===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.392
retrieving revision 1.393
diff -u -r1.392 -r1.393
--- www/errata.html 2002/05/09 14:40:41 1.392
+++ www/errata.html 2002/05/22 22:32:29 1.393
@@ -49,6 +49,17 @@
All architectures
+
+- 004: SECURITY FIX: May 22, 2002
+Under certain conditions, on systems using YP with netgroups in the
+password database, it is possible that
+sshd(8)
+does ACL checks for the requested user name but uses the password
+database entry of a different user for authentication. This means
+that denied users might authenticate successfully while permitted
+users could be locked out.
+A source code patch exists which remedies the problem.
+
- 003: SECURITY FIX: May 8, 2002
A race condition exists where an attacker could fill the file descriptor
@@ -153,7 +164,7 @@
www@openbsd.org
-
$OpenBSD: errata.html,v 1.392 2002/05/09 14:40:41 millert Exp $
+
$OpenBSD: errata.html,v 1.393 2002/05/22 22:32:29 markus Exp $