diff options
| author | Bruce A. Mah <bmah@FreeBSD.org> | 2002-07-31 20:20:29 +0000 |
|---|---|---|
| committer | Bruce A. Mah <bmah@FreeBSD.org> | 2002-07-31 20:20:29 +0000 |
| commit | 1e8b639eba1f66f14d7f244f25d40182204c486a (patch) | |
| tree | 5a92cdf150bbd824d5d64e2af1ab39408094c0d5 /release | |
| parent | 8510587725f9444b05cf3736dee57adf12366af7 (diff) | |
Notes
Diffstat (limited to 'release')
| -rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/common/new.sgml | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index e4bc989666df..94b56bae326c 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -343,6 +343,15 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc">FreeBSD-SA-02:23</ulink>. </para> + <para>&new.461; The original fix for security advisory SA-02:23 (which + addressed the use of file descriptors by set-user-id or + set-group-id programs) contained an error. It was still + possible for systems using &man.procfs.5; or &man.linprocfs.5; + to be exploited. This error has now been corrected; a revised + version of security advisory <ulink + url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc">FreeBSD-SA-02:23</ulink> + contains more details.</para> + <para>Some unexpected behavior could be allowed with &man.k5su.8; because it does not require that an invoking user be a member of the <groupname>wheel</groupname> group when attempting to become @@ -400,6 +409,12 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> For more information, see security advisory <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:32.pppd.asc">FreeBSD-SA-02:32</ulink>.</para> + <para>&new.461; Multiple buffer overflows in + <application>OpenSSL</application> have been corrected, by way + of an upgrade to the base system version of + <application>OpenSSL</application>. More details can be found + in security advisory <ulink + url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc">FreeBSD-SA-02:33</ulink>.</para> </sect2> <sect2 id="userland"> |
