=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.102 retrieving revision 1.103 diff -u -r1.102 -r1.103 --- www/errata.html 1998/05/05 18:44:36 1.102 +++ www/errata.html 1998/05/05 18:47:25 1.103 @@ -30,21 +30,22 @@
  • SECURITY FIX
    If IPSEC communication is attempted by starting photurisd(8) (which is -disabled by default), a system crash may be evoked from remote. +disabled by default), a system crash may be evoked from remote if +an attacker uses some classes of invalid packets. A source code patch exists which remedies this problem.
  • SECURITY FIX
    As stated in CERT advisory VB-98.04, there are buffer -overrun problems in xterm -related to the input-Method, preeditType, and *Keymap resources, and -buffer overruns in the Xaw -library related to the inputMethod and preeditType resources. -The xterm problem represents a security vulnerability for any platform -where xterm is installed setuid-root (as is the case for all OpenBSD -platforms). The Xaw problem represents a security vulnerability for -any setuid-root program that uses the Xaw library (including xterm). -Patch1 from XFree86 3.3.2 corrects these problems. +overrun problems in xterm related to the input-Method, +preeditType, and *Keymap resources. Additional buffer overruns exist in +the Xaw library related to the inputMethod and +preeditType resources. The xterm(1) problem represents a security +vulnerability for any platform where xterm is installed setuid-root +(as is the case for all OpenBSD platforms). The Xaw problem represents +a security vulnerability for any setuid-root program that uses the Xaw +library (including xterm). Patch1 from XFree86 3.3.2 corrects +these problems. We provide a version of this patch file specifically for the OpenBSD 2.3 tree.

    @@ -136,7 +137,7 @@

    OpenBSD www@openbsd.org -
    $OpenBSD: errata.html,v 1.102 1998/05/05 18:44:36 deraadt Exp $ +
    $OpenBSD: errata.html,v 1.103 1998/05/05 18:47:25 deraadt Exp $