分页: 1 / 1

OpenBSD 4.8补丁发放提示(17日发布了两个补丁)

发表于 : 2010-12-20 14:23
leo
原始页面:http://www.openbsd.org/errata48.html


The patches below are available in CVS via the OPENBSD_4_8 patch branch.
For more detailed information on how to install patches to OpenBSD, please consult the OpenBSD FAQ.
  • 006: RELIABILITY FIX: December 17, 2010 All architectures
    Bring CBC oracle attack countermeasures to hardware crypto accelerator land. This fixes aes-ni, via xcrypt and various drivers (glxsb(4), hifn(4), safe(4) and ubsec(4)).
    A source code patch exists which remedies this problem.
  • 005: SECURITY FIX: December 17, 2010 All architectures
    Insufficent initialization of the pf rule structure in the ioctl handler may allow userland to modify kernel memory. By default root privileges are needed to add or modify pf rules.
    A source code patch exists which remedies this problem.
  • 004: RELIABILITY FIX: November 17, 2010 All architectures
    Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded and use OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are not affected.
    A source code patch exists which remedies this problem.
  • 003: RELIABILITY FIX: November 16, 2010 All architectures
    The vr(4) driver may hand over stale ring descriptors to the hardware if the compiler decides to re-order stores or if the hardware does store-reordering.
    A source code patch exists which remedies this problem.
  • 002: RELIABILITY FIX: November 16, 2010 All architectures
    Certain PCI based hardware may improperly announce their Base Address Registers as prefetchable even though they are not. This may cause unpredictable effects due to wrongly mapped memory.
    A source code patch exists which remedies this problem.
  • 001: RELIABILITY FIX: November 16, 2010 All architectures
    Uninitialized memory may force the RDE into route-collector mode on startup and may prevent bgpd from updating or announcing any routes.
    A source code patch exists which remedies this problem.