article.xml revision 268439 
1<?xml version="1.0" encoding="iso-8859-1"?>
2<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN"
3        "http://www.FreeBSD.org/XML/share/xml/freebsd50.dtd" [
4<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"
5        "http://www.FreeBSD.org/release/XML/release.ent">
6%release;
7]>
8
9<article xmlns="http://docbook.org/ns/docbook"
10	 xmlns:xlink="http://www.w3.org/1999/xlink"
11	 version="5.0">
12  <info>
13    <title>&os; &release.prev; Errata </title>
14
15    <author><orgname>The &os; Project</orgname></author>
16
17    <pubdate>$FreeBSD: stable/10/release/doc/en_US.ISO8859-1/errata/article.xml 268439 2014-07-08 23:07:09Z gjb $</pubdate>
18
19    <copyright>
20      <year>2014</year>
21
22      <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
23    </copyright>
24
25    <legalnotice xml:id="trademarks" role="trademarks">
26      &tm-attrib.freebsd;
27      &tm-attrib.intel;
28      &tm-attrib.sparc;
29      &tm-attrib.general;
30    </legalnotice>
31
32    <abstract>
33      <para>This document lists errata items for &os; &release.prev;,
34	containing significant information discovered after the release
35	or too late in the release cycle to be otherwise included in the
36	release documentation.
37	This information includes security advisories, as well as news
38	relating to the software or documentation that could affect its
39	operation or usability.  An up-to-date version of this document
40	should always be consulted before installing this version of
41	&os;.</para>
42
43      <para>This errata document for &os; &release.prev;
44	will be maintained until the release of &os; &release.next;.</para>
45    </abstract>
46  </info>
47
48  <sect1 xml:id="intro">
49    <title>Introduction</title>
50
51    <para>This errata document contains <quote>late-breaking news</quote>
52      about &os; &release.prev;
53      Before installing this version, it is important to consult this
54      document to learn about any post-release discoveries or problems
55      that may already have been found and fixed.</para>
56
57    <para>Any version of this errata document actually distributed
58      with the release (for example, on a CDROM distribution) will be
59      out of date by definition, but other copies are kept updated on
60      the Internet and should be consulted as the <quote>current
61      errata</quote> for this release.  These other copies of the
62      errata are located at
63      <link xlink:href="http://www.FreeBSD.org/releases/" />,
64      plus any sites
65      which keep up-to-date mirrors of this location.</para>
66
67    <para>Source and binary snapshots of &os; &release.branch; also
68      contain up-to-date copies of this document (as of the time of
69      the snapshot).</para>
70
71    <para>For a list of all &os; CERT security advisories, see
72      <link xlink:href="http://www.FreeBSD.org/security/" />
73      or <link xlink:href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/" />.</para>
74  </sect1>
75
76  <sect1 xml:id="security">
77    <title>Security Advisories</title>
78
79    <informaltable frame="none" pgwide="0">
80      <tgroup cols="3">
81	<colspec colwidth="1*" />
82	<colspec colwidth="1*" />
83	<colspec colwidth="3*" />
84	<thead>
85	  <row>
86	    <entry>Advisory</entry>
87	    <entry>Date</entry>
88	    <entry>Topic</entry>
89	  </row>
90	</thead>
91
92	<tbody>
93	  <row>
94	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-13:14.openssh.asc"
95	      >SA-13:14.openssh</link></entry>
96
97	    <entry>19&nbsp;November&nbsp;2013</entry>
98
99	    <entry><para>OpenSSH AES-GCM memory corruption
100		vulnerability</para></entry>
101	  </row>
102
103	  <row>
104	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:01.bsnmpd.asc"
105	      >SA-14:01.bsnmpd</link></entry>
106
107	    <entry>14&nbsp;January&nbsp;2014</entry>
108
109	    <entry><para>bsnmpd remote denial of service vulnerability</para></entry>
110	  </row>
111
112	  <row>
113	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:02.ntpd.asc"
114	      >SA-14:02.ntpd</link></entry>
115
116	    <entry>14&nbsp;January&nbsp;2014</entry>
117
118	    <entry><para>ntpd distributed reflection Denial of Service vulnerability</para></entry>
119	  </row>
120
121	  <row>
122	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:03.openssl.asc"
123	      >SA-14:03.openssl</link></entry>
124
125	    <entry>14&nbsp;January&nbsp;2014</entry>
126
127	    <entry><para>OpenSSL multiple vulnerabilities</para></entry>
128	  </row>
129
130	  <row>
131	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc"
132	      >SA-14:04.bind</link></entry>
133
134	    <entry>14&nbsp;January&nbsp;2014</entry>
135
136	    <entry><para>BIND remote denial of service vulnerability</para></entry>
137	  </row>
138
139	  <row>
140	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc"
141	      >SA-14:05.nfsserver</link></entry>
142
143	    <entry>8&nbsp;April&nbsp;2014</entry>
144
145	    <entry><para>Deadlock in the NFS server</para></entry>
146	  </row>
147
148	  <row>
149	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc"
150	      >SA-14:06.openssl</link></entry>
151
152	    <entry>8&nbsp;April&nbsp;2014</entry>
153
154	    <entry><para>OpenSSL multiple vulnerabilities</para></entry>
155	  </row>
156
157	  <row>
158	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:07.devfs.asc">SA-14:07.devfs</link></entry>
159	    <entry>30&nbsp;April&nbsp;2014</entry>
160	    <entry><para>Fix devfs rules not applied by default for
161		jails</para></entry>
162	  </row>
163
164	  <row>
165	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc">SA-14:08.tcp</link></entry>
166	    <entry>30&nbsp;April&nbsp;2014</entry>
167	    <entry><para>Fix TCP reassembly
168		vulnerability</para></entry>
169	  </row>
170
171	  <row>
172	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:09.openssl.asc">SA-14:09.openssl</link></entry>
173	    <entry>30&nbsp;April&nbsp;2014</entry>
174	    <entry><para>Fix OpenSSL use-after-free
175		vulnerability</para></entry>
176	  </row>
177
178	  <row>
179	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:10.openssl.asc">SA-14:10.openssl</link></entry>
180	    <entry>15&nbsp;May&nbsp;2014</entry>
181	    <entry><para>Fix OpenSSL NULL pointer deference
182		vulnerability</para></entry>
183	  </row>
184
185	  <row>
186	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:11.sendmail.asc">SA-14:11.sendmail</link></entry>
187	    <entry>3&nbsp;June&nbsp;2014</entry>
188	    <entry><para>Fix sendmail improper close-on-exec flag
189		handling</para></entry>
190	  </row>
191
192	  <row>
193	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc">SA-14:13.pam</link></entry>
194	    <entry>3&nbsp;June&nbsp;2014</entry>
195	    <entry><para>Fix incorrect error handling in PAM policy
196		parser</para></entry>
197	  </row>
198
199	  <row>
200	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:14.openssl.asc">SA-14:14.openssl</link></entry>
201	    <entry>5&nbsp;June&nbsp;2014</entry>
202	    <entry><para>Multiple vulnerabilities</para></entry>
203	  </row>
204
205	  <row>
206	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:15.iconv.asc">SA-14:15.iconv</link></entry>
207	    <entry>24&nbsp;June&nbsp;2014</entry>
208	    <entry><para>NULL pointer dereference and out-of-bounds
209		array access</para></entry>
210	  </row>
211
212	  <row>
213	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:16.file.asc">SA-14:16.file</link></entry>
214	    <entry>24&nbsp;June&nbsp;2014</entry>
215	    <entry><para>Multiple vulnerabilities</para></entry>
216	  </row>
217
218	  <row>
219	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc">SA-14:17.kmem</link></entry>
220	    <entry>8&nbsp;July&nbsp;2014</entry>
221	    <entry><para>Kernel memory disclosure in control messages
222		and SCTP notifications</para></entry>
223	  </row>
224	</tbody>
225      </tgroup>
226    </informaltable>
227  </sect1>
228
229  <sect1 xml:id="open-issues">
230    <title>Open Issues</title>
231
232    <itemizedlist>
233      <listitem>
234	<para>&os;/&arch.i386; &release.prev; running as a guest
235	  operating system on <application>VirtualBox</application>
236	  can have a problem with disk I/O access.  It depends on some
237	  specific hardware configuration and does not depend on a
238	  specific version of <application>VirtualBox</application> or
239	  host operating system.</para>
240
241	<para>It causes various errors and makes &os; quite unstable.
242	  Although the cause is still unclear, disabling unmapped I/O
243	  works as a workaround.  To disable it, choose <literal>Escape to
244	    loader prompt</literal> in the boot menu and enter the following
245	  lines from &man.loader.8; prompt, after
246	  an <literal>OK</literal>:</para>
247
248	<screen>set vfs.unmapped_buf_allowed=0
249boot</screen>
250
251	<para>Note that the following line has to be added to
252	  <filename>/boot/loader.conf</filename> after a boot.
253          It disables unmapped I/O at every boot:</para>
254
255	<programlisting>vfs.unmapped_buf_allowed=0</programlisting>
256
257	<para>[2014-04-03 update]  It has been reported that
258	  instability may be present on virtual machines running
259	  on other hypervisors, such as Xen or KVM.</para>
260      </listitem>
261
262      <listitem>
263	<para>A bug in <application>Heimdal</application> (an
264	  implementation of <application>Kerberos</application>
265	  authentication in &os; base system) has been fixed.  It
266	  could cause an interoperability issue between
267	  <application>Heimdal</application> and the other
268	  implementations including <application>MIT
269	  Kerberos</application>.  However, due to this fix,
270	  <application>Heimdal</application> and some applications
271	  which depend on it in the previous &os; releases do not work
272	  with one in &release.prev; in certain cases.  Errata Notice
273	  for the supported releases to fix it will be
274	  released.</para>
275      </listitem>
276
277      <listitem>
278	<para>A bug in &man.killall.1; has been discovered.  It
279	  makes <userinput>killall -INT</userinput> to deliver
280	  <literal>SIGTERM</literal> rather than the desired
281	  <literal>SIGINT</literal>, and may cause blocking
282	  behavior for scripts that uses it, as <literal>-I</literal>
283	  means <quote>interactive</quote>.  A workaround of this
284	  would be to use <literal>-SIGINT</literal> instead.
285	  This bug has been fixed on &os;-CURRENT and will be fixed
286	  in &os; &release.current;.</para>
287      </listitem>
288
289      <listitem>
290	<para>The &man.bxe.4; driver can cause packet corruption when
291	  TSO (TCP Segmentation Offload) feature is enabled.  This
292	  feature is enabled by default and can be disabled by using a
293	  <option>-tso</option> parameter of &man.ifconfig.8;.  It can
294	  be specified in &man.rc.conf.5; like the following:</para>
295
296	<programlisting>ifconfig_bxe0="DHCP -tso"</programlisting>
297
298	<para>This bug has been fixed on &os; &release.current;.</para>
299      </listitem>
300
301      <listitem>
302	<para>Due to a minor incompatibility with &man.pkg.7; version
303	  <literal>1.2.x</literal>, &man.bsdconfig.8; will duplicate
304	  the list of available packages for installation.  This is
305	  due to the <literal>PACKAGESITE</literal> environment
306	  variable being set for backwards compatibility with older
307	  versions of &man.pkg.7;.  This affects generation of the
308	  available package list only, and does not affect the
309	  behavior when processing packages for installation.</para>
310      </listitem>
311
312      <listitem>
313	<para>A regression in &man.pw.8; does not remove a user from
314	  groups not specified in the provided group list when the
315	  <literal>-G</literal> flag is used.  This is expected to be
316	  corrected in &os;-CURRENT and &os; &release.current;.</para>
317      </listitem>
318
319      <listitem>
320	<para>&man.ipfw.8; <literal>fwd</literal> action can send
321	  packets to the correct interface with a wrong link-layer
322	  address when the route is updated.  This bug has been fixed
323	  on &os;-CURRENT and will be fixed in &os;
324	  &release.current;.</para>
325      </listitem>
326
327      <listitem>
328	<para>The &man.mount.udf.8; utility has a bug which prevents
329	  it from mounting any UDF file system.  This has been fixed
330  	  in &os;-CURRENT and &os; &release.current;.</para>
331      </listitem>
332
333      <listitem>
334	<para>Updating LSI firmware on &man.mps.4; controllers with
335	  the <application>sas2flash</application> utility may cause
336	  the system to hang, or may cause the sytem to panic.  This
337	  is fixed in the <literal>stable/10</literal> branch with
338	  revisions <literal>r262553</literal> and
339	  <literal>r262575</literal>, and will be included in
340	  &os;&nbsp;10.1-RELEASE.</para>
341      </listitem>
342    </itemizedlist>
343  </sect1>
344
345  <sect1 xml:id="late-news">
346    <title>Late-Breaking News</title>
347
348    <para>No news.</para>
349  </sect1>
350</article>
351