From 07eb2bbb9cc0ec2771473cbf28ab81ee4c0b7ecf Mon Sep 17 00:00:00 2001 From: "Bruce A. Mah" Date: Tue, 17 Apr 2001 19:22:07 +0000 Subject: [PATCH] Update for security advisories: 01:32 (ipfilter), 01:33 (glob/ftp). New release notes: TCP ISS randomization, groff-1.17. --- release/texts/alpha/RELNOTES.TXT | 18 ++++++++++++------ release/texts/i386/RELNOTES.TXT | 18 ++++++++++++------ 2 files changed, 24 insertions(+), 12 deletions(-) diff --git a/release/texts/alpha/RELNOTES.TXT b/release/texts/alpha/RELNOTES.TXT index 4f3857b73917..ad720a9ac679 100644 --- a/release/texts/alpha/RELNOTES.TXT +++ b/release/texts/alpha/RELNOTES.TXT @@ -453,10 +453,6 @@ A bug in rwhod(8), which caused it to crash if sent certain malformed packets, has been corrected (see security advisory FreeBSD-SA-01:29). [MERGED] -To prevent some forms of DOS attacks, glob(3) allows specification of -a limit on the number of pathname matches it will return. ftpd(8) now -uses this feature. [MERGED] - A security hole in FreeBSD's FFS and EXT2FS implementations, which allowed a race condition that could cause users to have unauthorized access to data, has been fixed (see security advisory @@ -465,7 +461,16 @@ FreeBSD-SA-01:30). [MERGED] A remotely-exploitable vulnerability in ntpd(8) has been closed (see security advisory FreeBSD-SA-01:31). [MERGED] -A security hole in IPFilter's fragment cache has been closed. [MERGED] +A security hole in IPFilter's fragment cache has been closed (see +security advisory FreeBSD-SA-01:32). [MERGED] + +Buffer overflows in glob(3), which could cause arbitrary code to be +run on an FTP server, have been closed. In addition, to prevent some +forms of DOS attacks, glob(3) now allows specification of a limit on +the number of pathname matches it will return. ftpd(8) now uses this +feature (see security advisory FreeBSD-SA-01:33). [MERGED] + +Initial sequence numbers in TCP are more thoroughly randomized. 1.3. USERLAND CHANGES @@ -748,7 +753,8 @@ dependencies. top(1) will now use the full width of its tty. groff(1) and its related utilities have been updated to FSF version -1.16.1. [MERGED] +1.17. This import brings in a new mdoc(7) macro package, which +removes many of the limitations of its predecessor. A number of cleanups and enhancements have been applied to the PCI subsystem. /usr/share/misc/pci_vendors now contains a vendor/device diff --git a/release/texts/i386/RELNOTES.TXT b/release/texts/i386/RELNOTES.TXT index 007d76e1708b..3008f27f17f9 100644 --- a/release/texts/i386/RELNOTES.TXT +++ b/release/texts/i386/RELNOTES.TXT @@ -528,10 +528,6 @@ A bug in rwhod(8), which caused it to crash if sent certain malformed packets, has been corrected (see security advisory FreeBSD-SA-01:29). [MERGED] -To prevent some forms of DOS attacks, glob(3) allows specification of -a limit on the number of pathname matches it will return. ftpd(8) now -uses this feature. [MERGED] - A security hole in FreeBSD's FFS and EXT2FS implementations, which allowed a race condition that could cause users to have unauthorized access to data, has been fixed (see security advisory @@ -540,7 +536,16 @@ FreeBSD-SA-01:30). [MERGED] A remotely-exploitable vulnerability in ntpd(8) has been closed (see security advisory FreeBSD-SA-01:31). [MERGED] -A security hole in IPFilter's fragment cache has been closed. [MERGED] +A security hole in IPFilter's fragment cache has been closed (see +security advisory FreeBSD-SA-01:32). [MERGED] + +Buffer overflows in glob(3), which could cause arbitrary code to be +run on an FTP server, have been closed. In addition, to prevent some +forms of DOS attacks, glob(3) now allows specification of a limit on +the number of pathname matches it will return. ftpd(8) now uses this +feature (see security advisory FreeBSD-SA-01:33). [MERGED] + +Initial sequence numbers in TCP are more thoroughly randomized. 1.3. USERLAND CHANGES @@ -842,7 +847,8 @@ dependencies. top(1) will now use the full width of its tty. groff(1) and its related utilities have been updated to FSF version -1.16.1. [MERGED] +1.17. This import brings in a new mdoc(7) macro package, which +removes many of the limitations of its predecessor. growfs(8), a utility for growing FFS filesystems, has been added. ffsinfo(8), a utility for dump all the meta-information of an existing