===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata38.html,v
retrieving revision 1.14
retrieving revision 1.15
diff -c -r1.14 -r1.15
*** www/errata38.html 2006/09/09 03:30:07 1.14
--- www/errata38.html 2006/09/09 13:05:53 1.15
***************
*** 106,112 ****
014: SECURITY FIX: September 2, 2006 All architectures
Due to the failure to correctly validate LCP configuration option lengths,
it is possible for an attacker to send LCP packets via an
! sppp(4)
connection causing the kernel to panic.
CVE-2006-4304
--- 106,112 ----
014: SECURITY FIX: September 2, 2006 All architectures
Due to the failure to correctly validate LCP configuration option lengths,
it is possible for an attacker to send LCP packets via an
! sppp(4)
connection causing the kernel to panic.
CVE-2006-4304
***************
*** 117,125 ****
013: SECURITY FIX: August 25, 2006 All architectures
A problem in
! isakmpd(8)
caused IPsec to run partly without replay protection. If
! isakmpd(8)
was acting as responder during SA negotiation, SA's with a replay window of size 0 were created.
An attacker could reinject sniffed IPsec packets, which will be accepted without checking the
replay counter.
--- 117,125 ----
013: SECURITY FIX: August 25, 2006 All architectures
A problem in
! isakmpd(8)
caused IPsec to run partly without replay protection. If
! isakmpd(8)
was acting as responder during SA negotiation, SA's with a replay window of size 0 were created.
An attacker could reinject sniffed IPsec packets, which will be accepted without checking the
replay counter.
***************
*** 140,148 ****
011: SECURITY FIX: August 25, 2006 All architectures
Due to an off-by-one error in
! dhcpd(8),
it is possible to cause
! dhcpd(8)
to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option.
CVE-2006-3122
--- 140,148 ----
011: SECURITY FIX: August 25, 2006 All architectures
Due to an off-by-one error in
! dhcpd(8),
it is possible to cause
! dhcpd(8)
to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option.
CVE-2006-3122
***************
*** 162,170 ****
009: SECURITY FIX: July 30, 2006 All architectures
! httpd
! (8)
! 's mod_rewrite has a potentially exploitable off-by-one buffer overflow.
The buffer overflow may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration files,
could be triggered remotely. The default install is not affected by the
--- 162,169 ----
009: SECURITY FIX: July 30, 2006 All architectures
! httpd(8)'s
! mod_rewrite has a potentially exploitable off-by-one buffer overflow.
The buffer overflow may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration files,
could be triggered remotely. The default install is not affected by the
***************
*** 296,302 ****
www@openbsd.org
!
$OpenBSD: errata38.html,v 1.14 2006/09/09 03:30:07 brad Exp $