===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.508
retrieving revision 1.509
diff -u -r1.508 -r1.509
--- www/errata.html 2004/08/30 01:35:39 1.508
+++ www/errata.html 2004/09/10 18:30:45 1.509
@@ -56,6 +56,17 @@
All architectures
+-
+018: SECURITY FIX: September 10, 2004
+httpd(8)
+'s mod_rewrite module can be made to write one zero byte in an arbitrary memory
+position outside of a char array, causing a DoS or possibly buffer overflows.
+This would require enabling dbm for mod_rewrite and making use of a malicious
+dbm file.
+
+
+A source code patch exists which remedies this problem.
+
-
017: RELIABILITY FIX: August 29, 2004
Due to incorrect error handling in zlib an attacker could potentially cause a Denial
@@ -347,7 +358,7 @@
www@openbsd.org
-
$OpenBSD: errata.html,v 1.508 2004/08/30 01:35:39 brad Exp $
+
$OpenBSD: errata.html,v 1.509 2004/09/10 18:30:45 brad Exp $