===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata27.html,v
retrieving revision 1.68
retrieving revision 1.69
diff -c -r1.68 -r1.69
*** www/errata27.html	2014/03/31 04:11:40	1.68
--- www/errata27.html	2014/03/31 16:02:48	1.69
***************
*** 77,83 ****
  
  <ul>
  <li><a name="readline"></a>
! <font color="#009000"><strong>040: SECURITY FIX: Mar 18, 2001</strong></font> &nbsp; <i>All architectures</i><br>
  The readline library shipped with OpenBSD allows history files creation
  with a permissive
  <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umask&amp;sektion=2">umask(2)</a>.
--- 77,84 ----
  
  <ul>
  <li><a name="readline"></a>
! <font color="#009000"><strong>040: SECURITY FIX: Mar 18, 2001</strong></font>
! &nbsp; <i>All architectures</i><br>
  The readline library shipped with OpenBSD allows history files creation
  with a permissive
  <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umask&amp;sektion=2">umask(2)</a>.
***************
*** 90,96 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="sudo"></a>
! <font color="#009000"><strong>039: SECURITY FIX: Feb 22, 2001</strong></font> &nbsp; <i>All architectures</i><br>
  There is an exploitable heap corruption bug in
  <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&amp;sektion=8">sudo</a>.
  <br>
--- 91,98 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="sudo"></a>
! <font color="#009000"><strong>039: SECURITY FIX: Feb 22, 2001</strong></font>
! &nbsp; <i>All architectures</i><br>
  There is an exploitable heap corruption bug in
  <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&amp;sektion=8">sudo</a>.
  <br>
***************
*** 98,104 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="ftpd"></a>
! <font color="#009000"><strong>037: SECURITY FIX: Dec 4, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/037_ftpd.patch">
  A source code patch exists which remedies this problem.</a>
--- 100,107 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="ftpd"></a>
! <font color="#009000"><strong>037: SECURITY FIX: Dec 4, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/037_ftpd.patch">
  A source code patch exists which remedies this problem.</a>
***************
*** 110,116 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="sshforwarding"> </a>
! <font color="#009000"><strong>035: SECURITY FIX: Nov 10, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  Hostile servers can force OpenSSH clients to do agent or X11 forwarding.
  This problem is fixed as of OpenSSH 2.3.0.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/035_sshforwarding.patch">
--- 113,120 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="sshforwarding"> </a>
! <font color="#009000"><strong>035: SECURITY FIX: Nov 10, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  Hostile servers can force OpenSSH clients to do agent or X11 forwarding.
  This problem is fixed as of OpenSSH 2.3.0.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/035_sshforwarding.patch">
***************
*** 124,136 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="execsubr"> </a>
! <font color="#009000"><strong>033: RELIABILITY FIX: Nov 6, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  Invalid fields in the exec header could cause a crash.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/033_execsubr.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="xtrans"> </a>
! <font color="#009000"><strong>032: SECURITY FIX: Oct 26, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  There are two possibly exploitable potential buffer overflows in the X11
  libraries using the xtrans code. One of these vulnerabilities was
  reported to the
--- 128,142 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="execsubr"> </a>
! <font color="#009000"><strong>033: RELIABILITY FIX: Nov 6, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  Invalid fields in the exec header could cause a crash.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/033_execsubr.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="xtrans"> </a>
! <font color="#009000"><strong>032: SECURITY FIX: Oct 26, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  There are two possibly exploitable potential buffer overflows in the X11
  libraries using the xtrans code. One of these vulnerabilities was
  reported to the
***************
*** 141,147 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="httpd"></a>
! <font color="#009000"><strong>031: SECURITY FIX: Oct 18, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  Apache has several bugs in <tt>mod_rewrite</tt> and <tt>mod_vhost_alias</tt>
  that could cause arbitrary files accessible to the www user on the server
  to be exposed under certain configurations when these modules are used.
--- 147,154 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="httpd"></a>
! <font color="#009000"><strong>031: SECURITY FIX: Oct 18, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  Apache has several bugs in <tt>mod_rewrite</tt> and <tt>mod_vhost_alias</tt>
  that could cause arbitrary files accessible to the www user on the server
  to be exposed under certain configurations when these modules are used.
***************
*** 151,157 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="telnetd"></a>
! <font color="#009000"><strong>030: SECURITY FIX: Oct 10, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH
  and TERMCAP (when it starts with a '/') environment variables.
  <br>
--- 158,165 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="telnetd"></a>
! <font color="#009000"><strong>030: SECURITY FIX: Oct 10, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH
  and TERMCAP (when it starts with a '/') environment variables.
  <br>
***************
*** 159,179 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="sendmail"></a>
! <font color="#009000"><strong>029: RELIABILITY FIX: Oct 9, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  There is a non-exploitable buffer overflow in sendmail's test mode.
  <br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/029_sendmail.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="format_strings"></a>
! <font color="#009000"><strong>028: SECURITY FIX: Oct 6, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  There are printf-style format string bugs in several privileged programs.
  <br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="curses"></a>
! <font color="#009000"><strong>027: SECURITY FIX: Oct 6, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  libcurses honored terminal descriptions in the $HOME/.terminfo directory
  as well as in the TERMCAP environment variable for setuid and setgid
  applications.
--- 167,190 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="sendmail"></a>
! <font color="#009000"><strong>029: RELIABILITY FIX: Oct 9, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  There is a non-exploitable buffer overflow in sendmail's test mode.
  <br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/029_sendmail.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="format_strings"></a>
! <font color="#009000"><strong>028: SECURITY FIX: Oct 6, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  There are printf-style format string bugs in several privileged programs.
  <br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="curses"></a>
! <font color="#009000"><strong>027: SECURITY FIX: Oct 6, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  libcurses honored terminal descriptions in the $HOME/.terminfo directory
  as well as in the TERMCAP environment variable for setuid and setgid
  applications.
***************
*** 182,188 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="talkd"></a>
! <font color="#009000"><strong>026: SECURITY FIX: Oct 6, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  A format string vulnerability exists in talkd(8).  It is not clear
  yet what the impact is.
  <br>
--- 193,200 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="talkd"></a>
! <font color="#009000"><strong>026: SECURITY FIX: Oct 6, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  A format string vulnerability exists in talkd(8).  It is not clear
  yet what the impact is.
  <br>
***************
*** 190,196 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="pw_error"></a>
! <font color="#009000"><strong>025: SECURITY FIX: Oct 3, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  A format string vulnerability exists in the pw_error(3) function.  This
  manifests itself as a security hole in the chpass utility.  As a workaround
  which disables its functionality, do
--- 202,209 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="pw_error"></a>
! <font color="#009000"><strong>025: SECURITY FIX: Oct 3, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  A format string vulnerability exists in the pw_error(3) function.  This
  manifests itself as a security hole in the chpass utility.  As a workaround
  which disables its functionality, do
***************
*** 201,213 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="ipsec"></a>
! <font color="#009000"><strong>024: SECURITY FIX: Sep 18, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  Bad ESP/AH packets could cause a crash under certain conditions.
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/024_ipsec.patch"><br>
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="xlock"></a>
! <font color="#009000"><strong>023: SECURITY FIX: Aug 16, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  A format string vulnerability exists in xlock. As a workaround which disables
  its functionality, do
  <pre>
--- 214,228 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="ipsec"></a>
! <font color="#009000"><strong>024: SECURITY FIX: Sep 18, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  Bad ESP/AH packets could cause a crash under certain conditions.
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/024_ipsec.patch"><br>
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="xlock"></a>
! <font color="#009000"><strong>023: SECURITY FIX: Aug 16, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  A format string vulnerability exists in xlock. As a workaround which disables
  its functionality, do
  <pre>
***************
*** 236,242 ****
  reboot your machine and it will generate ssh keys correctly.
  <p>
  <li><a name="X11_libs"></a>
! <font color="#009000"><strong>021: SECURITY FIX: July 14, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  Various problems in X11 libraries have various side effects.  We provide a
  jumbo patch to fix them.<p>
  <ul>
--- 251,258 ----
  reboot your machine and it will generate ssh keys correctly.
  <p>
  <li><a name="X11_libs"></a>
! <font color="#009000"><strong>021: SECURITY FIX: July 14, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  Various problems in X11 libraries have various side effects.  We provide a
  jumbo patch to fix them.<p>
  <ul>
***************
*** 281,287 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="ftpd"></a>
! <font color="#009000"><strong>019: SECURITY FIX: July 5, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  Just like pretty much all the other unix ftp daemons on the planet,
  ftpd had a remote root hole in it.  Luckily, ftpd was not enabled by default.
  The problem exists if anonymous ftp is enabled.
--- 297,304 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="ftpd"></a>
! <font color="#009000"><strong>019: SECURITY FIX: July 5, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  Just like pretty much all the other unix ftp daemons on the planet,
  ftpd had a remote root hole in it.  Luckily, ftpd was not enabled by default.
  The problem exists if anonymous ftp is enabled.
***************
*** 290,303 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="mopd"></a>
! <font color="#009000"><strong>018: SECURITY FIX: July 5, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  Mopd contained a buffer overflow.
  <br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/018_mopd.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="screen"></a>
! <font color="#009000"><strong>017: INSTALLATION FIX: July 3, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  The screen package shipped with 2.7 does not install itself properly.  The
  existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to
  screen-3.9.5.tgz.old and a replacement package has been provided under the
--- 307,322 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="mopd"></a>
! <font color="#009000"><strong>018: SECURITY FIX: July 5, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  Mopd contained a buffer overflow.
  <br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/018_mopd.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="screen"></a>
! <font color="#009000"><strong>017: INSTALLATION FIX: July 3, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  The screen package shipped with 2.7 does not install itself properly.  The
  existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to
  screen-3.9.5.tgz.old and a replacement package has been provided under the
***************
*** 338,344 ****
  This is the second revision of the patch.
  <p>
  <li><a name="libedit"></a>
! <font color="#009000"><strong>013: SECURITY FIX: June 28, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  libedit would check for a <b>.editrc</b> file in the current directory.
  That behaviour is not nice; this does not turn into a security problem in
  any real world situation that we know of, but a patch is available anyways.
--- 357,364 ----
  This is the second revision of the patch.
  <p>
  <li><a name="libedit"></a>
! <font color="#009000"><strong>013: SECURITY FIX: June 28, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  libedit would check for a <b>.editrc</b> file in the current directory.
  That behaviour is not nice; this does not turn into a security problem in
  any real world situation that we know of, but a patch is available anyways.
***************
*** 347,353 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="dhclient"></a>
! <font color="#009000"><strong>012: SECURITY FIX: June 24, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  A serious bug in dhclient(8) could allow strings from a malicious dhcp
  server to be executed in the shell as root.
  <br>
--- 367,374 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="dhclient"></a>
! <font color="#009000"><strong>012: SECURITY FIX: June 24, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  A serious bug in dhclient(8) could allow strings from a malicious dhcp
  server to be executed in the shell as root.
  <br>
***************
*** 387,393 ****
  The FTP area sets do not suffer from this problem.
  <p>
  <li><a name="isakmpd"></a>
! <font color="#009000"><strong>009: SECURITY FIX: June 9, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  A serious bug in isakmpd(8) policy handling wherein policy
  verification could be completely bypassed in isakmpd.
  <br>
--- 408,415 ----
  The FTP area sets do not suffer from this problem.
  <p>
  <li><a name="isakmpd"></a>
! <font color="#009000"><strong>009: SECURITY FIX: June 9, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  A serious bug in isakmpd(8) policy handling wherein policy
  verification could be completely bypassed in isakmpd.
  <br>
***************
*** 395,421 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="msdosfs"></a>
! <font color="#009000"><strong>008: RELIABILITY FIX: June 8, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  Some operations in msdosfs could result in a system panic.
  <br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/008_msdosfs.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="cd9660"></a>
! <font color="#009000"><strong>007: RELIABILITY FIX: June 8, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  NFS exporting of CD filesystems caused a system panic.
  <br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/007_cd9660.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="uselogin"></a>
! <font color="#009000"><strong>006: SECURITY FIX: June 6, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  The non-default UseLogin feature in <b>/etc/sshd_config</b> is broken and should not
  be used.  On other operating systems, it results in a hole.<br>
  Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
  <p>
  <li><a name="ipopts"></a>
! <font color="#009000"><strong>005: RELIABILITY FIX: May 29, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  Parse IPv4 options more carefully.  It is not yet clear if this can even be used
  to crash the machine remote or locally.
  <br>
--- 417,447 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="msdosfs"></a>
! <font color="#009000"><strong>008: RELIABILITY FIX: June 8, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  Some operations in msdosfs could result in a system panic.
  <br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/008_msdosfs.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="cd9660"></a>
! <font color="#009000"><strong>007: RELIABILITY FIX: June 8, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  NFS exporting of CD filesystems caused a system panic.
  <br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/007_cd9660.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="uselogin"></a>
! <font color="#009000"><strong>006: SECURITY FIX: June 6, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  The non-default UseLogin feature in <b>/etc/sshd_config</b> is broken and should not
  be used.  On other operating systems, it results in a hole.<br>
  Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
  <p>
  <li><a name="ipopts"></a>
! <font color="#009000"><strong>005: RELIABILITY FIX: May 29, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  Parse IPv4 options more carefully.  It is not yet clear if this can even be used
  to crash the machine remote or locally.
  <br>
***************
*** 423,436 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="route"></a>
! <font color="#009000"><strong>004: RELIABILITY FIX: May 29, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  Certain routing table modifications by the superuser could cause a system panic.
  <br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/004_route.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="bridge"></a>
! <font color="#009000"><strong>003: SECURITY FIX: May 26, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  It is possible to bypass the <i>learning</i> flag on an interface if frames
  go directly to the machine acting as a
  <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&amp;sektion=4">bridge</a>.
--- 449,464 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="route"></a>
! <font color="#009000"><strong>004: RELIABILITY FIX: May 29, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  Certain routing table modifications by the superuser could cause a system panic.
  <br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/004_route.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="bridge"></a>
! <font color="#009000"><strong>003: SECURITY FIX: May 26, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  It is possible to bypass the <i>learning</i> flag on an interface if frames
  go directly to the machine acting as a
  <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&amp;sektion=4">bridge</a>.
***************
*** 439,445 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="ef"></a>
! <font color="#009000"><strong>002: DRIVER FIX: May 26, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  The
  <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ef&amp;sektion=4">ef(4)</a>
  driver will complain when adding an address with ifconfig
--- 467,474 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="ef"></a>
! <font color="#009000"><strong>002: DRIVER FIX: May 26, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  The
  <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ef&amp;sektion=4">ef(4)</a>
  driver will complain when adding an address with ifconfig
***************
*** 448,454 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="ipf"></a>
! <font color="#009000"><strong>001: SECURITY FIX: May 25, 2000</strong></font> &nbsp; <i>All architectures</i><br>
  A misuse of ipf(8)
  <i>keep-state</i> rules can result in firewall rules being bypassed.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/001_ipf.patch">
--- 477,484 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  <li><a name="ipf"></a>
! <font color="#009000"><strong>001: SECURITY FIX: May 25, 2000</strong></font>
! &nbsp; <i>All architectures</i><br>
  A misuse of ipf(8)
  <i>keep-state</i> rules can result in firewall rules being bypassed.<br>
  <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/001_ipf.patch">