=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.268 retrieving revision 1.269 diff -c -r1.268 -r1.269 *** www/errata.html 2000/09/18 17:00:13 1.268 --- www/errata.html 2000/10/03 22:44:53 1.269 *************** *** 40,45 **** --- 40,57 ----

All architectures

025: SECURITY FIX: Oct 3, 2000
+ A format string vulnerability exists in the pw_error(3) function. This + manifests itself as a security hole in the chpass utility. As a workaround + which disables its functionality, do +
```
+ # chmod u-s /usr/bin/chpass
+ 
```
+
+ + A source code patch exists which remedies this problem. +
024: SECURITY FIX: Sep 18, 2000
Bad ESP/AH packets could cause a crash under certain conditions. *************** *** 49,55 ****
023: SECURITY FIX: Aug 16, 2000
A format string vulnerability exists in xlock. As a workaround which disables ! it's functionality, do
```
  # chmod u-s /usr/X11R6/bin/xlock
  
```
--- 61,67 ----
023: SECURITY FIX: Aug 16, 2000
A format string vulnerability exists in xlock. As a workaround which disables ! its functionality, do
```
  # chmod u-s /usr/X11R6/bin/xlock
  
```
*************** *** 369,375 **** www@openbsd.org !
$OpenBSD: errata.html,v 1.268 2000/09/18 17:00:13 jason Exp $ --- 381,387 ---- www@openbsd.org !
$OpenBSD: errata.html,v 1.269 2000/10/03 22:44:53 millert Exp $