===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.563
retrieving revision 1.564
diff -c -r1.563 -r1.564
*** www/errata.html 2006/09/09 03:04:22 1.563
--- www/errata.html 2006/09/09 13:05:53 1.564
***************
*** 106,112 ****
009: SECURITY FIX: September 2, 2006 All architectures
Due to the failure to correctly validate LCP configuration option lengths,
it is possible for an attacker to send LCP packets via an
! sppp(4)
connection causing the kernel to panic.
CVE-2006-4304
--- 106,112 ----
009: SECURITY FIX: September 2, 2006 All architectures
Due to the failure to correctly validate LCP configuration option lengths,
it is possible for an attacker to send LCP packets via an
! sppp(4)
connection causing the kernel to panic.
CVE-2006-4304
***************
*** 117,125 ****
008: SECURITY FIX: August 25, 2006 All architectures
A problem in
! isakmpd(8)
caused IPsec to run partly without replay protection. If
! isakmpd(8)
was acting as responder during SA negotiation, SA's with a replay window of size 0 were created.
An attacker could reinject sniffed IPsec packets, which will be accepted without checking the
replay counter.
--- 117,125 ----
008: SECURITY FIX: August 25, 2006 All architectures
A problem in
! isakmpd(8)
caused IPsec to run partly without replay protection. If
! isakmpd(8)
was acting as responder during SA negotiation, SA's with a replay window of size 0 were created.
An attacker could reinject sniffed IPsec packets, which will be accepted without checking the
replay counter.
***************
*** 140,148 ****
006: SECURITY FIX: August 25, 2006 All architectures
Due to an off-by-one error in
! dhcpd(8),
it is possible to cause
! dhcpd(8)
to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option.
CVE-2006-3122
--- 140,148 ----
006: SECURITY FIX: August 25, 2006 All architectures
Due to an off-by-one error in
! dhcpd(8),
it is possible to cause
! dhcpd(8)
to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option.
CVE-2006-3122
***************
*** 162,169 ****
004: SECURITY FIX: July 30, 2006 All architectures
! httpd(8)
! 's mod_rewrite has a potentially exploitable off-by-one buffer overflow.
The buffer overflow may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration files,
could be triggered remotely. The default install is not affected by the
--- 162,169 ----
004: SECURITY FIX: July 30, 2006 All architectures
! httpd(8)'s
! mod_rewrite has a potentially exploitable off-by-one buffer overflow.
The buffer overflow may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration files,
could be triggered remotely. The default install is not affected by the
***************
*** 239,245 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.563 2006/09/09 03:04:22 brad Exp $