===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.565
retrieving revision 1.566
diff -c -r1.565 -r1.566
*** www/errata.html 2006/09/27 10:37:09 1.565
--- www/errata.html 2006/10/07 18:07:36 1.566
***************
*** 74,79 ****
--- 74,118 ----
+ -
+ 014: SECURITY FIX: October 7, 2006 All architectures
+ Fix for an integer overflow in systrace's STRIOCREPLACE support, found by
+ Chris Evans. This could be exploited for DoS, limited kmem reads or local
+ privilege escalation.
+
+
+ A source code patch exists which remedies this problem.
+
+
+
-
+ 013: SECURITY FIX: October 7, 2006 All architectures
+ Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
+ structures an error condition is mishandled, possibly resulting in an infinite
+ loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
+ pointer may be dereferenced in the SSL version 2 client code. In addition, many
+ applications using OpenSSL do not perform any validation of the lengths of
+ public keys being used.
+ CVE-2006-2937,
+ CVE-2006-3738,
+ CVE-2006-4343,
+ CVE-2006-2940
+
+
+ A source code patch exists which remedies this problem.
+
+
+
-
+ 012: SECURITY FIX: October 7, 2006 All architectures
+ httpd(8)
+ does not sanitize the Expect header from an HTTP request when it is
+ reflected back in an error message, which might allow cross-site scripting (XSS)
+ style attacks.
+ CVE-2006-3918
+
+
+ A source code patch exists which remedies this problem.
+
+
-
011: SECURITY FIX: September 8, 2006 All architectures
Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for
***************
*** 238,244 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.565 2006/09/27 10:37:09 tom Exp $