=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata38.html,v retrieving revision 1.14 retrieving revision 1.15 diff -c -r1.14 -r1.15 *** www/errata38.html 2006/09/09 03:30:07 1.14 --- www/errata38.html 2006/09/09 13:05:53 1.15 *************** *** 106,112 **** 014: SECURITY FIX: September 2, 2006   All architectures
Due to the failure to correctly validate LCP configuration option lengths, it is possible for an attacker to send LCP packets via an ! sppp(4) connection causing the kernel to panic. CVE-2006-4304
--- 106,112 ---- 014: SECURITY FIX: September 2, 2006   All architectures
Due to the failure to correctly validate LCP configuration option lengths, it is possible for an attacker to send LCP packets via an ! sppp(4) connection causing the kernel to panic. CVE-2006-4304
*************** *** 117,125 ****
  • 013: SECURITY FIX: August 25, 2006   All architectures
    A problem in ! isakmpd(8) caused IPsec to run partly without replay protection. If ! isakmpd(8) was acting as responder during SA negotiation, SA's with a replay window of size 0 were created. An attacker could reinject sniffed IPsec packets, which will be accepted without checking the replay counter. --- 117,125 ----
  • 013: SECURITY FIX: August 25, 2006   All architectures
    A problem in ! isakmpd(8) caused IPsec to run partly without replay protection. If ! isakmpd(8) was acting as responder during SA negotiation, SA's with a replay window of size 0 were created. An attacker could reinject sniffed IPsec packets, which will be accepted without checking the replay counter. *************** *** 140,148 ****
  • 011: SECURITY FIX: August 25, 2006   All architectures
    Due to an off-by-one error in ! dhcpd(8), it is possible to cause ! dhcpd(8) to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option. CVE-2006-3122
    --- 140,148 ----
  • 011: SECURITY FIX: August 25, 2006   All architectures
    Due to an off-by-one error in ! dhcpd(8), it is possible to cause ! dhcpd(8) to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option. CVE-2006-3122
    *************** *** 162,170 ****
  • 009: SECURITY FIX: July 30, 2006   All architectures
    ! httpd ! (8) ! 's mod_rewrite has a potentially exploitable off-by-one buffer overflow. The buffer overflow may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. The default install is not affected by the --- 162,169 ----
  • 009: SECURITY FIX: July 30, 2006   All architectures
    ! httpd(8)'s ! mod_rewrite has a potentially exploitable off-by-one buffer overflow. The buffer overflow may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. The default install is not affected by the *************** *** 296,302 ****
    OpenBSD www@openbsd.org !
    $OpenBSD: errata38.html,v 1.14 2006/09/09 03:30:07 brad Exp $ --- 295,301 ----
    OpenBSD www@openbsd.org !
    $OpenBSD: errata38.html,v 1.15 2006/09/09 13:05:53 steven Exp $