=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata22.html,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- www/errata22.html 1998/05/05 18:44:38 1.7 +++ www/errata22.html 1998/05/05 18:47:27 1.8 @@ -29,20 +29,21 @@
  • SECURITY FIX
    If IPSEC communication is attempted by starting photurisd(8) (which is -disabled by default), a system crash may be evoked from remote. +disabled by default), a system crash may be evoked from remote if +an attacker uses some classes of invalid packets. A source code patch exists which remedies this problem.
  • SECURITY FIX
    As stated in CERT advisory VB-98.04, there are buffer -overrun problems in xterm -related to the input-Method, preeditType, and *Keymap resources, and -buffer overruns in the Xaw -library related to the inputMethod and preeditType resources. -The xterm problem represents a security vulnerability for any platform -where xterm is installed setuid-root (as is the case for all OpenBSD -platforms). The Xaw problem represents a security vulnerability for -any setuid-root program that uses the Xaw library (including xterm). -Patch1 from XFree86 3.3.2 corrects these problems. +overrun problems in xterm related to the input-Method, +preeditType, and *Keymap resources. Additional buffer overruns exist in +the Xaw library related to the inputMethod and +preeditType resources. The xterm(1) problem represents a security +vulnerability for any platform where xterm is installed setuid-root +(as is the case for all OpenBSD platforms). The Xaw problem represents +a security vulnerability for any setuid-root program that uses the Xaw +library (including xterm). Patch1 from XFree86 3.3.2 corrects +these problems. We provide a version of this patch file specifically for the OpenBSD 2.2 tree.

    @@ -334,7 +335,7 @@ OpenBSD www@openbsd.org -
    $OpenBSD: errata22.html,v 1.7 1998/05/05 18:44:38 deraadt Exp $ +
    $OpenBSD: errata22.html,v 1.8 1998/05/05 18:47:27 deraadt Exp $