From owner-p4-releng  Tue Mar 19 13:55:10 2002
Delivered-To: p4-releng@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id C2B6537B400; Tue, 19 Mar 2002 13:55:02 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id A901037B419
	for <perforce@freebsd.org>; Tue, 19 Mar 2002 13:55:01 -0800 (PST)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g2JLt1d24436
	for perforce@freebsd.org; Tue, 19 Mar 2002 13:55:01 -0800 (PST)
	(envelope-from bmah@freebsd.org)
Date: Tue, 19 Mar 2002 13:55:01 -0800 (PST)
Message-Id: <200203192155.g2JLt1d24436@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bmah@freebsd.org using -f
From: "Bruce A. Mah" <bmah@FreeBSD.org>
Subject: PERFORCE change 7991 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-releng@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-releng.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-releng>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-releng>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=7991

Change 7991 by bmah@bmah_tomcat on 2002/03/19 13:54:42

	IFC:  SA-02:13 editing, SA-02:18.

Affected files ...

... //depot/releng/5_dp1/src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#3 integrate

Differences ...

==== //depot/releng/5_dp1/src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#3 (text+ko) ====

@@ -1634,12 +1634,23 @@
       <application>OpenSSH</application>'s multiplexing code.  This bug
       could have allowed an authenticated remote user to cause
       &man.sshd.8; to execute arbitrary code with superuser
-      privileges, or allowed a connecting SSH client to execute arbitrary
-      code with the privileges of the client user.  (See security
+      privileges, or allowed a malicious SSH server to execute arbitrary
+      code on the client system with the privileges of the client user.  (See security
       advisory <ulink
         url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.)
       &merged;</para>
 
+    <para>A programming error in <application>zlib</application> could
+      result in attempts to free memory multiple times.  The
+      &man.malloc.3;/&man.free.3; routines used in &os; are not
+      vulnerable to this error, but applications receiving
+      specially-crafted blocks of invalid compressed data could
+      be made to function incorrectly or abort.  This
+      <application>zlib</application> bug has been fixed.  For a
+      workaround and solutions, see security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.asc">FreeBSD-SA-02:18</ulink>.
+      &merged;</para>
+
   </sect2>
   <sect2 id="userland">
     <title>Userland Changes</title>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-releng" in the body of the message