===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata46.html,v
retrieving revision 1.44
retrieving revision 1.45
diff -c -r1.44 -r1.45
*** www/errata46.html	2016/08/15 02:22:06	1.44
--- www/errata46.html	2016/10/16 19:11:30	1.45
***************
*** 70,76 ****
  <br>
  <hr>
  
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.6.tar.gz">
  You can also fetch a tar.gz file containing all the following patches</a>.
  This file is updated once a day.
  <p>
--- 70,76 ----
  <br>
  <hr>
  
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.6.tar.gz">
  You can also fetch a tar.gz file containing all the following patches</a>.
  This file is updated once a day.
  <p>
***************
*** 92,98 ****
  Insufficient protection of the trunk interface queues may cause
  LACP trunks to fail under load.
  <br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/012_trunklacp.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
--- 92,98 ----
  Insufficient protection of the trunk interface queues may cause
  LACP trunks to fail under load.
  <br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/012_trunklacp.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
***************
*** 101,107 ****
  &nbsp; <i>All architectures</i><br>
  Incorrectly initialized state updates can cause pfsync update storms.
  <br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/011_pfsync.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
--- 101,107 ----
  &nbsp; <i>All architectures</i><br>
  Incorrectly initialized state updates can cause pfsync update storms.
  <br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/011_pfsync.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
***************
*** 111,117 ****
  In TLS connections, certain incorrectly formatted records can cause
  an OpenSSL client or server to crash due to a read attempt at NULL.
  <br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/010_openssl.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
--- 111,117 ----
  In TLS connections, certain incorrectly formatted records can cause
  an OpenSSL client or server to crash due to a read attempt at NULL.
  <br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/010_openssl.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
***************
*** 126,132 ****
  leading to a denial of service when a resource limit is apparently
  reached.
  <br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/009_mpi.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
--- 126,132 ----
  leading to a denial of service when a resource limit is apparently
  reached.
  <br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/009_mpi.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
***************
*** 137,143 ****
  paranoid enough in checking for underruns, which could potentially
  lead to crashes.
  <br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/008_kerberos.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
--- 137,143 ----
  paranoid enough in checking for underruns, which could potentially
  lead to crashes.
  <br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/008_kerberos.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
***************
*** 147,153 ****
  Due to a null pointer dereference, it would be possible to crash ftpd when
  handling glob(3)'ing requests. This is non-exploitable.
  <br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/007_ftpd.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
--- 147,153 ----
  Due to a null pointer dereference, it would be possible to crash ftpd when
  handling glob(3)'ing requests. This is non-exploitable.
  <br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/007_ftpd.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
***************
*** 157,163 ****
  OpenSSL is susceptible to a buffer overflow due to a failure
  to check for NULL returns from bn_wexpand function calls.
  <br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/006_openssl.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
--- 157,163 ----
  OpenSSL is susceptible to a buffer overflow due to a failure
  to check for NULL returns from bn_wexpand function calls.
  <br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/006_openssl.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
***************
*** 168,174 ****
  could be created, violating assumptions in other parts of the kernel
  and resulting in infinite loops.
  <br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/005_ptrace.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
--- 168,174 ----
  could be created, violating assumptions in other parts of the kernel
  and resulting in infinite loops.
  <br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/005_ptrace.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
***************
*** 180,186 ****
  OpenSSL permitted this protocol feature by default and had no way to
  disable it.
  <br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/004_openssl.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
--- 180,186 ----
  OpenSSL permitted this protocol feature by default and had no way to
  disable it.
  <br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/004_openssl.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
***************
*** 190,196 ****
  getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
  IP_IPCOMP_LEVEL will crash the system.
  <br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/003_getsockopt.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
--- 190,196 ----
  getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
  IP_IPCOMP_LEVEL will crash the system.
  <br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/003_getsockopt.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
***************
*** 199,205 ****
  &nbsp; <i>i386 only</i><br>
  XMM exceptions are not correctly handled resulting in a kernel panic.
  <br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.6/i386/002_xmm.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
--- 199,205 ----
  &nbsp; <i>i386 only</i><br>
  XMM exceptions are not correctly handled resulting in a kernel panic.
  <br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.6/i386/002_xmm.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
***************
*** 211,217 ****
  An attacker could crash a server with a specially crafted dynamic update message to a
  zone for which the server is master.
  <br>
! <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/001_bind.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
--- 211,217 ----
  An attacker could crash a server with a specially crafted dynamic update message to a
  zone for which the server is master.
  <br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/001_bind.patch">
  A source code patch exists which remedies this problem.</a>
  <p>