=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.459 retrieving revision 1.460 diff -c -r1.459 -r1.460 *** www/errata.html 2003/10/30 23:23:48 1.459 --- www/errata.html 2003/10/31 01:28:11 1.460 *************** *** 55,60 **** --- 55,84 ----

All architectures

004: RELIABILITY FIX: October 29, 2003
+ A user with write permission to httpd.conf or a .htaccess + file can crash + httpd(8) + or potentially run arbitrary code as the user www (although it + is believed that ProPolice will prevent code execution). +
+ A source code patch exists which remedies the problem.
+
+ +
003: RELIABILITY FIX: October 1, 2003
+ It is possible for a local user to cause a system panic by flooding it with spoofed ARP + requests.
+ A source code patch exists which remedies the problem.
+
+ +
002: SECURITY FIX: October 1, 2003
+ The use of certain ASN.1 encodings or malformed public keys may allow an + attacker to mount a denial of service attack against applications linked with + ssl(3). + This does not affect OpenSSH.
+ A source code patch exists which remedies the problem.
+
001: DOCUMENTATION FIX: November 1, 2003
The CD insert documentation has an incorrect example for package installation.
*************** *** 154,160 ****
www@openbsd.org !
$OpenBSD: errata.html,v 1.459 2003/10/30 23:23:48 deraadt Exp $ --- 178,184 ----
www@openbsd.org !
$OpenBSD: errata.html,v 1.460 2003/10/31 01:28:11 margarida Exp $