===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata48.html,v
retrieving revision 1.36
retrieving revision 1.37
diff -c -r1.36 -r1.37
*** www/errata48.html	2017/03/28 04:04:52	1.36
--- www/errata48.html	2017/03/28 06:41:18	1.37
***************
*** 82,91 ****
  <hr>
  
  <ul>
! <li id="010_sis">
  <font color="#009000"><strong>010: RELIABILITY FIX: February 16, 2011</strong></font>
  &nbsp; <i>All architectures</i><br>
! The <a href="http://man.openbsd.org/?query=sis&sektion=4">sis(4)</a>
  driver may hand over stale ring descriptors to the hardware if the compiler decides
  to re-order stores or if the hardware does store-reordering.
  <br>
--- 82,91 ----
  <hr>
  
  <ul>
! <li id="p010_sis">
  <font color="#009000"><strong>010: RELIABILITY FIX: February 16, 2011</strong></font>
  &nbsp; <i>All architectures</i><br>
! The <a href="http://man.openbsd.org/OpenBSD-4.8/sis.4">sis(4)</a>
  driver may hand over stale ring descriptors to the hardware if the compiler decides
  to re-order stores or if the hardware does store-reordering.
  <br>
***************
*** 93,99 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="009_pf">
  <font color="#009000"><strong>009: SECURITY FIX: February 16, 2011</strong></font>
  &nbsp; <i>Little-endian
   architectures</i><br>
--- 93,99 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="p009_pf">
  <font color="#009000"><strong>009: SECURITY FIX: February 16, 2011</strong></font>
  &nbsp; <i>Little-endian
   architectures</i><br>
***************
*** 106,112 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="008_openssl">
  <font color="#009000"><strong>008: SECURITY FIX: February 11, 2011</strong></font>
  &nbsp; <i>All architectures</i><br>
  An incorrectly formatted ClientHello handshake message could cause
--- 106,112 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="p008_openssl">
  <font color="#009000"><strong>008: SECURITY FIX: February 11, 2011</strong></font>
  &nbsp; <i>All architectures</i><br>
  An incorrectly formatted ClientHello handshake message could cause
***************
*** 124,130 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="007_rtsock">
  <font color="#009000"><strong>007: RELIABILITY FIX: January 13, 2011</strong></font>
  &nbsp; <i>All architectures</i><br>
  sp_protocol in RTM_DELETE messages could contain garbage values
--- 124,130 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="p007_rtsock">
  <font color="#009000"><strong>007: RELIABILITY FIX: January 13, 2011</strong></font>
  &nbsp; <i>All architectures</i><br>
  sp_protocol in RTM_DELETE messages could contain garbage values
***************
*** 135,156 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="006_cbc">
  <font color="#009000"><strong>006: RELIABILITY FIX: December 17, 2010</strong></font>
  &nbsp; <i>All architectures</i><br>
  Bring CBC oracle attack countermeasures to hardware crypto accelerator land.
  This fixes aes-ni, via xcrypt and various drivers
! (<a href="http://man.openbsd.org/?query=glxsb&arch=i386&sektion=4">glxsb(4)</a>,
! <a href="http://man.openbsd.org/?query=hifn&sektion=4">hifn(4)</a>,
! <a href="http://man.openbsd.org/?query=safe&sektion=4">safe(4)</a>
  and
! <a href="http://man.openbsd.org/?query=ubsec&sektion=4">ubsec(4)</a>).
  <br>
  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.8/common/006_cbc.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="005_pf">
  <font color="#009000"><strong>005: SECURITY FIX: December 17, 2010</strong></font>
  &nbsp; <i>All architectures</i><br>
  Insufficent initialization of the pf rule structure in the ioctl
--- 135,156 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="p006_cbc">
  <font color="#009000"><strong>006: RELIABILITY FIX: December 17, 2010</strong></font>
  &nbsp; <i>All architectures</i><br>
  Bring CBC oracle attack countermeasures to hardware crypto accelerator land.
  This fixes aes-ni, via xcrypt and various drivers
! (<a href="http://man.openbsd.org/OpenBSD-4.8/glxsb.4">glxsb(4)</a>,
! <a href="http://man.openbsd.org/OpenBSD-4.8/hifn.4">hifn(4)</a>,
! <a href="http://man.openbsd.org/OpenBSD-4.8/safe.4">safe(4)</a>
  and
! <a href="http://man.openbsd.org/OpenBSD-4.8/ubsec.4">ubsec(4)</a>).
  <br>
  <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.8/common/006_cbc.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="p005_pf">
  <font color="#009000"><strong>005: SECURITY FIX: December 17, 2010</strong></font>
  &nbsp; <i>All architectures</i><br>
  Insufficent initialization of the pf rule structure in the ioctl
***************
*** 161,167 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="004_openssl">
  <font color="#009000"><strong>004: RELIABILITY FIX: November 17, 2010</strong></font>
  &nbsp; <i>All architectures</i><br>
  Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to
--- 161,167 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="p004_openssl">
  <font color="#009000"><strong>004: RELIABILITY FIX: November 17, 2010</strong></font>
  &nbsp; <i>All architectures</i><br>
  Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to
***************
*** 173,182 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="003_vr">
  <font color="#009000"><strong>003: RELIABILITY FIX: November 16, 2010</strong></font>
  &nbsp; <i>All architectures</i><br>
! The <a href="http://man.openbsd.org/?query=vr&sektion=4">vr(4)</a>
  driver may hand over stale ring descriptors to the hardware if the compiler decides
  to re-order stores or if the hardware does store-reordering.
  <br>
--- 173,182 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="p003_vr">
  <font color="#009000"><strong>003: RELIABILITY FIX: November 16, 2010</strong></font>
  &nbsp; <i>All architectures</i><br>
! The <a href="http://man.openbsd.org/OpenBSD-4.8/vr.4">vr(4)</a>
  driver may hand over stale ring descriptors to the hardware if the compiler decides
  to re-order stores or if the hardware does store-reordering.
  <br>
***************
*** 184,190 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="002_pci">
  <font color="#009000"><strong>002: RELIABILITY FIX: November 16, 2010</strong></font>
  &nbsp; <i>All architectures</i><br>
  Certain PCI based hardware may improperly announce their Base Address
--- 184,190 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="p002_pci">
  <font color="#009000"><strong>002: RELIABILITY FIX: November 16, 2010</strong></font>
  &nbsp; <i>All architectures</i><br>
  Certain PCI based hardware may improperly announce their Base Address
***************
*** 195,201 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="001_bgpd">
  <font color="#009000"><strong>001: RELIABILITY FIX: November 16, 2010</strong></font>
  &nbsp; <i>All architectures</i><br>
  Uninitialized memory may force the RDE into route-collector mode on startup and
--- 195,201 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="p001_bgpd">
  <font color="#009000"><strong>001: RELIABILITY FIX: November 16, 2010</strong></font>
  &nbsp; <i>All architectures</i><br>
  Uninitialized memory may force the RDE into route-collector mode on startup and