Regen from article.sgml 1.1.2.74.

svn path=/www/; revision=13762
2002-08-01 17:39:52 +00:00 · 2002-08-01 17:39:52 +00:00 · d3c30ae0a7 · 2020-12-08 03:00:23 +00:00
commit d3c30ae0a7
parent b2c8d89107
1 changed files with 43 additions and 4 deletions
--- a/en/releases/4.6R/errata.html
+++ b/en/releases/4.6R/errata.html
@ -22,7 +22,7 @@

        <p class="PUBDATE">$FreeBSD:
        src/release/doc/en_US.ISO8859-1/errata/article.sgml,v
-        1.1.2.73 2002/07/30 16:50:49 bmah Exp $<br>
+        1.1.2.74 2002/08/01 17:36:26 bmah Exp $<br>
        </p>
        <hr>
      </div>
@ -83,6 +83,22 @@
        <h1 class="SECT1"><a name="AEN25">2 Security
        Advisories</a></h1>

+        <p>FreeBSD 4.6-RELEASE contains a fix for a bug described
+        in security advisory SA-02:23 (which addressed the use of
+        file descriptors by set-user-id or set-group-id programs).
+        An error has been discovered in the bugfix; it is still
+        possible for systems using <a href=
+        "http://www.FreeBSD.org/cgi/man.cgi?query=procfs&sektion=5&manpath=FreeBSD+4.5-stable">
+        <span class="CITEREFENTRY"><span class=
+        "REFENTRYTITLE">procfs</span>(5)</span></a> or <a href=
+        "http://www.FreeBSD.org/cgi/man.cgi?query=linprocfs&sektion=5&manpath=FreeBSD+4.5-stable">
+        <span class="CITEREFENTRY"><span class=
+        "REFENTRYTITLE">linprocfs</span>(5)</span></a> to be
+        exploited. A revised version of security advisory <a href=
+        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc"
+         target="_top">FreeBSD-SA-02:23</a> contains a corrected
+        bugfix.</p>
+
        <p>A buffer overflow in the resolver could be exploited by
        a malicious domain name server or an attacker forging DNS
        messages. This could potentially be used to force arbitrary
@ -112,12 +128,35 @@
        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:30.ktrace.asc"
         target="_top">FreeBSD-SA-02:30</a> for a workaround and a
        fix.</p>
+
+        <p>A race condition in <a href=
+        "http://www.FreeBSD.org/cgi/man.cgi?query=pppd&sektion=8&manpath=FreeBSD+4.5-stable">
+        <span class="CITEREFENTRY"><span class=
+        "REFENTRYTITLE">pppd</span>(8)</span></a> can be used to
+        change the permissions of an arbitrary file. For more
+        details, a workaround, and bugfix information, see security
+        advisory <a href=
+        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:32.pppd.asc"
+         target="_top">FreeBSD-SA-02:32</a>.</p>
+
+        <p>Multiple buffer overflows have been discovered in <b
+        class="APPLICATION">OpenSSL</b>. More details (including
+        workarounds and bugfixes) can be found in security advisory
+        <a href=
+        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
+         target="_top">FreeBSD-SA-02:33</a>.</p>
+
+        <p>A bug in the XDR decoder (used by Sun RPC) could result
+        in a heap buffer overflow. Security advisory <a href=
+        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:34.rpc.asc"
+         target="_top">FreeBSD-SA-02:34</a> contains workaround and
+        bugfix information.</p>
      </div>

      <div class="SECT1">
        <hr>

-        <h1 class="SECT1"><a name="AEN39">3 Late-Breaking
+        <h1 class="SECT1"><a name="AEN57">3 Late-Breaking
        News</a></h1>

        <p>In FreeBSD 4.6-RELEASE, the default maximum TCP window
@ -262,8 +301,8 @@
          </ol>
        </div>

-        <p>As of this writing, this issue is under continuing
-        investigation.</p>
+        <p>This problem has been corrected in FreeBSD 4.6-STABLE
+        snapshots.</p>

        <p>Due to a bug in the release generation process, some of
        the directories under <tt class=