New release notes: SA-02:24, SA-02:25.

2 files changed, 38 insertions, 0 deletions

diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
index 686c736..4af9079 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@@ -1768,6 +1768,25 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting>
       url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc">FreeBSD-SA-02:23</ulink>.
       &merged;</para>
 
+    <para>Some unexpected behavior could be allowed with &man.k5su.8;
+      because it does not require that an invoking user be a member of
+      the <groupname>wheel</groupname> group when attempting to become
+      the superuser (this is the case with &man.su.1;).  To avoid this
+      situation, &man.k5su.8; is now installed non-SUID by default
+      (effectively disabling it).  More information can be found in
+      security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc">FreeBSD-SA-02:24</ulink>.
+      &merged;</para>
+
+    <para>Multiple vulnerabilities were found in the &man.bzip2.1;
+      utility, which could allow files to be overwritten without
+      warning or allow local users unintended access to files.  These
+      problems have been corrected with a new import of
+      <application>bzip2</application>.  For more information, see
+      security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc">FreeBSD-SA-02:25</ulink>.
+      &merged; </para>
+
     <para>A bug has been fixed in the implementation of the TCP SYN 
       cache (<quote>syncache</quote>), which could allow a remote
       attacker to deny access to a service when accept filters
diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
index 686c736..4af9079 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@@ -1768,6 +1768,25 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting>
       url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc">FreeBSD-SA-02:23</ulink>.
       &merged;</para>
 
+    <para>Some unexpected behavior could be allowed with &man.k5su.8;
+      because it does not require that an invoking user be a member of
+      the <groupname>wheel</groupname> group when attempting to become
+      the superuser (this is the case with &man.su.1;).  To avoid this
+      situation, &man.k5su.8; is now installed non-SUID by default
+      (effectively disabling it).  More information can be found in
+      security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc">FreeBSD-SA-02:24</ulink>.
+      &merged;</para>
+
+    <para>Multiple vulnerabilities were found in the &man.bzip2.1;
+      utility, which could allow files to be overwritten without
+      warning or allow local users unintended access to files.  These
+      problems have been corrected with a new import of
+      <application>bzip2</application>.  For more information, see
+      security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc">FreeBSD-SA-02:25</ulink>.
+      &merged; </para>
+
     <para>A bug has been fixed in the implementation of the TCP SYN 
       cache (<quote>syncache</quote>), which could allow a remote
       attacker to deny access to a service when accept filters