===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata38.html,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- www/errata38.html	2014/03/31 03:12:47	1.44
+++ www/errata38.html	2014/03/31 16:02:48	1.45
@@ -79,7 +79,8 @@
 <ul>
 
 <li><a name="ssh2"></a>
-<font color="#009000"><strong>020: SECURITY FIX: October 12, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>020: SECURITY FIX: October 12, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Fix 2 security bugs found in OpenSSH. A pre-authentication denial of service (found
 by Tavis Ormandy) that would cause
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&amp;sektion=8">sshd(8)</a>
@@ -94,7 +95,8 @@
 <p>
 
 <li><a name="systrace"></a>
-<font color="#009000"><strong>019: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>019: SECURITY FIX: October 7, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Fix for an integer overflow in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&amp;sektion=4">systrace(4)</a>'s
 STRIOCREPLACE support, found by
@@ -106,7 +108,8 @@
 <p>
 
 <li><a name="openssl2"></a>
-<font color="#009000"><strong>018: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>018: SECURITY FIX: October 7, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
 structures an error condition is mishandled, possibly resulting in an infinite
 loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
@@ -123,7 +126,8 @@
 <p>
 
 <li><a name="httpd2"></a>
-<font color="#009000"><strong>017: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>017: SECURITY FIX: October 7, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;sektion=8">httpd(8)</a>
 does not sanitize the Expect header from an HTTP request when it is
 reflected back in an error message, which might allow cross-site scripting (XSS)
@@ -135,7 +139,8 @@
 <p>
 
 <li><a name="openssl"></a>
-<font color="#009000"><strong>016: SECURITY FIX: September 8, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>016: SECURITY FIX: September 8, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for
 an attacker to construct an invalid signature which OpenSSL would accept as a
 valid PKCS#1 v1.5 signature.
@@ -146,7 +151,8 @@
 <p>
 
 <li><a name="bind"></a>
-<font color="#009000"><strong>015: SECURITY FIX: September 8, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>015: SECURITY FIX: September 8, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Two Denial of Service issues have been found with BIND.
 An attacker who can perform recursive lookups on a DNS server and is able
 to send a sufficiently large number of recursive queries, or is able to
@@ -162,7 +168,8 @@
 <p>
 
 <li><a name="sppp"></a>
-<font color="#009000"><strong>014: SECURITY FIX: September 2, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>014: SECURITY FIX: September 2, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Due to the failure to correctly validate LCP configuration option lengths,
 it is possible for an attacker to send LCP packets via an
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&amp;sektion=4">sppp(4)</a>
@@ -174,7 +181,8 @@
 <p>
 
 <li><a name="isakmpd"></a>
-<font color="#009000"><strong>013: SECURITY FIX: August 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>013: SECURITY FIX: August 25, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 A problem in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&amp;sektion=8">isakmpd(8)</a>
 caused IPsec to run partly without replay protection. If
@@ -188,7 +196,8 @@
 <p>
 
 <li><a name="sem"></a>
-<font color="#009000"><strong>012: SECURITY FIX: August 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>012: SECURITY FIX: August 25, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 It is possible to cause the kernel to panic when more than the default number of
 sempahores have been allocated.
 <br>
@@ -197,7 +206,8 @@
 <p>
 
 <li><a name="dhcpd"></a>
-<font color="#009000"><strong>011: SECURITY FIX: August 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>011: SECURITY FIX: August 25, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Due to an off-by-one error in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&amp;sektion=8">dhcpd(8)</a>,
 it is possible to cause
@@ -210,7 +220,8 @@
 <p>
 
 <li><a name="sendmail3"></a>
-<font color="#009000"><strong>010: SECURITY FIX: August 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>010: SECURITY FIX: August 25, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 A potential denial of service problem has been found in sendmail. A message
 with really long header lines could trigger a use-after-free bug causing
 sendmail to crash.
@@ -220,7 +231,8 @@
 <p>
 
 <li><a name="httpd"></a>
-<font color="#009000"><strong>009: SECURITY FIX: July 30, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>009: SECURITY FIX: July 30, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;sektion=8">httpd(8)</a>'s
 mod_rewrite has a potentially exploitable off-by-one buffer overflow.
 The buffer overflow may result in a vulnerability which, in combination
@@ -233,7 +245,8 @@
 <p>
 
 <li><a name="sendmail2"></a>
-<font color="#009000"><strong>008: SECURITY FIX: June 15, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>008: SECURITY FIX: June 15, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 A potential denial of service problem has been found in sendmail. A malformed MIME
 message could trigger excessive recursion which will lead to stack exhaustion.
 This denial of service attack only affects delivery of mail from the queue and
@@ -246,7 +259,8 @@
 <p>
 
 <li><a name="xorg"></a>
-<font color="#009000"><strong>007: SECURITY FIX: May 2, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>007: SECURITY FIX: May 2, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 A security vulnerability has been found in the X.Org server --
 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526">CVE-2006-1526</a>.
 Clients authorized to connect to the X server are able to crash it and to execute
@@ -257,7 +271,8 @@
 <p>
 
 <li><a name="sendmail"></a>
-<font color="#009000"><strong>006: SECURITY FIX: March 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>006: SECURITY FIX: March 25, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 A race condition has been reported to exist in the handling by sendmail of
 asynchronous signals. A remote attacker may be able to execute arbitrary code with the
 privileges of the user running sendmail, typically root.
@@ -267,7 +282,8 @@
 <p>
 
 <li><a name="ssh"></a>
-<font color="#009000"><strong>005: SECURITY FIX: February 12, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>005: SECURITY FIX: February 12, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=system&amp;sektion=3">system(3)</a>
 function in
@@ -281,7 +297,8 @@
 <p>
 
 <li><a name="i386machdep"></a>
-<font color="#009000"><strong>004: RELIABILITY FIX: January 13, 2006</strong></font> &nbsp; <i>i386 architecture</i><br>
+<font color="#009000"><strong>004: RELIABILITY FIX: January 13, 2006</strong></font>
+&nbsp; <i>i386 architecture</i><br>
 Constrain
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=i386_set_ioperm&amp;arch=i386&amp;sektion=2">i386_set_ioperm(2)</a>
 so even root is blocked from accessing the ioports
@@ -292,7 +309,8 @@
 <p>
 
 <li><a name="i386pmap"></a>
-<font color="#009000"><strong>003: RELIABILITY FIX: January 13, 2006</strong></font> &nbsp; <i>i386 architecture</i><br>
+<font color="#009000"><strong>003: RELIABILITY FIX: January 13, 2006</strong></font>
+&nbsp; <i>i386 architecture</i><br>
 Change the implementation of i386 W^X so that the "execute line" can move around.
 Before it was limited to being either at 512MB (below which all code normally
 lands) or at the top of the stack. Now the line can float as
@@ -307,7 +325,8 @@
 <p>
 
 <li><a name="fd"></a>
-<font color="#009000"><strong>002: SECURITY FIX: January 5, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>002: SECURITY FIX: January 5, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Do not allow users to trick suid programs into re-opening files via /dev/fd.
 <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/002_fd.patch">
@@ -315,7 +334,8 @@
 <p>
 
 <li><a name="perl"></a>
-<font color="#009000"><strong>001: SECURITY FIX: January 5, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>001: SECURITY FIX: January 5, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 A buffer overflow has been found in the Perl interpreter with the sprintf function which
 may be exploitable under certain conditions.
 <br>