New release note: SA-02:13.

2002-03-07 16:53:21 +00:00 · 2002-03-07 16:53:21 +00:00 · 45ee22e859
commit 45ee22e859
parent 07752e7a26
2 changed files with 18 additions and 0 deletions
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@ -1602,6 +1602,15 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting>
      given up superuser privileges to regain them.  This bug has been
      fixed.  (See security advisory FreeBSD-SA-02:07.)
      &merged;</para>
+
+    <para>An <quote>off-by-one</quote> bug has been fixed in
+      <application>OpenSSH</application>'s multiplexing code.  This bug
+      could have allowed a connecting SSH client to execute arbitrary
+      code with the privileges of the client user.  (See security
+      advisory <ulink
+        url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.)
+      &merged;</para>
+
  </sect2>
  <sect2 id="userland">
    <title>Userland Changes</title>
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@ -1602,6 +1602,15 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting>
      given up superuser privileges to regain them.  This bug has been
      fixed.  (See security advisory FreeBSD-SA-02:07.)
      &merged;</para>
+
+    <para>An <quote>off-by-one</quote> bug has been fixed in
+      <application>OpenSSH</application>'s multiplexing code.  This bug
+      could have allowed a connecting SSH client to execute arbitrary
+      code with the privileges of the client user.  (See security
+      advisory <ulink
+        url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.)
+      &merged;</para>
+
  </sect2>
  <sect2 id="userland">
    <title>Userland Changes</title>