===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.459
retrieving revision 1.460
diff -u -r1.459 -r1.460
--- www/errata.html 2003/10/30 23:23:48 1.459
+++ www/errata.html 2003/10/31 01:28:11 1.460
@@ -55,6 +55,30 @@
All architectures
+
+- 004: RELIABILITY FIX: October 29, 2003
+A user with write permission to httpd.conf or a .htaccess
+file can crash
+httpd(8)
+or potentially run arbitrary code as the user www (although it
+is believed that ProPolice will prevent code execution).
+
+A source code patch exists which remedies the problem.
+
+
+
- 003: RELIABILITY FIX: October 1, 2003
+It is possible for a local user to cause a system panic by flooding it with spoofed ARP
+requests.
+A source code patch exists which remedies the problem.
+
+
+
- 002: SECURITY FIX: October 1, 2003
+The use of certain ASN.1 encodings or malformed public keys may allow an
+attacker to mount a denial of service attack against applications linked with
+ssl(3).
+This does not affect OpenSSH.
+A source code patch exists which remedies the problem.
+
- 001: DOCUMENTATION FIX: November 1, 2003
The CD insert documentation has an incorrect example for package installation.
@@ -154,7 +178,7 @@
www@openbsd.org
-
$OpenBSD: errata.html,v 1.459 2003/10/30 23:23:48 deraadt Exp $
+
$OpenBSD: errata.html,v 1.460 2003/10/31 01:28:11 margarida Exp $