diff options
author | Bruce A. Mah <bmah@FreeBSD.org> | 2002-03-07 16:53:21 +0000 |
---|---|---|
committer | Bruce A. Mah <bmah@FreeBSD.org> | 2002-03-07 16:53:21 +0000 |
commit | ddcc941ff20a6a3ed5a3091b80eed73b1faefe65 (patch) | |
tree | 7e590c696fb5d9bb76803fecefc796c47062e3c5 /release/doc | |
parent | 81fcc44b70c20bcade060fbec22a8dd291b1337d (diff) | |
download | src-ddcc941ff20a6a3ed5a3091b80eed73b1faefe65.tar.gz src-ddcc941ff20a6a3ed5a3091b80eed73b1faefe65.zip |
New release note: SA-02:13.
Notes
Notes:
svn path=/head/; revision=91819
Diffstat (limited to 'release/doc')
-rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/article.sgml | 9 | ||||
-rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/common/new.sgml | 9 |
2 files changed, 18 insertions, 0 deletions
diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index bcc955022c34..6b3d208f32dc 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -1602,6 +1602,15 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> given up superuser privileges to regain them. This bug has been fixed. (See security advisory FreeBSD-SA-02:07.) &merged;</para> + + <para>An <quote>off-by-one</quote> bug has been fixed in + <application>OpenSSH</application>'s multiplexing code. This bug + could have allowed a connecting SSH client to execute arbitrary + code with the privileges of the client user. (See security + advisory <ulink + url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.) + &merged;</para> + </sect2> <sect2 id="userland"> <title>Userland Changes</title> diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index bcc955022c34..6b3d208f32dc 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -1602,6 +1602,15 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> given up superuser privileges to regain them. This bug has been fixed. (See security advisory FreeBSD-SA-02:07.) &merged;</para> + + <para>An <quote>off-by-one</quote> bug has been fixed in + <application>OpenSSH</application>'s multiplexing code. This bug + could have allowed a connecting SSH client to execute arbitrary + code with the privileges of the client user. (See security + advisory <ulink + url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.) + &merged;</para> + </sect2> <sect2 id="userland"> <title>Userland Changes</title> |