===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata38.html,v
retrieving revision 1.16
retrieving revision 1.17
diff -c -r1.16 -r1.17
*** www/errata38.html	2006/09/27 10:37:09	1.16
--- www/errata38.html	2006/10/07 18:07:36	1.17
***************
*** 74,79 ****
--- 74,118 ----
  <a name="vax"></a>
  <ul>
  
+ <li><a name="systrace"></a>
+ <font color="#009000"><strong>019: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+ Fix for an integer overflow in systrace's STRIOCREPLACE support, found by
+ Chris Evans. This could be exploited for DoS, limited kmem reads or local
+ privilege escalation.
+ <br>
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/019_systrace.patch">
+ A source code patch exists which remedies this problem</a>.<br>
+ <p>
+ 
+ <li><a name="openssl2"></a>
+ <font color="#009000"><strong>018: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+ Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
+ structures an error condition is mishandled, possibly resulting in an infinite
+ loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
+ pointer may be dereferenced in the SSL version 2 client code. In addition, many
+ applications using OpenSSL do not perform any validation of the lengths of
+ public keys being used.
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937">CVE-2006-2937</a>,
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738">CVE-2006-3738</a>,
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343">CVE-2006-4343</a>,
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940">CVE-2006-2940</a>
+ <br>
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/018_openssl2.patch">
+ A source code patch exists which remedies this problem</a>.<br>
+ <p>
+ 
+ <li><a name="httpd2"></a>
+ <font color="#009000"><strong>017: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;sektion=8">httpd(8)</a>
+ does not sanitize the Expect header from an HTTP request when it is
+ reflected back in an error message, which might allow cross-site scripting (XSS)
+ style attacks.
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918">CVE-2006-3918</a>
+ <br>
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/017_httpd2.patch">
+ A source code patch exists which remedies this problem</a>.<br>
+ <p>
+ 
  <li><a name="openssl"></a>
  <font color="#009000"><strong>016: SECURITY FIX: September 8, 2006</strong></font> &nbsp; <i>All architectures</i><br>
  Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for
***************
*** 294,300 ****
  <hr>
  <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
! <br><small>$OpenBSD: errata38.html,v 1.16 2006/09/27 10:37:09 tom Exp $</small>
  
  </body>
  </html>
--- 333,339 ----
  <hr>
  <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
! <br><small>$OpenBSD: errata38.html,v 1.17 2006/10/07 18:07:36 brad Exp $</small>
  
  </body>
  </html>