===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata22.html,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- www/errata22.html 1998/05/05 18:44:38 1.7
+++ www/errata22.html 1998/05/05 18:47:27 1.8
@@ -29,20 +29,21 @@
SECURITY FIX
If IPSEC communication is attempted by starting photurisd(8) (which is
-disabled by default), a system crash may be evoked from remote.
+disabled by default), a system crash may be evoked from remote if
+an attacker uses some classes of invalid packets.
A source code patch exists which remedies this problem.
SECURITY FIX
As stated in CERT advisory VB-98.04, there are buffer
-overrun problems in xterm
-related to the input-Method, preeditType, and *Keymap resources, and
-buffer overruns in the Xaw
-library related to the inputMethod and preeditType resources.
-The xterm problem represents a security vulnerability for any platform
-where xterm is installed setuid-root (as is the case for all OpenBSD
-platforms). The Xaw problem represents a security vulnerability for
-any setuid-root program that uses the Xaw library (including xterm).
-Patch1 from XFree86 3.3.2 corrects these problems.
+overrun problems in xterm related to the input-Method,
+preeditType, and *Keymap resources. Additional buffer overruns exist in
+the Xaw library related to the inputMethod and
+preeditType resources. The xterm(1) problem represents a security
+vulnerability for any platform where xterm is installed setuid-root
+(as is the case for all OpenBSD platforms). The Xaw problem represents
+a security vulnerability for any setuid-root program that uses the Xaw
+library (including xterm). Patch1 from XFree86 3.3.2 corrects
+these problems.
We provide a version of this patch file specifically for the OpenBSD 2.2 tree.
@@ -334,7 +335,7 @@
www@openbsd.org
-
$OpenBSD: errata22.html,v 1.7 1998/05/05 18:44:38 deraadt Exp $
+
$OpenBSD: errata22.html,v 1.8 1998/05/05 18:47:27 deraadt Exp $