article.xml revision 261784 
1<?xml version="1.0" encoding="iso-8859-1"?>
2<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN"
3        "http://www.FreeBSD.org/XML/share/xml/freebsd50.dtd" [
4<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"
5        "http://www.FreeBSD.org/release/XML/release.ent">
6%release;
7]>
8
9<article xmlns="http://docbook.org/ns/docbook"
10	 xmlns:xlink="http://www.w3.org/1999/xlink"
11	 version="5.0">
12  <info>
13    <title>&os; &release.prev; Errata </title>
14
15    <author><orgname>The &os; Project</orgname></author>
16
17    <pubdate>$FreeBSD: stable/10/release/doc/en_US.ISO8859-1/errata/article.xml 261784 2014-02-11 23:11:11Z hrs $</pubdate>
18
19    <copyright>
20      <year>2014</year>
21
22      <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
23    </copyright>
24
25    <legalnotice xml:id="trademarks" role="trademarks">
26      &tm-attrib.freebsd;
27      &tm-attrib.intel;
28      &tm-attrib.sparc;
29      &tm-attrib.general;
30    </legalnotice>
31
32    <abstract>
33      <para>This document lists errata items for &os; &release.prev;,
34	containing significant information discovered after the release
35	or too late in the release cycle to be otherwise included in the
36	release documentation.
37	This information includes security advisories, as well as news
38	relating to the software or documentation that could affect its
39	operation or usability.  An up-to-date version of this document
40	should always be consulted before installing this version of
41	&os;.</para>
42
43      <para>This errata document for &os; &release.prev;
44	will be maintained until the release of &os; &release.next;.</para>
45    </abstract>
46  </info>
47
48  <sect1 xml:id="intro">
49    <title>Introduction</title>
50
51    <para>This errata document contains <quote>late-breaking news</quote>
52      about &os; &release.prev;
53      Before installing this version, it is important to consult this
54      document to learn about any post-release discoveries or problems
55      that may already have been found and fixed.</para>
56
57    <para>Any version of this errata document actually distributed
58      with the release (for example, on a CDROM distribution) will be
59      out of date by definition, but other copies are kept updated on
60      the Internet and should be consulted as the <quote>current
61      errata</quote> for this release.  These other copies of the
62      errata are located at
63      <link xlink:href="http://www.FreeBSD.org/releases/" />,
64      plus any sites
65      which keep up-to-date mirrors of this location.</para>
66
67    <para>Source and binary snapshots of &os; &release.branch; also
68      contain up-to-date copies of this document (as of the time of
69      the snapshot).</para>
70
71    <para>For a list of all &os; CERT security advisories, see
72      <link xlink:href="http://www.FreeBSD.org/security/" />
73      or <link xlink:href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/" />.</para>
74  </sect1>
75
76  <sect1 xml:id="security">
77    <title>Security Advisories</title>
78
79    <informaltable frame="none" pgwide="0">
80      <tgroup cols="3">
81	<colspec colwidth="1*" />
82	<colspec colwidth="1*" />
83	<colspec colwidth="3*" />
84	<thead>
85	  <row>
86	    <entry>Advisory</entry>
87	    <entry>Date</entry>
88	    <entry>Topic</entry>
89	  </row>
90	</thead>
91
92	<tbody>
93	  <row>
94	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-13:14.openssh.asc"
95	      >SA-13:14.openssh</link></entry>
96
97	    <entry>19&nbsp;November&nbsp;2013</entry>
98
99	    <entry><para>OpenSSH AES-GCM memory corruption
100		vulnerability</para></entry>
101	  </row>
102
103	  <row>
104	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:01.bsnmpd.asc"
105	      >SA-14:01.bsnmpd</link></entry>
106
107	    <entry>14&nbsp;January&nbsp;2014</entry>
108
109	    <entry><para>bsnmpd remote denial of service vulnerability</para></entry>
110	  </row>
111
112	  <row>
113	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:02.ntpd.asc"
114	      >SA-14:02.ntpd</link></entry>
115
116	    <entry>14&nbsp;January&nbsp;2014</entry>
117
118	    <entry><para>ntpd distributed reflection Denial of Service vulnerability</para></entry>
119	  </row>
120
121	  <row>
122	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:03.openssl.asc"
123	      >SA-14:03.openssl</link></entry>
124
125	    <entry>14&nbsp;January&nbsp;2014</entry>
126
127	    <entry><para>OpenSSL multiple vulnerabilities</para></entry>
128	  </row>
129
130	  <row>
131	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc"
132	      >SA-14:04.bind</link></entry>
133
134	    <entry>14&nbsp;January&nbsp;2014</entry>
135
136	    <entry><para>BIND remote denial of service vulnerability</para></entry>
137	  </row>
138	</tbody>
139      </tgroup>
140    </informaltable>
141  </sect1>
142
143  <sect1 xml:id="open-issues">
144    <title>Open Issues</title>
145
146    <itemizedlist>
147      <listitem>
148	<para>&os;/&arch.i386; &release.prev; running as a guest
149	  operating system on <application>VirtualBox</application>
150	  can have a problem with disk I/O access.  It depends on some
151	  specific hardware configuration and does not depend on a
152	  specific version of <application>VirtualBox</application> or
153	  host operating system.</para>
154
155	<para>It causes various errors and makes &os; quite unstable.
156	  Although the cause is still unclear, disabling unmapped I/O
157	  works as a workaround.  To disable it, choose <literal>Escape to
158	    loader prompt</literal> in the boot menu and enter the following
159	  lines from &man.loader.8; prompt, after
160	  an <literal>OK</literal>:</para>
161
162	<screen>set vfs.unmapped_buf_allowed=0
163boot</screen>
164
165	<para>Note that the following line has to be added to
166	  <filename>/boot/loader.conf</filename> after a boot.
167          It disables unmapped I/O at every boot:</para>
168
169	<programlisting>vfs.unmapped_buf_allowed=0</programlisting>
170      </listitem>
171
172      <listitem>
173	<para>A bug in <application>Heimdal</application> (an
174	  implementation of <application>Kerberos</application>
175	  authentication in &os; base system) has been fixed.  It
176	  could cause an interoperability issue between
177	  <application>Heimdal</application> and the other
178	  implementations including <application>MIT
179	  Kerberos</application>.  However, due to this fix,
180	  <application>Heimdal</application> and some applications
181	  which depend on it in the previous &os; releases do not work
182	  with one in &release.prev; in certain cases.  Errata Notice
183	  for the supported releases to fix it will be
184	  released.</para>
185      </listitem>
186
187      <listitem>
188	<para>A bug in &man.killall.1; has been discovered.  It
189	  makes <userinput>killall -INT</userinput> to deliver
190	  <literal>SIGTERM</literal> rather than the desired
191	  <literal>SIGINT</literal>, and may cause blocking
192	  behavior for scripts that uses it, as <literal>-I</literal>
193	  means <quote>interactive</quote>.  A workaround of this
194	  would be to use <literal>-SIGINT</literal> instead.
195	  This bug has been fixed on &os;-CURRENT and will be fixed
196	  in &os; &release.current;.</para>
197      </listitem>
198
199      <listitem>
200	<para>The &man.bxe.4; driver can cause packet corruption when
201	  TSO (TCP Segmentation Offload) feature is enabled.  This
202	  feature is enabled by default and can be disabled by using a
203	  <option>-tso</option> parameter of &man.ifconfig.8;.  It can
204	  be specified in &man.rc.conf.5; like the following:</para>
205
206	<programlisting>ifconfig_bxe0="DHCP -tso"</programlisting>
207
208	<para>This bug has been fixed on &os; &release.current;.</para>
209      </listitem>
210
211      <listitem>
212	<para>Due to a minor incompatibility with &man.pkg.7; version
213	  <literal>1.2.x</literal>, &man.bsdconfig.8; will duplicate
214	  the list of available packages for installation.  This is
215	  due to the <literal>PACKAGESITE</literal> environment
216	  variable being set for backwards compatibility with older
217	  versions of &man.pkg.7;.  This affects generation of the
218	  available package list only, and does not affect the
219	  behavior when processing packages for installation.</para>
220      </listitem>
221
222      <listitem>
223	<para>A regression in &man.pw.8; does not remove a user from
224	  groups not specified in the provided group list when the
225	  <literal>-G</literal> flag is used.  This is expected to be
226	  corrected in &os;-CURRENT and &os; &release.current;.</para>
227      </listitem>
228
229      <listitem>
230	<para>&man.ipfw.8; <literal>fwd</literal> action can send
231	  packets to the correct interface with a wrong link-layer
232	  address when the route is updated.  This bug has been fixed
233	  on &os;-CURRENT and will be fixed in &os;
234	  &release.current;.</para>
235      </listitem>
236
237      <listitem>
238	<para>The &man.mount.udf.8; utility has a bug which prevents
239	  it from mounting any UDF file system.  This has been fixed
240  	  in &os;-CURRENT and &os; &release.current;.</para>
241      </listitem>
242    </itemizedlist>
243  </sect1>
244
245  <sect1 xml:id="late-news">
246    <title>Late-Breaking News</title>
247
248    <para>No news.</para>
249  </sect1>
250</article>
251