diff options
| author | Bruce A. Mah <bmah@FreeBSD.org> | 2002-01-05 06:07:17 +0000 |
|---|---|---|
| committer | Bruce A. Mah <bmah@FreeBSD.org> | 2002-01-05 06:07:17 +0000 |
| commit | f2185639f7eefb17262202de07c3acd2de07e660 (patch) | |
| tree | 7ad544e5bb71ee88663702026f7d32277e799f5e | |
| parent | e5b4afac08cea1a2915240984ba464d66c2a4a57 (diff) | |
Notes
| -rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/article.sgml | 10 | ||||
| -rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/common/new.sgml | 10 |
2 files changed, 20 insertions, 0 deletions
diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index 2d7f5081c980..c690ff8e5ca2 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -1430,6 +1430,16 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> closed. Note that the default value of this setting is <literal>UseLogin no</literal>. (See security advisory FreeBSD-SA-01:63.) &merged;</para> + + <para>The use of an insecure temporary directory by + &man.pkg.add.1; could permit a local attacker to modify the + contents of binary packages while they were being installed. + This hole has been closed. (See security advisory + FreeBSD-SA-02:01.) &merged;</para> + + <para>A race condition in &man.pw.8;, which could expose the + contents of <filename>/etc/master.passwd</filename>, has been + eliminated. (See security advisory FreeBSD-SA-02:02.) &merged;</para> </sect2> <sect2 id="userland"> <title>Userland Changes</title> diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index 2d7f5081c980..c690ff8e5ca2 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -1430,6 +1430,16 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> closed. Note that the default value of this setting is <literal>UseLogin no</literal>. (See security advisory FreeBSD-SA-01:63.) &merged;</para> + + <para>The use of an insecure temporary directory by + &man.pkg.add.1; could permit a local attacker to modify the + contents of binary packages while they were being installed. + This hole has been closed. (See security advisory + FreeBSD-SA-02:01.) &merged;</para> + + <para>A race condition in &man.pw.8;, which could expose the + contents of <filename>/etc/master.passwd</filename>, has been + eliminated. (See security advisory FreeBSD-SA-02:02.) &merged;</para> </sect2> <sect2 id="userland"> <title>Userland Changes</title> |