===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata31.html,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- www/errata31.html	2014/03/31 03:36:54	1.60
+++ www/errata31.html	2014/03/31 16:02:48	1.61
@@ -78,7 +78,8 @@
 
 <ul>
 <li><a name="sendmail2"></a>
-<font color="#009000"><strong>027: SECURITY FIX: March 31, 2003</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>027: SECURITY FIX: March 31, 2003</strong></font>
+&nbsp; <i>All architectures</i><br>
 A buffer overflow in the address parsing in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&amp;sektion=8">sendmail(8)</a>
 may allow an attacker to gain root privileges.<br>
@@ -86,7 +87,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="kerberos"></a>
-<font color="#009000"><strong>026: SECURITY FIX: March 24, 2003</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>026: SECURITY FIX: March 24, 2003</strong></font>
+&nbsp; <i>All architectures</i><br>
 The cryptographic weaknesses in the Kerberos v4 protocol can be exploited
 on Kerberos v5 as well.
 <br>
@@ -94,7 +96,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="kpr"></a>
-<font color="#009000"><strong>025: SECURITY FIX: March 19, 2003</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>025: SECURITY FIX: March 19, 2003</strong></font>
+&nbsp; <i>All architectures</i><br>
 OpenSSL is vulnerable to an extension of the ``Bleichenbacher'' attack designed
 by Czech researchers Klima, Pokorny and Rosa.
 <br>
@@ -102,14 +105,16 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="blinding"></a>
-<font color="#009000"><strong>024: SECURITY FIX: March 18, 2003</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>024: SECURITY FIX: March 18, 2003</strong></font>
+&nbsp; <i>All architectures</i><br>
 Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.
 <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/024_blinding.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="lprm"></a>
-<font color="#009000"><strong>023: SECURITY FIX: March 5, 2003</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>023: SECURITY FIX: March 5, 2003</strong></font>
+&nbsp; <i>All architectures</i><br>
 A fix for an
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&amp;sektion=1">lprm(1)</a>
 bug made in 1996 contains an error that could lead to privilege escalation.
@@ -118,7 +123,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="sendmail"></a>
-<font color="#009000"><strong>022: SECURITY FIX: March 3, 2003</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>022: SECURITY FIX: March 3, 2003</strong></font>
+&nbsp; <i>All architectures</i><br>
 A buffer overflow in the envelope comments processing in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&amp;sektion=8">sendmail(8)</a>
 may allow an attacker to gain root privileges.<br>
@@ -126,7 +132,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="ssl2"></a>
-<font color="#009000"><strong>021: SECURITY FIX: February 23, 2003</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>021: SECURITY FIX: February 23, 2003</strong></font>
+&nbsp; <i>All architectures</i><br>
 In
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&amp;sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation
 even if incorrect block cipher padding has been found, this is a
@@ -135,7 +142,8 @@
 A source code patch exists which fixes these two issues</a>.
 <p>
 <li><a name="cvs"></a>
-<font color="#009000"><strong>020: SECURITY FIX: January 20, 2003</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>020: SECURITY FIX: January 20, 2003</strong></font>
+&nbsp; <i>All architectures</i><br>
 A double free in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&amp;sektion=1">cvs(1)</a>
 could allow an attacker to execute code with the privileges of the
@@ -147,7 +155,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="named"></a>
-<font color="#009000"><strong>019: SECURITY FIX: November 14, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>019: SECURITY FIX: November 14, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 A buffer overflow in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&amp;sektion=8">named(8)</a>
 could allow an attacker to execute code with the privileges of named.
@@ -157,7 +166,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="kernresource"></a>
-<font color="#009000"><strong>018: SECURITY FIX: November 6, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>018: SECURITY FIX: November 6, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 Incorrect argument checking in the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getrlimit&amp;sektion=2">getrlimit(2)</a>
 system call may allow an attacker to crash the kernel.<br>
@@ -165,7 +175,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="smrsh"></a>
-<font color="#009000"><strong>017: SECURITY FIX: November 6, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>017: SECURITY FIX: November 6, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 An attacker can bypass the restrictions imposed by sendmail's restricted shell,
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&amp;sektion=8">smrsh(8)</a>,
 and execute arbitrary commands with the privileges of his own account.<br>
@@ -173,7 +184,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="kadmin"></a>
-<font color="#009000"><strong>016: SECURITY FIX: October 21, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>016: SECURITY FIX: October 21, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 A buffer overflow can occur in the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&amp;sektion=8">kadmind(8)</a>
 daemon, leading to possible remote crash or exploit.<br>
@@ -181,14 +193,16 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="kerntime"></a>
-<font color="#009000"><strong>015: SECURITY FIX: October 2, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>015: SECURITY FIX: October 2, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 Incorrect argument checking in the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setitimer&amp;sektion=2">setitimer(2)</a> system call may allow an attacker to write to kernel memory.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/015_kerntime.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="scarg"></a>
-<font color="#009000"><strong>014: SECURITY FIX: August 11, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>014: SECURITY FIX: August 11, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 An insufficient boundary check in the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&amp;sektion=2">select(2)</a>
 system call allows an attacker to overwrite kernel memory and execute arbitrary
@@ -197,7 +211,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="ssl"></a>
-<font color="#009000"><strong>013: SECURITY FIX: July 30, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>013: SECURITY FIX: July 30, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&amp;sektion=8">ssl(8)</a>
 library, as in the ASN.1 parser code in the
@@ -209,7 +224,8 @@
 This is the second version of the patch.
 <p>
 <li><a name="xdr"></a>
-<font color="#009000"><strong>012: SECURITY FIX: July 29, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>012: SECURITY FIX: July 29, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 A buffer overflow can occur in the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&amp;sektion=3">xdr_array(3)</a>
 RPC code, leading to possible remote crash.<br>
@@ -219,7 +235,8 @@
 This is the second version of the patch.
 <p>
 <li><a name="pppd"></a>
-<font color="#009000"><strong>011: SECURITY FIX: July 29, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>011: SECURITY FIX: July 29, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 A race condition exists in the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&amp;sektion=8">pppd(8)</a>
 daemon which may cause it to alter the file permissions of an arbitrary file.<br>
@@ -227,7 +244,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="isakmpd"></a>
-<font color="#009000"><strong>010: RELIABILITY FIX: July 5, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>010: RELIABILITY FIX: July 5, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 Receiving IKE payloads out of sequence can cause
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&amp;sektion=8">isakmpd(8)</a> to crash.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/010_isakmpd.patch">
@@ -236,26 +254,30 @@
 This is the second version of the patch.
 <p>
 <li><a name="ktrace"></a>
-<font color="#009000"><strong>009: SECURITY FIX: June 27, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>009: SECURITY FIX: June 27, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 The kernel would let any user <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace&amp;sektion=2">ktrace(2)</a> set[ug]id processes.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/009_ktrace.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="modssl"></a>
-<font color="#009000"><strong>008: SECURITY FIX: June 26, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>008: SECURITY FIX: June 26, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd
 module, leading to possible remote crash or exploit.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/008_mod_ssl.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="resolver"></a>
-<font color="#009000"><strong>007: SECURITY FIX: June 25, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>007: SECURITY FIX: June 25, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 A potential buffer overflow in the DNS resolver has been found.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/007_resolver.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="sshd"></a>
-<font color="#009000"><strong>006: SECURITY FIX: June 24, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>006: SECURITY FIX: June 24, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation
 error that can result in an integer overflow and privilege escalation.
 This problem is fixed in <a href="http://www.openssh.com/openbsd.html">OpenSSH
@@ -263,14 +285,16 @@
 <a href="http://www.openssh.com/txt/preauth.adv">security advisory</a>.
 <p>
 <li><a name="httpd"></a>
-<font color="#009000"><strong>005: SECURITY FIX: June 19, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>005: SECURITY FIX: June 19, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 A buffer overflow can occur during the interpretation of chunked
 encoding in the http daemon, leading to possible remote crash or exploit.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="sshbsdauth"></a>
-<font color="#009000"><strong>004: SECURITY FIX: May 22, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>004: SECURITY FIX: May 22, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 Under certain conditions, on systems using YP with netgroups in the
 password database, it is possible that
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&amp;sektion=8">sshd(8)</a>
@@ -282,7 +306,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="fdalloc2"></a>
-<font color="#009000"><strong>003: SECURITY FIX: May 8, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>003: SECURITY FIX: May 8, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 A race condition exists where an attacker could fill the file descriptor
 table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
 setuid or setgid process.<br>
@@ -290,13 +315,15 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="sudo"></a>
-<font color="#009000"><strong>002: SECURITY FIX: April 25, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>002: SECURITY FIX: April 25, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 A bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&amp;sektion=8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/002_sudo.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="sshafs"></a>
-<font color="#009000"><strong>001: SECURITY FIX: April 22, 2002</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>001: SECURITY FIX: April 22, 2002</strong></font>
+&nbsp; <i>All architectures</i><br>
 A local user can gain super-user privileges due to a buffer overflow
 in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&amp;sektion=8">sshd(8)</a>
 if AFS has been configured on the system or if