===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.573
retrieving revision 1.574
diff -c -r1.573 -r1.574
*** www/errata.html 2006/11/01 08:30:16 1.573
--- www/errata.html 2006/11/04 03:02:28 1.574
***************
*** 75,80 ****
--- 75,122 ----
+ -
+ 003: SECURITY FIX: October 7, 2006 All architectures
+ Fix for an integer overflow in
+ systrace(4)'s
+ STRIOCREPLACE support, found by
+ Chris Evans. This could be exploited for DoS, limited kmem reads or local
+ privilege escalation.
+
+
+ A source code patch exists which remedies this problem.
+
+
+
-
+ 002: SECURITY FIX: October 7, 2006 All architectures
+ Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
+ structures an error condition is mishandled, possibly resulting in an infinite
+ loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
+ pointer may be dereferenced in the SSL version 2 client code. In addition, many
+ applications using OpenSSL do not perform any validation of the lengths of
+ public keys being used.
+ CVE-2006-2937,
+ CVE-2006-3738,
+ CVE-2006-4343,
+ CVE-2006-2940
+
+
+
+ A source code patch exists which remedies this problem.
+
+
+
-
+ 001: SECURITY FIX: October 7, 2006 All architectures
+ httpd(8)
+ does not sanitize the Expect header from an HTTP request when it is
+ reflected back in an error message, which might allow cross-site scripting (XSS)
+ style attacks.
+ CVE-2006-3918
+
+
+
+ A source code patch exists which remedies this problem.
+
***************
*** 108,114 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.573 2006/11/01 08:30:16 steven Exp $