===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.459
retrieving revision 1.460
diff -c -r1.459 -r1.460
*** www/errata.html 2003/10/30 23:23:48 1.459
--- www/errata.html 2003/10/31 01:28:11 1.460
***************
*** 55,60 ****
--- 55,84 ----
All architectures
+
+ - 004: RELIABILITY FIX: October 29, 2003
+ A user with write permission to httpd.conf or a .htaccess
+ file can crash
+ httpd(8)
+ or potentially run arbitrary code as the user www (although it
+ is believed that ProPolice will prevent code execution).
+
+ A source code patch exists which remedies the problem.
+
+
+
- 003: RELIABILITY FIX: October 1, 2003
+ It is possible for a local user to cause a system panic by flooding it with spoofed ARP
+ requests.
+ A source code patch exists which remedies the problem.
+
+
+
- 002: SECURITY FIX: October 1, 2003
+ The use of certain ASN.1 encodings or malformed public keys may allow an
+ attacker to mount a denial of service attack against applications linked with
+ ssl(3).
+ This does not affect OpenSSH.
+ A source code patch exists which remedies the problem.
+
- 001: DOCUMENTATION FIX: November 1, 2003
The CD insert documentation has an incorrect example for package installation.
***************
*** 154,160 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.459 2003/10/30 23:23:48 deraadt Exp $