Regen from article.sgml 1.1.2.59.

svn path=/www/; revision=12532
2002-03-19 06:41:07 +00:00 · 2002-03-19 06:41:07 +00:00 · d4bb704d95 · 2020-12-08 03:00:23 +00:00
commit d4bb704d95
parent 2c9aa1786f
1 changed files with 24 additions and 7 deletions
--- a/en/releases/4.5R/errata.html
+++ b/en/releases/4.5R/errata.html
@ -22,7 +22,7 @@

        <p class="PUBDATE">$FreeBSD:
        src/release/doc/en_US.ISO8859-1/errata/article.sgml,v
-        1.1.2.57 2002/03/09 20:46:37 bmah Exp $<br>
+        1.1.2.59 2002/03/19 00:25:01 bmah Exp $<br>
        </p>
        <hr>
      </div>
@ -109,19 +109,36 @@
        <span class="CITEREFENTRY"><span class=
        "REFENTRYTITLE">sshd</span>(8)</span></a> to execute
        arbitrary code with superuser privileges, or allowed a
-        connecting SSH client to execute arbitrary code with the
-        privileges of the client user. Various workarounds and
-        bugfixes, for versions of <b class=
+        malicious SSH server to execute arbitrary code on the
+        client system with the privileges of the client user.
+        Various workarounds and bugfixes, for versions of <b class=
        "APPLICATION">OpenSSH</b> in both the base system and Ports
        Collection, can be found in security advisory <a href=
        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
         target="_top">FreeBSD-SA-02:13</a>.</p>
+
+        <p>A programming error in <b class="APPLICATION">zlib</b>
+        could result in attempts to free memory multiple times. The
+        <a href=
+        "http://www.FreeBSD.org/cgi/man.cgi?query=malloc&sektion=3&manpath=FreeBSD+4.5-stable">
+        <span class="CITEREFENTRY"><span class=
+        "REFENTRYTITLE">malloc</span>(3)</span></a>/<a href=
+        "http://www.FreeBSD.org/cgi/man.cgi?query=free&sektion=3&manpath=FreeBSD+4.5-stable">
+        <span class="CITEREFENTRY"><span class=
+        "REFENTRYTITLE">free</span>(3)</span></a> routines used in
+        FreeBSD are not vulnerable to this error, but applications
+        receiving specially-crafted blocks of invalid compressed
+        data could be made to function incorrectly or abort. This
+        <b class="APPLICATION">zlib</b> bug has been fixed. For a
+        workaround and solutions, see security advisory <a href=
+        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.asc"
+         target="_top">FreeBSD-SA-02:18</a>.</p>
      </div>

      <div class="SECT1">
        <hr>

-        <h1 class="SECT1"><a name="AEN43">3 System Update
+        <h1 class="SECT1"><a name="AEN53">3 System Update
        Information</a></h1>

        <p>Certain SSH clients, when attempting to connect to a
@ -215,7 +232,7 @@
        are frequently required by these other components, <span
        class="emphasis"><i class="EMPHASIS">are</i></span>
        included on disk 1 of the official 4-CD set. <a name=
-        "AEN80" href="#FTN.AEN80">[1]</a></p>
+        "AEN90" href="#FTN.AEN90">[1]</a></p>

        <p>A binary package containing <b class=
        "APPLICATION">Samba</b> was accidentally omitted from the
@ -246,7 +263,7 @@
    <table border="0" class="FOOTNOTES" width="100%">
      <tr>
        <td align="LEFT" valign="TOP" width="5%"><a name=
-        "FTN.AEN80" href="#AEN80">[1]</a></td>
+        "FTN.AEN90" href="#AEN90">[1]</a></td>

        <td align="LEFT" valign="TOP" width="95%">
          <p>The complete FreeBSD package collection currently