+027: RELIABILITY FIX: January 11, 2005
A bug in the tcp(4) stack allows an invalid argument to be used in calculating the TCP @@ -69,6 +69,20 @@ A source code patch exists which remedies this problem.
+
+httpd(8) +'s mod_include module fails to properly validate the length of +user supplied tag strings prior to copying them to a local buffer, +causing a buffer overflow. +
+This would require enabling the XBitHack directive or server-side +includes and making use of a malicious document. +
+ +A source code patch exists which remedies this problem.
+
+
The @@ -450,7 +464,7 @@
www@openbsd.org
-$OpenBSD: errata35.html,v 1.13 2005/01/12 06:36:53 mcbride Exp $ +
$OpenBSD: errata35.html,v 1.14 2005/01/12 15:08:02 brad Exp $