===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata38.html,v
retrieving revision 1.16
retrieving revision 1.17
diff -c -r1.16 -r1.17
*** www/errata38.html 2006/09/27 10:37:09 1.16
--- www/errata38.html 2006/10/07 18:07:36 1.17
***************
*** 74,79 ****
--- 74,118 ----
+ -
+ 019: SECURITY FIX: October 7, 2006 All architectures
+ Fix for an integer overflow in systrace's STRIOCREPLACE support, found by
+ Chris Evans. This could be exploited for DoS, limited kmem reads or local
+ privilege escalation.
+
+
+ A source code patch exists which remedies this problem.
+
+
+
-
+ 018: SECURITY FIX: October 7, 2006 All architectures
+ Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
+ structures an error condition is mishandled, possibly resulting in an infinite
+ loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
+ pointer may be dereferenced in the SSL version 2 client code. In addition, many
+ applications using OpenSSL do not perform any validation of the lengths of
+ public keys being used.
+ CVE-2006-2937,
+ CVE-2006-3738,
+ CVE-2006-4343,
+ CVE-2006-2940
+
+
+ A source code patch exists which remedies this problem.
+
+
+
-
+ 017: SECURITY FIX: October 7, 2006 All architectures
+ httpd(8)
+ does not sanitize the Expect header from an HTTP request when it is
+ reflected back in an error message, which might allow cross-site scripting (XSS)
+ style attacks.
+ CVE-2006-3918
+
+
+ A source code patch exists which remedies this problem.
+
+
-
016: SECURITY FIX: September 8, 2006 All architectures
Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for
***************
*** 294,300 ****
www@openbsd.org
!
$OpenBSD: errata38.html,v 1.16 2006/09/27 10:37:09 tom Exp $