Date: Thu, 30 Jun 2005 00:39:35 +0200 (CEST) From: Daniel Gerzo <danger@rulez.sk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: danger@rulez.sk Subject: www/82798: 4.11 and 5.4 errata pages need updating regarding to security advisores Message-ID: <20050629223935.9E1051CC91@mail.rulez.sk> Resent-Message-ID: <200506292240.j5TMe0mq016012@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 82798 >Category: www >Synopsis: 4.11 and 5.4 errata pages need updating regarding to security advisores >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-www >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Wed Jun 29 22:40:00 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Daniel Gerzo >Release: FreeBSD 5.4 >Organization: rulez.sk >Environment: System: FreeBSD daemon.rulez.sk 5.4 FreeBSD 5.4 #2: Fri May 27 23:16:31 CEST 2005 danger@daemon.rulez.sk:/usr/obj/usr/src/sys/daemon i386 >Description: the errata pages for FreeBSD 5.4 and 4.11 releases are outdated regarding to new security advisores. this patch fixes the problem. Also, the 5.4 pages contained the bind9 SA, but 5.4 release isn't affected with it. >How-To-Repeat: check: http://www.freebsd.org/releases/4.11R/errata.html http://www.freebsd.org/releases/5.4R/errata.html >Fix: here are diffs: --- article.5.4.sgml.diff begins here --- --- article.5.4.sgml.orig Fri Jun 24 10:52:41 2005 +++ article.5.4.sgml Thu Jun 30 00:16:50 2005 @@ -113,6 +113,55 @@ <tbody> <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc" + >SA-05:02.sendfile</ulink></entry> + <entry>4 April 2005</entry> + <entry><para>sendfile kernel memory disclosure</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc" + >SA-05:03.amd64</ulink></entry> + <entry>6 April 2005</entry> + <entry><para>unprivileged hardware access on amd64</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc" + >SA-05:04.ifconf</ulink></entry> + <entry>15 April 2005</entry> + <entry><para>Kernel memory disclosure in ifconf()</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:05.cvs.asc" + >SA-05:05.cvs</ulink></entry> + <entry>22 April 2005</entry> + <entry><para>Multiple vulnerabilities in CVS</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc" + >SA-05:06.iir</ulink></entry> + <entry>6 May 2005</entry> + <entry><para>Incorrect permissions on /dev/iir</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc" + >SA-05:07.ldt</ulink></entry> + <entry>6 May 2005</entry> + <entry><para>Local kernel memory disclosure in i386_get_ldt</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc" + >SA-05:08.kmem</ulink></entry> + <entry>6 May 2005</entry> + <entry><para>Local kernel memory disclosure</para></entry> + </row> + + <row> <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc" >SA-05:09.htt</ulink></entry> <entry>22 May 2005</entry> @@ -134,10 +183,24 @@ </row> <row> - <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:12.bind9.asc" - >SA-05:12.bind9</ulink></entry> - <entry>9 Jun 2005</entry> - <entry><para>BIND 9 DNSSEC remote denial of service vulnerability</para></entry> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc" + >SA-05:13.ipfw</ulink></entry> + <entry>29 Jun 2005</entry> + <entry><para>ipfw packet matching errors with address tables</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:14.bzip2.asc" + >SA-05:14.bzip2</ulink></entry> + <entry>29 Jun 2005</entry> + <entry><para>bzip2 denial of service and permission race vulnerabilities</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc" + >SA-05:15.tcp</ulink></entry> + <entry>29 Jun 2005</entry> + <entry><para>TCP connection stall denial of service</para></entry> </row> </tbody> </tgroup> --- article.5.4.sgml.diff ends here --- --- article.4.11.sgml.diff begins here --- --- article.4.11.sgml.orig Fri Jan 21 03:52:23 2005 +++ article.4.11.sgml Thu Jun 30 00:21:42 2005 @@ -115,14 +115,103 @@ <sect1> <title>Security Advisories</title> -<![ %release.type.release [ - <para>No active security advisories.</para> -]]> - -<![ %release.type.snapshot [ - <para>No active security advisories.</para> -]]> + <para>The following security advisories pertain to &os; &release.branch;. + For more information, consult the individual advisories available from + <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/"></ulink>.</para>; + <informaltable frame="none" pgwide="0"> + <tgroup cols="3"> + <colspec colwidth="1*"> + <colspec colwidth="1*"> + <colspec colwidth="3*"> + <thead> + <row> + <entry>Advisory</entry> + <entry>Date</entry> + <entry>Topic</entry> + </row> + </thead> + + <tbody> + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc" + >SA-05:01.telnet</ulink></entry> + <entry>28 March 2005</entry> + <entry><para>telnet client buffer overflows</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc" + >SA-05:02.sendfile</ulink></entry> + <entry>4 April 2005</entry> + <entry><para>sendfile kernel memory disclosure</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc" + >SA-05:04.ifconf</ulink></entry> + <entry>15 April 2005</entry> + <entry><para>Kernel memory disclosure in ifconf()</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:05.cvs.asc" + >SA-05:05.cvs</ulink></entry> + <entry>22 April 2005</entry> + <entry><para>Multiple vulnerabilities in CVS</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc" + >SA-05:06.iir</ulink></entry> + <entry>6 May 2005</entry> + <entry><para>Incorrect permissions on /dev/iir</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc" + >SA-05:07.ldt</ulink></entry> + <entry>6 May 2005</entry> + <entry><para>Local kernel memory disclosure in i386_get_ldt</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc" + >SA-05:08.kmem</ulink></entry> + <entry>6 May 2005</entry> + <entry><para>Local kernel memory disclosure</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc" + >SA-05:09.htt</ulink></entry> + <entry>13 May 2005</entry> + <entry><para>information disclosure when using HTT</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:11.gzip.asc" + >SA-05:11.gzip</ulink></entry> + <entry>9 June 2005</entry> + <entry><para>gzip directory traversal and permission race vulnerabilities</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:14.bzip2.asc" + >SA-05:14.bzip2</ulink></entry> + <entry>29 June 2005</entry> + <entry><para>bzip2 denial of service and permission race vulnerabilities</para></entry> + </row> + + <row> + <entry><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc" + >SA-05:15.tcp</ulink></entry> + <entry>29 June 2005</entry> + <entry><para>TCP connection stall denial of service</para></entry> + </row> + </tbody> + </tgroup> + </informaltable> </sect1> <sect1> --- article.4.11.sgml.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050629223935.9E1051CC91>