===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.511
retrieving revision 1.512
diff -u -r1.511 -r1.512
--- www/errata.html	2004/09/21 16:32:37	1.511
+++ www/errata.html	2004/10/29 17:22:16	1.512
@@ -1,7 +1,7 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
-<title>OpenBSD 3.5 errata</title>
+<title>OpenBSD 3.6 errata</title>
 <link rev=made href="mailto:www@openbsd.org">
 <meta name="resource-type" content="document">
 <meta name="description" content="the OpenBSD CD errata page">
@@ -15,7 +15,7 @@
 
 <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
 <h2><font color="#0000e0">
-This is the OpenBSD 3.5 release errata &amp; patch list:
+This is the OpenBSD 3.6 release errata &amp; patch list:
 
 </font></h2>
 
@@ -37,16 +37,17 @@
 <a href="errata31.html">3.1</a>,
 <a href="errata32.html">3.2</a>,
 <a href="errata33.html">3.3</a>,
-<a href="errata34.html">3.4</a>.
+<a href="errata34.html">3.4</a>,
+<a href="errata35.html">3.5</a>.
 <br>
 <hr>
 
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5.tar.gz">
+<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6.tar.gz">
 You can also fetch a tar.gz file containing all the following patches</a>.
 This file is updated once a day.
 
 <p> The patches below are available in CVS via the
-<code>OPENBSD_3_5</code> <a href="stable.html">patch branch</a>.
+<code>OPENBSD_3_6</code> <a href="stable.html">patch branch</a>.
 
 <p>
 For more detailed information on how to install patches to OpenBSD, please
@@ -56,228 +57,9 @@
 <a name="all"></a>
 <h3><font color="#e00000">All architectures</font></h3>
 <ul>
-<li><a name="radius"></a>
-<font color="#009000"><strong>020: SECURITY FIX: September 20, 2004</strong></font><br>
-Eilko Bos reported that radius authentication, as implemented by
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_radius&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">login_radius(8)</a>,
-was not checking the shared secret used for replies sent by the radius server.
-This could allow an attacker to spoof a reply granting access to the
-attacker.  Note that OpenBSD does not ship with radius authentication enabled.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/020_radius.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="xpm"></a>
-<font color="#009000"><strong>019: SECURITY FIX: September 16, 2004</strong></font><br>
-Chris Evans reported several flaws (stack and integer overflows) in the
-<a href="http://www.inria.fr/koala/lehors/xpm.html">Xpm</a>
-library code that parses image files
-(<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687">CAN-2004-0687</a>,
-<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688">CAN-2004-0688</a>).
-Some of these would be exploitable when parsing malicious image files in
-an application that handles XPM images, if they could escape ProPolice.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/019_xpm.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="httpd2"></a>
-<font color="#009000"><strong>018: SECURITY FIX: September 10, 2004</strong></font><br>
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">httpd(8)</a>
-'s mod_rewrite module can be made to write one zero byte in an arbitrary memory
-position outside of a char array, causing a DoS or possibly buffer overflows.
-This would require enabling dbm for mod_rewrite and making use of a malicious
-dbm file.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/018_httpd2.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="libz"></a>
-<font color="#009000"><strong>017: RELIABILITY FIX: August 29, 2004</strong></font><br>
-Due to incorrect error handling in zlib an attacker could potentially cause a Denial
-of Service attack.
-<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797">CAN-2004-0797</a>
-.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="bridge"></a>
-<font color="#009000"><strong>016: RELIABILITY FIX: August 26, 2004</strong></font><br>
-As
-<a href="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=109345131508824&amp;w=2">reported</a>
-by Vafa Izadinia
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">bridge(4)</a>
-with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/016_bridge.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="icmp"></a>
-<font color="#009000"><strong>015: RELIABILITY FIX: August 25, 2004</strong></font><br>
-Improved verification of ICMP errors in order to minimize the impact of ICMP attacks
-against TCP.
-<br>
-<a href="http://www.ietf.org/internet-drafts/draft-gont-icmp-payload-00.txt">http://www.ietf.org/internet-drafts/draft-gont-icmp-payload-00.txt</a>
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/015_icmp.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="rnd"></a>
-<font color="#009000"><strong>014: RELIABILITY FIX: July 25, 2004</strong></font><br>
-Under a certain network load the kernel can run out of stack space.  This was
-encountered in an environment using CARP on a VLAN interface.  This issue initially
-manifested itself as a FPU related crash on boot up.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/014_rnd.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="httpd"></a>
-<font color="#009000"><strong>013: SECURITY FIX: June 12, 2004</strong></font><br>
-Multiple vulnerabilities have been found in
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">httpd(8)</a>
-/ mod_ssl.
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">CAN-2003-0020</a>,
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987">CAN-2003-0987</a>,
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>,
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492</a>.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/013_httpd.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="isakmpd"></a>
-<font color="#009000"><strong>012: SECURITY FIX: June 10, 2004</strong></font><br>
-As 
-<a href="http://seclists.org/lists/fulldisclosure/2004/Jun/0191.html">disclosed</a>
-by Thomas Walpuski
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">isakmpd(8)</a>
-is still vulnerable to unauthorized SA deletion.  An attacker can delete IPsec
-tunnels at will.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/012_isakmpd.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="cvs3"></a>
-<font color="#009000"><strong>011: SECURITY FIX: June 9, 2004</strong></font><br>
-Multiple remote vulnerabilities have been found in the
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&amp;apropos=0&amp;sektion=1&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">cvs(1)</a>
-server that allow an attacker to crash the server or possibly execute arbitrary
-code with the same privileges as the CVS server program.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/011_cvs3.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="fifofs"></a>
-<font color="#009000"><strong>010: RELIABILITY FIX: June 9, 2004</strong></font><br>
-A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in
-non-blocking mode for writing when there are no processes reading the FIFO.
-One program affected by this is the <a href="http://www.qmail.org/">qmail</a>
-mail server which could go into an infinite loop and consume all CPU.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/010_fifofs.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="kerberos"></a>
-<font color="#00900"><strong>009: SECURITY FIX: May 30,
-2004</strong></font><br>
-A flaw in the Kerberos V <a
-href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdc">kdc(8)</a>
-server could result in the administrator of a Kerberos realm having
-the ability to impersonate any principal in any other realm which
-has established a cross-realm trust with their realm. The flaw is due to
-inadequate checking of the "transited" field in a Kerberos request. For
-more details see <a href="http://www.pdc.kth.se/heimdal/advisory/2004-04-01/">
-Heimdal's announcement</a>. 
-<br>
-<a
-href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/009_kerberos.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="xdm"></a>
-<font color="#00900"><strong>008: SECURITY FIX: May 26,
-2004</strong></font><br>
-With the introduction of IPv6 code in
-<a
-href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&amp;apropos=0&amp;sektion=0&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">xdm(1)</a>,
-one test on the 'requestPort' resource was deleted by accident. This
-makes xdm create the chooser socket even if xdmcp is disabled in
-xdm-config, by setting requestPort to 0. See
-<a href="http://bugs.xfree86.org/show_bug.cgi?id=1376">XFree86
-bugzilla</a> for details. 
-<br>
-<a
-href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/008_xdm.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="cvs2"></a>
-<font color="#009000"><strong>007: SECURITY FIX: May 20,
-2004</strong></font><br>
-A heap overflow in the
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&amp;apropos=0&amp;sektion=1&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">cvs(1)</a>
-server has been discovered that can be exploited by clients sending
-malformed requests, enabling these clients to run arbitrary code
-with the same privileges as the CVS server program.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/007_cvs2.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="procfs"></a>
-<font color="#009000"><strong>006: SECURITY FIX: May 13,
-2004</strong></font><br>
-Check for integer overflow in procfs.  Use of procfs is not recommended.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="tcp"></a>
-<font color="#009000"><strong>005: RELIABILITY FIX: May 6,
-2004</strong></font><br>
-Reply to in-window SYN with a rate-limited ACK.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/005_tcp.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="scsi"></a>
-<font color="#009000"><strong>004: RELIABILITY FIX: May 5,
-2004</strong></font><br>
-Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e.
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">siop(4)</a>,
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trm&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">trm(4)</a>,
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iha&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">iha(4)</a>
-).
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/004_scsi.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="gdt"></a>
-<font color="#009000"><strong>003: RELIABILITY FIX: May 5,
-2004</strong></font><br>
-Under load "recent model"
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gdt&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">gdt(4)</a>
-controllers will lock up.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/003_gdt.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-<li><a name="cvs"></a>
-<font color="#009000"><strong>002: SECURITY FIX: May 5,
-2004</strong></font><br>
-Pathname validation problems have been found in
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&amp;apropos=0&amp;sektion=1&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">cvs(1)</a>,
-allowing malicious clients to create files outside the repository, allowing
-malicious servers to overwrite files outside the local CVS tree on
-the client and allowing clients to check out files outside the CVS
-repository.
-<br>
-<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch">
-A source code patch exists which remedies this problem</a>.<br>
-<p>
-</ul>
-<p>
-<a name="i386"></a>
-<h3><font color="#e00000">i386</font></h3>
-<ul>
 <li>No problems identified yet.
 </ul>
+
 <p>
 <a name="alpha"></a>
 <h3><font color="#e00000">alpha</font></h3>
@@ -297,36 +79,42 @@
 <li>No problems identified yet.
 </ul>
 <p>
-<a name="mac68k"></a>
-<h3><font color="#e00000">mac68k</font></h3>
+<a name="hp300"></a>
+<h3><font color="#e00000">hp300</font></h3>
 <ul>
 <li>No problems identified yet.
 </ul>
 <p>
-<a name="sparc"></a>
-<h3><font color="#e00000">sparc</font></h3>
+<a name="hppa"></a>
+<h3><font color="#e00000">hppa</font></h3>
 <ul>
 <li>No problems identified yet.
 </ul>
 <p>
-<a name="sparc64"></a>
-<h3><font color="#e00000">sparc64</font></h3>
+<a name="i386"></a>
+<h3><font color="#e00000">i386</font></h3>
 <ul>
 <li>No problems identified yet.
 </ul>
 <p>
-<a name="hppa"></a>
-<h3><font color="#e00000">hppa</font></h3>
+<a name="mvme88k"></a>
+<h3><font color="#e00000">luna88k</font></h3>
 <ul>
 <li>No problems identified yet.
 </ul>
 <p>
-<a name="hp300"></a>
-<h3><font color="#e00000">hp300</font></h3>
+<a name="mac68k"></a>
+<h3><font color="#e00000">mac68k</font></h3>
 <ul>
 <li>No problems identified yet.
 </ul>
 <p>
+<a name="macppc"></a>
+<h3><font color="#e00000">macppc</font></h3>
+<ul>
+<li>No problems identified yet.
+</ul>
+<p>
 <a name="mvme68k"></a>
 <h3><font color="#e00000">mvme68k</font></h3>
 <ul>
@@ -339,15 +127,16 @@
 <li>No problems identified yet.
 </ul>
 <p>
-<a name="macppc"></a>
-<h3><font color="#e00000">macppc</font></h3>
+<a name="sparc"></a>
+<h3><font color="#e00000">sparc</font></h3>
 <ul>
-<li><a name="autobook_package"></a>
-<font color="#009000"><strong>001: BROKEN PACKAGE ON CD: May 4, 2004</strong></font><br>
-The powerpc autobook-1.3.tgz package found on CD2 has been found to be corrupt,
-and will not extract.
-A replacement package can be found on the ftp sites.
+<li>No problems identified yet.
+</ul>
 <p>
+<a name="sparc64"></a>
+<h3><font color="#e00000">sparc64</font></h3>
+<ul>
+<li>No problems identified yet.
 </ul>
 <p>
 <a name="vax"></a>
@@ -376,13 +165,14 @@
 <a href="errata31.html">3.1</a>,
 <a href="errata32.html">3.2</a>,
 <a href="errata33.html">3.3</a>,
-<a href="errata34.html">3.4</a>.
+<a href="errata34.html">3.4</a>,
+<a href="errata35.html">3.5</a>.
 <br>
 
 <hr>
 <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
 <a href="mailto:www@openbsd.org">www@openbsd.org</a>
-<br><small>$OpenBSD: errata.html,v 1.511 2004/09/21 16:32:37 millert Exp $</small>
+<br><small>$OpenBSD: errata.html,v 1.512 2004/10/29 17:22:16 miod Exp $</small>
 
 </body>
 </html>
