===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.510
retrieving revision 1.511
diff -c -r1.510 -r1.511
*** www/errata.html 2004/09/16 23:09:48 1.510
--- www/errata.html 2004/09/21 16:32:37 1.511
***************
*** 56,61 ****
--- 56,72 ----
All architectures
+ -
+ 020: SECURITY FIX: September 20, 2004
+ Eilko Bos reported that radius authentication, as implemented by
+ login_radius(8),
+ was not checking the shared secret used for replies sent by the radius server.
+ This could allow an attacker to spoof a reply granting access to the
+ attacker. Note that OpenBSD does not ship with radius authentication enabled.
+
+
+ A source code patch exists which remedies this problem.
+
-
019: SECURITY FIX: September 16, 2004
Chris Evans reported several flaws (stack and integer overflows) in the
***************
*** 371,377 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.510 2004/09/16 23:09:48 brad Exp $