+ The sis(4) + driver may hand over stale ring descriptors to the hardware if the compiler decides + to re-order stores or if the hardware does store-reordering. +
+ + A source code patch exists which remedies this problem.
+
+ +
+ PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were + not correctly handled on little-endian systems (alpha, amd64, arm, i386, + mips64el, vax). Other address types (bare addresses "10.1.1.1" and + prefixes "10.1.1.1/30") are not affected. +
+ + A source code patch exists which remedies this problem.
+
+ +
+ An incorrectly formatted ClientHello handshake message could cause + OpenSSL to parse past the end of the message. An attacker could use this flaw + to trigger an invalid memory access, causing a crash of an application linked + to OpenSSL. As well, certain applications may expose the contents of parsed + OCSP extensions, specifically the OCSP nonce extension. +
+ Applications are only affected if they act as a server and call
+ SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed
+ that nothing in the base OS uses this. Apache httpd started using this
+ in v2.3.3; this is newer than the version in ports.
+
+
+ A source code patch exists which remedies this problem.
+
+
sp_protocol in RTM_DELETE messages could contain garbage values *************** *** 200,206 ****
www@openbsd.org
! $OpenBSD: errata48.html,v 1.6 2011/01/13 16:36:58 jsg Exp $