Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Mar 2002 13:55:01 -0800 (PST)
From:      "Bruce A. Mah" <bmah@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 7991 for review
Message-ID:  <200203192155.g2JLt1d24436@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=7991

Change 7991 by bmah@bmah_tomcat on 2002/03/19 13:54:42

	IFC:  SA-02:13 editing, SA-02:18.

Affected files ...

... //depot/releng/5_dp1/src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#3 integrate

Differences ...

==== //depot/releng/5_dp1/src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#3 (text+ko) ====

@@ -1634,12 +1634,23 @@
       <application>OpenSSH</application>'s multiplexing code.  This bug
       could have allowed an authenticated remote user to cause
       &man.sshd.8; to execute arbitrary code with superuser
-      privileges, or allowed a connecting SSH client to execute arbitrary
-      code with the privileges of the client user.  (See security
+      privileges, or allowed a malicious SSH server to execute arbitrary
+      code on the client system with the privileges of the client user.  (See security
       advisory <ulink
         url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.)
       &merged;</para>
 
+    <para>A programming error in <application>zlib</application> could
+      result in attempts to free memory multiple times.  The
+      &man.malloc.3;/&man.free.3; routines used in &os; are not
+      vulnerable to this error, but applications receiving
+      specially-crafted blocks of invalid compressed data could
+      be made to function incorrectly or abort.  This
+      <application>zlib</application> bug has been fixed.  For a
+      workaround and solutions, see security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.asc">FreeBSD-SA-02:18</ulink>.
+      &merged;</para>
+
   </sect2>
   <sect2 id="userland">
     <title>Userland Changes</title>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-releng" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203192155.g2JLt1d24436>