=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.475 retrieving revision 1.476 diff -c -r1.475 -r1.476 *** www/errata.html 2004/02/19 03:30:52 1.475 --- www/errata.html 2004/02/26 07:33:56 1.476 *************** *** 55,62 ****

All architectures

012: RELIABILITY FIX: February 14, 2004
Several buffer overflows exist in the code parsing font.aliases files in XFree86. Thanks to ProPolice, these cannot be --- 55,62 ----
All architectures
- ! 012: RELIABILITY FIX: February 14, 2004
  Several buffer overflows exist in the code parsing font.aliases files in XFree86. Thanks to ProPolice, these cannot be *************** *** 65,72 **** A source code patch exists which remedies the problem.
  
  ! !
- 011: SECURITY FIX: February 8, 2004
  An IPv6 MTU handling problem exists that could be used by an attacker to cause a denial of service attack against hosts with reachable IPv6 TCP ports. --- 65,72 ---- A source code patch exists which remedies the problem.
  
  !
- ! 011: SECURITY FIX: February 8, 2004
  An IPv6 MTU handling problem exists that could be used by an attacker to cause a denial of service attack against hosts with reachable IPv6 TCP ports. *************** *** 74,81 **** A source code patch exists which remedies the problem.
  
  ! !
- 010: SECURITY FIX: February 5, 2004
  A reference counting bug exists in the shmat(2) system call that could be used by an attacker to write to kernel memory --- 74,81 ---- A source code patch exists which remedies the problem.
  
  !
- ! 010: SECURITY FIX: February 5, 2004
  A reference counting bug exists in the shmat(2) system call that could be used by an attacker to write to kernel memory *************** *** 84,91 **** A source code patch exists which remedies the problem.
  
  ! !
- 009: SECURITY FIX: January 13, 2004
  Several message handling flaws in isakmpd(8) have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs. The patch also --- 84,91 ---- A source code patch exists which remedies the problem.
  
  !
- ! 009: SECURITY FIX: January 13, 2004
  Several message handling flaws in isakmpd(8) have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs. The patch also *************** *** 95,102 **** A source code patch exists which remedies these problems.
  
  ! !
- 008: RELIABILITY FIX: November 20, 2003
  An improper bounds check makes it possible for a local user to cause a crash by passing the semctl(2) and --- 95,102 ---- A source code patch exists which remedies these problems.
  
  !
- ! 008: RELIABILITY FIX: November 20, 2003
  An improper bounds check makes it possible for a local user to cause a crash by passing the semctl(2) and *************** *** 106,128 **** A source code patch exists which remedies the problem.
  
  ! !
- 007: RELIABILITY FIX: November 20, 2003
  It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
  A source code patch exists which remedies the problem.
  
  ! !
- 005: RELIABILITY FIX: November 4, 2003
  It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
  A source code patch exists which remedies the problem.
  
  ! !
- 004: RELIABILITY FIX: November 1, 2003
  A user with write permission to httpd.conf or a .htaccess file can crash httpd(8) --- 106,128 ---- A source code patch exists which remedies the problem.
  
  !
- ! 007: RELIABILITY FIX: November 20, 2003
  It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
  A source code patch exists which remedies the problem.
  
  !
- ! 005: RELIABILITY FIX: November 4, 2003
  It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
  A source code patch exists which remedies the problem.
  
  !
- ! 004: RELIABILITY FIX: November 1, 2003
  A user with write permission to httpd.conf or a .htaccess file can crash httpd(8) *************** *** 132,146 **** A source code patch exists which remedies the problem.
  
  ! !
- 003: RELIABILITY FIX: November 1, 2003
  It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
  A source code patch exists which remedies the problem.
  
  ! !
- 002: SECURITY FIX: November 1, 2003
  The use of certain ASN.1 encodings or malformed public keys may allow an attacker to mount a denial of service attack against applications linked with ssl(3). --- 132,146 ---- A source code patch exists which remedies the problem.
  
  !
- ! 003: RELIABILITY FIX: November 1, 2003
  It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
  A source code patch exists which remedies the problem.
  
  !
- ! 002: SECURITY FIX: November 1, 2003
  The use of certain ASN.1 encodings or malformed public keys may allow an attacker to mount a denial of service attack against applications linked with ssl(3). *************** *** 148,155 **** A source code patch exists which remedies the problem.
  
  ! !
- 001: DOCUMENTATION FIX: November 1, 2003
  The CD insert documentation has an incorrect example for package installation.
  Where it is written:
  --- 148,155 ---- A source code patch exists which remedies the problem.
  
  !
- ! 001: DOCUMENTATION FIX: November 1, 2003
  The CD insert documentation has an incorrect example for package installation.
  Where it is written:
  *************** *** 258,264 ****
  www@openbsd.org !
  $OpenBSD: errata.html,v 1.475 2004/02/19 03:30:52 nick Exp $ --- 258,264 ----
  www@openbsd.org !
  $OpenBSD: errata.html,v 1.476 2004/02/26 07:33:56 david Exp $