===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.559
retrieving revision 1.560
diff -u -r1.559 -r1.560
--- www/errata.html	2006/07/30 17:35:57	1.559
+++ www/errata.html	2006/08/25 15:56:06	1.560
@@ -75,6 +75,52 @@
 <a name="vax"></a>
 <ul>
 
+<li><a name="isakmpd"></a>
+<font color="#009000"><strong>008: SECURITY FIX: August 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+A problem in
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a>
+caused IPsec to run partly without replay protection. If
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a>
+was acting as responder during SA negotiation, SA's with a replay window of size 0 were created.
+An attacker could reinject sniffed IPsec packets, which will be accepted without checking the
+replay counter.
+<br>
+<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/008_isakmpd.patch">
+A source code patch exists which remedies this problem</a>.<br>
+<p>
+
+<li><a name="sem"></a>
+<font color="#009000"><strong>007: SECURITY FIX: August 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+It is possible to cause the kernel to panic when more than the default number of
+sempahores have been allocated.
+<br>
+<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/007_sem.patch">
+A source code patch exists which remedies this problem</a>.<br>
+<p>
+
+<li><a name="dhcpd"></a>
+<font color="#009000"><strong>006: SECURITY FIX: August 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+Due to an off-by-one error in
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">dhcpd(8)</a>,
+it is possible to cause
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">dhcpd(8)</a>
+to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option.
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3122">CVE-2006-3122</a>
+<br>
+<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/006_dhcpd.patch">
+A source code patch exists which remedies this problem</a>.<br>
+<p>
+
+<li><a name="sendmail3"></a>
+<font color="#009000"><strong>005: SECURITY FIX: August 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+A potential denial of service problem has been found in sendmail. A message
+with really long header lines could trigger a use-after-free bug causing
+sendmail to crash.
+<br>
+<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/005_sendmail3.patch">
+A source code patch exists which remedies this problem</a>.<br>
+<p>
+
 <li><a name="httpd"></a>
 <font color="#009000"><strong>004: SECURITY FIX: July 30, 2006</strong></font> &nbsp; <i>All architectures</i><br>
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">httpd(8)</a>
@@ -154,7 +200,7 @@
 <hr>
 <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
 <a href="mailto:www@openbsd.org">www@openbsd.org</a>
-<br><small>$OpenBSD: errata.html,v 1.559 2006/07/30 17:35:57 brad Exp $</small>
+<br><small>$OpenBSD: errata.html,v 1.560 2006/08/25 15:56:06 brad Exp $</small>
 
 </body>
 </html>
