===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata56.html,v
retrieving revision 1.26
retrieving revision 1.27
diff -c -r1.26 -r1.27
*** www/errata56.html	2015/04/30 19:36:17	1.26
--- www/errata56.html	2015/04/30 19:49:23	1.27
***************
*** 337,342 ****
--- 337,367 ----
    A source code patch exists which remedies this problem.</a>
  <p>
  
+ <li id="023_elf">
+ <font color="#009000"><strong>022: SECURITY FIX: April 30, 2015</strong></font>
+ &nbsp; <i>All architectures</i><br>
+ Malformed binaries could trigger kernel panics or view kernel memory.
+ <br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/023_elf.patch.sig">
+   A source code patch exists which remedies this problem.</a>
+ <p>
+ 
+ <li id="024_tar">
+ <font color="#009000"><strong>022: SECURITY FIX: April 30, 2015</strong></font>
+ &nbsp; <i>All architectures</i><br>
+ Multiple issues in tar/pax/cpio:
+ <ul>
+ <li>extracting a malicious archive could create files outside of
+ the current directory without using pre-existing symlinks to 'escape',
+ and could change the timestamps and modes on preexisting files
+ <li>tar without -P would permit extraction of paths with ".." components
+ <li>there was a buffer overflow in the handling of pax extension headers
+ </ul>
+ <br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/024_tar.patch.sig">
+   A source code patch exists which remedies this problem.</a>
+ <p>
+ 
  </ul>
  
  <hr>