=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.573 retrieving revision 1.574 diff -c -r1.573 -r1.574 *** www/errata.html 2006/11/01 08:30:16 1.573 --- www/errata.html 2006/11/04 03:02:28 1.574 *************** *** 75,80 **** --- 75,122 ----

+ 003: SECURITY FIX: October 7, 2006 All architectures
+ Fix for an integer overflow in + systrace(4)'s + STRIOCREPLACE support, found by + Chris Evans. This could be exploited for DoS, limited kmem reads or local + privilege escalation. +
+ + A source code patch exists which remedies this problem.
+
+ +
+ 002: SECURITY FIX: October 7, 2006 All architectures
+ Several problems have been found in OpenSSL. While parsing certain invalid ASN.1 + structures an error condition is mishandled, possibly resulting in an infinite + loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL + pointer may be dereferenced in the SSL version 2 client code. In addition, many + applications using OpenSSL do not perform any validation of the lengths of + public keys being used. + CVE-2006-2937, + CVE-2006-3738, + CVE-2006-4343, + CVE-2006-2940 +
+ + + A source code patch exists which remedies this problem.
+
+ +
+ 001: SECURITY FIX: October 7, 2006 All architectures
+ httpd(8) + does not sanitize the Expect header from an HTTP request when it is + reflected back in an error message, which might allow cross-site scripting (XSS) + style attacks. + CVE-2006-3918 + +
+ + A source code patch exists which remedies this problem.
+

*************** *** 108,114 ****

www@openbsd.org !
$OpenBSD: errata.html,v 1.573 2006/11/01 08:30:16 steven Exp $ --- 150,156 ----

www@openbsd.org !
$OpenBSD: errata.html,v 1.574 2006/11/04 03:02:28 brad Exp $