www/errata.html - diff

Return to errata.html CVS log

Up to [local] / www

Diff for /www/errata.html between version 1.459 and 1.460

-version 1.459, 2003/10/30 23:23:48
+version 1.460, 2003/10/31 01:28:11
 Line 55
 Line 55
 Line 55
  <a name=all></a>
  <li><h3><font color="#e00000">All architectures</font></h3>
  <ul>
+ <a name=httpd></a>
+ <li><font color="#009000"><strong>004: RELIABILITY FIX: October 29, 2003</strong></font><br>
+ A user with write permission to <tt>httpd.conf</tt> or a <tt>.htaccess</tt>
+ file can crash
+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;sektion=8">httpd(8)</a>
+ or potentially run arbitrary code as the user <tt>www</tt> (although it
+ is believed that ProPolice will prevent code execution).
+ <br>
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/004_httpd.patch">A source code patch exists which remedies the problem</a>.<br>
+ <p>
+ <a name=arp></a>
+ <li><font color="#009000"><strong>003: RELIABILITY FIX: October 1, 2003</strong></font><br>
+ It is possible for a local user to cause a system panic by flooding it with spoofed ARP
+ requests.<br>
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/003_arp.patch">A source code patch exists which remedies the problem</a>.<br>
+ <p>
+ <a name=asn1></a>
+ <li><font color="#009000"><strong>002: SECURITY FIX: October 1, 2003</strong></font><br>
+ The use of certain ASN.1 encodings or malformed public keys may allow an
+ attacker to mount a denial of service attack against applications linked with
+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&amp;sektion=3">ssl(3)</a>.
+ This does not affect OpenSSH.<br>
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/002_asn1.patch">A source code patch exists which remedies the problem</a>.<br>
+ <p>
  <a name=cd_booklet></a>
  <li><font color="#009000"><strong>001: DOCUMENTATION FIX: November 1, 2003</strong></font><br>
  The CD insert documentation has an incorrect example for package installation.<br>