===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.205
retrieving revision 1.206
diff -u -r1.205 -r1.206
--- www/errata.html 1999/11/17 15:08:39 1.205
+++ www/errata.html 1999/12/03 00:34:25 1.206
@@ -36,6 +36,31 @@
All architectures
+
+- SECURITY FIX: Dec 2, 1999
+A buffer overflow in the RSAREF code included in the
+USA version of the libssl package (called sslUSA, is
+possibly exploitable in httpd, ssh, or isakmpd, if SSL/RSA features
+are enabled or used.
+NOTE: International users using the ssl26 package are not affected.
+
+To check what package you are using, use
+
+# pkg_info sslUSA26
+
+The patched library says:
+"ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA"
+
+Non-commercial USA users who installed the ssl package before December 2
+should upgrade their sslUSA26 package using:
+
+# pkg_delete sslUSA26
+# pkg_add -v sslUSA26.tar.gz
+
+Using the new sslUSA26.tar.gz files which have been placed
+on the FTP mirrors.
+For more information, see the advisory.
+
- FUNCTIONALITY ADDITION: Nov 14, 1999
Fortran doesn't work right. The file /usr/include/g2c.h is missing in the
@@ -179,7 +204,7 @@
www@openbsd.org
-
$OpenBSD: errata.html,v 1.205 1999/11/17 15:08:39 deraadt Exp $
+
$OpenBSD: errata.html,v 1.206 1999/12/03 00:34:25 deraadt Exp $