===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata38.html,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- www/errata38.html	2006/09/27 10:37:09	1.16
+++ www/errata38.html	2006/10/07 18:07:36	1.17
@@ -74,6 +74,45 @@
 <a name="vax"></a>
 <ul>
 
+<li><a name="systrace"></a>
+<font color="#009000"><strong>019: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+Fix for an integer overflow in systrace's STRIOCREPLACE support, found by
+Chris Evans. This could be exploited for DoS, limited kmem reads or local
+privilege escalation.
+<br>
+<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/019_systrace.patch">
+A source code patch exists which remedies this problem</a>.<br>
+<p>
+
+<li><a name="openssl2"></a>
+<font color="#009000"><strong>018: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
+structures an error condition is mishandled, possibly resulting in an infinite
+loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
+pointer may be dereferenced in the SSL version 2 client code. In addition, many
+applications using OpenSSL do not perform any validation of the lengths of
+public keys being used.
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937">CVE-2006-2937</a>,
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738">CVE-2006-3738</a>,
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343">CVE-2006-4343</a>,
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940">CVE-2006-2940</a>
+<br>
+<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/018_openssl2.patch">
+A source code patch exists which remedies this problem</a>.<br>
+<p>
+
+<li><a name="httpd2"></a>
+<font color="#009000"><strong>017: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;sektion=8">httpd(8)</a>
+does not sanitize the Expect header from an HTTP request when it is
+reflected back in an error message, which might allow cross-site scripting (XSS)
+style attacks.
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918">CVE-2006-3918</a>
+<br>
+<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/017_httpd2.patch">
+A source code patch exists which remedies this problem</a>.<br>
+<p>
+
 <li><a name="openssl"></a>
 <font color="#009000"><strong>016: SECURITY FIX: September 8, 2006</strong></font> &nbsp; <i>All architectures</i><br>
 Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for
@@ -294,7 +333,7 @@
 <hr>
 <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
 <a href="mailto:www@openbsd.org">www@openbsd.org</a>
-<br><small>$OpenBSD: errata38.html,v 1.16 2006/09/27 10:37:09 tom Exp $</small>
+<br><small>$OpenBSD: errata38.html,v 1.17 2006/10/07 18:07:36 brad Exp $</small>
 
 </body>
 </html>
