-05:09.htt</ulink></entry>
<entry>22 May 2005</entry>
@@ -134,10 +183,24 @@
</row>
<row>
- <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:12.bind9.asc"
- >SA-05:12.bind9</ulink></entry>
- <entry>9 Jun 2005</entry>
- <entry><para>BIND 9 DNSSEC remote denial of service vulnerability</para></entry>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc"
+ >SA-05:13.ipfw</ulink></entry>
+ <entry>29 Jun 2005</entry>
+ <entry><para>ipfw packet matching errors with address tables</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:14.bzip2.asc"
+ >SA-05:14.bzip2</ulink></entry>
+ <entry>29 Jun 2005</entry>
+ <entry><para>bzip2 denial of service and permission race vulnerabilities</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
+ >SA-05:15.tcp</ulink></entry>
+ <entry>29 Jun 2005</entry>
+ <entry><para>TCP connection stall denial of service</para></entry>
</row>
</tbody>
</tgroup>
--- article.5.4.sgml.diff ends here ---
--- article.4.11.sgml.diff begins here ---
--- article.4.11.sgml.orig Fri Jan 21 03:52:23 2005
+++ article.4.11.sgml Thu Jun 30 00:21:42 2005
@@ -115,14 +115,103 @@
<sect1>
<title>Security Advisories</title>
-<![ %release.type.release [
- <para>No active security advisories.</para>
-]]>
-
-<![ %release.type.snapshot [
- <para>No active security advisories.</para>
-]]>
+ <para>The following security advisories pertain to &os; &release.branch;.
+ For more information, consult the individual advisories available from
+ <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/"></ulink>.</para>
+ <informaltable frame="none" pgwide="0">
+ <tgroup cols="3">
+ <colspec colwidth="1*">
+ <colspec colwidth="1*">
+ <colspec colwidth="3*">
+ <thead>
+ <row>
+ <entry>Advisory</entry>
+ <entry>Date</entry>
+ <entry>Topic</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc"
+ >SA-05:01.telnet</ulink></entry>
+ <entry>28 March 2005</entry>
+ <entry><para>telnet client buffer overflows</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc"
+ >SA-05:02.sendfile</ulink></entry>
+ <entry>4 April 2005</entry>
+ <entry><para>sendfile kernel memory disclosure</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc"
+ >SA-05:04.ifconf</ulink></entry>
+ <entry>15 April 2005</entry>
+ <entry><para>Kernel memory disclosure in ifconf()</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:05.cvs.asc"
+ >SA-05:05.cvs</ulink></entry>
+ <entry>22 April 2005</entry>
+ <entry><para>Multiple vulnerabilities in CVS</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc"
+ >SA-05:06.iir</ulink></entry>
+ <entry>6 May 2005</entry>
+ <entry><para>Incorrect permissions on /dev/iir</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc"
+ >SA-05:07.ldt</ulink></entry>
+ <entry>6 May 2005</entry>
+ <entry><para>Local kernel memory disclosure in i386_get_ldt</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc"
+ >SA-05:08.kmem</ulink></entry>
+ <entry>6 May 2005</entry>
+ <entry><para>Local kernel memory disclosure</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc"
+ >SA-05:09.htt</ulink></entry>
+ <entry>13 May 2005</entry>
+ <entry><para>information disclosure when using HTT</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:11.gzip.asc"
+ >SA-05:11.gzip</ulink></entry>
+ <entry>9 June 2005</entry>
+ <entry><para>gzip directory traversal and permission race vulnerabilities</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:14.bzip2.asc"
+ >SA-05:14.bzip2</ulink></entry>
+ <entry>29 June 2005</entry>
+ <entry><para>bzip2 denial of service and permission race vulnerabilities</para></entry>
+ </row>
+
+ <row>
+ <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
+ >SA-05:15.tcp</ulink></entry>
+ <entry>29 June 2005</entry>
+ <entry><para>TCP connection stall denial of service</para></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
</sect1>
<sect1>
--- article.4.11.sgml.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-www
mailing list