===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.399
retrieving revision 1.400
diff -u -r1.399 -r1.400
--- www/errata.html 2002/06/26 11:01:06 1.399
+++ www/errata.html 2002/06/26 19:07:53 1.400
@@ -49,6 +49,12 @@
All architectures
+
+- 008: SECURITY FIX: June 26, 2002
+A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd
+module, leading to possible remote crash.
+A source code patch exists which remedies the problem.
+
- 007: SECURITY FIX: June 25, 2002
A potential buffer overflow in the DNS resolver has been found.
@@ -56,13 +62,12 @@
- 006: SECURITY FIX: June 24, 2002
-An (as yet) undisclosed bug exists in OpenSSH, which a patch is not forthcoming
-for yet -- no patch exists yet!
-However, upgrading to OpenSSH 3.3
-with the UsePrivilegeSeparation option enabled will block this
-problem.
-All users are advised to update immediately, and keep an eye out for
-an upcoming OpenSSH 3.4 release on Monday containing a real fix.
+All versions of OpenSSH's sshd between 2.9.9 and 3.3 contain an input validation
+error that can result in an integer overflow and privilege escalation.
+This problem is fixed in OpenSSH
+3.4, and a patch for the vulnerable releases is available as part of the
+security advisory.
+
- 005: SECURITY FIX: June 19, 2002
@@ -185,7 +190,7 @@
www@openbsd.org
-
$OpenBSD: errata.html,v 1.399 2002/06/26 11:01:06 espie Exp $
+
$OpenBSD: errata.html,v 1.400 2002/06/26 19:07:53 miod Exp $