article.xml revision 268439
1<?xml version="1.0" encoding="iso-8859-1"?> 2<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN" 3 "http://www.FreeBSD.org/XML/share/xml/freebsd50.dtd" [ 4<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN" 5 "http://www.FreeBSD.org/release/XML/release.ent"> 6%release; 7]> 8 9<article xmlns="http://docbook.org/ns/docbook" 10 xmlns:xlink="http://www.w3.org/1999/xlink" 11 version="5.0"> 12 <info> 13 <title>&os; &release.prev; Errata </title> 14 15 <author><orgname>The &os; Project</orgname></author> 16 17 <pubdate>$FreeBSD: stable/10/release/doc/en_US.ISO8859-1/errata/article.xml 268439 2014-07-08 23:07:09Z gjb $</pubdate> 18 19 <copyright> 20 <year>2014</year> 21 22 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder> 23 </copyright> 24 25 <legalnotice xml:id="trademarks" role="trademarks"> 26 &tm-attrib.freebsd; 27 &tm-attrib.intel; 28 &tm-attrib.sparc; 29 &tm-attrib.general; 30 </legalnotice> 31 32 <abstract> 33 <para>This document lists errata items for &os; &release.prev;, 34 containing significant information discovered after the release 35 or too late in the release cycle to be otherwise included in the 36 release documentation. 37 This information includes security advisories, as well as news 38 relating to the software or documentation that could affect its 39 operation or usability. An up-to-date version of this document 40 should always be consulted before installing this version of 41 &os;.</para> 42 43 <para>This errata document for &os; &release.prev; 44 will be maintained until the release of &os; &release.next;.</para> 45 </abstract> 46 </info> 47 48 <sect1 xml:id="intro"> 49 <title>Introduction</title> 50 51 <para>This errata document contains <quote>late-breaking news</quote> 52 about &os; &release.prev; 53 Before installing this version, it is important to consult this 54 document to learn about any post-release discoveries or problems 55 that may already have been found and fixed.</para> 56 57 <para>Any version of this errata document actually distributed 58 with the release (for example, on a CDROM distribution) will be 59 out of date by definition, but other copies are kept updated on 60 the Internet and should be consulted as the <quote>current 61 errata</quote> for this release. These other copies of the 62 errata are located at 63 <link xlink:href="http://www.FreeBSD.org/releases/" />, 64 plus any sites 65 which keep up-to-date mirrors of this location.</para> 66 67 <para>Source and binary snapshots of &os; &release.branch; also 68 contain up-to-date copies of this document (as of the time of 69 the snapshot).</para> 70 71 <para>For a list of all &os; CERT security advisories, see 72 <link xlink:href="http://www.FreeBSD.org/security/" /> 73 or <link xlink:href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/" />.</para> 74 </sect1> 75 76 <sect1 xml:id="security"> 77 <title>Security Advisories</title> 78 79 <informaltable frame="none" pgwide="0"> 80 <tgroup cols="3"> 81 <colspec colwidth="1*" /> 82 <colspec colwidth="1*" /> 83 <colspec colwidth="3*" /> 84 <thead> 85 <row> 86 <entry>Advisory</entry> 87 <entry>Date</entry> 88 <entry>Topic</entry> 89 </row> 90 </thead> 91 92 <tbody> 93 <row> 94 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-13:14.openssh.asc" 95 >SA-13:14.openssh</link></entry> 96 97 <entry>19 November 2013</entry> 98 99 <entry><para>OpenSSH AES-GCM memory corruption 100 vulnerability</para></entry> 101 </row> 102 103 <row> 104 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:01.bsnmpd.asc" 105 >SA-14:01.bsnmpd</link></entry> 106 107 <entry>14 January 2014</entry> 108 109 <entry><para>bsnmpd remote denial of service vulnerability</para></entry> 110 </row> 111 112 <row> 113 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:02.ntpd.asc" 114 >SA-14:02.ntpd</link></entry> 115 116 <entry>14 January 2014</entry> 117 118 <entry><para>ntpd distributed reflection Denial of Service vulnerability</para></entry> 119 </row> 120 121 <row> 122 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:03.openssl.asc" 123 >SA-14:03.openssl</link></entry> 124 125 <entry>14 January 2014</entry> 126 127 <entry><para>OpenSSL multiple vulnerabilities</para></entry> 128 </row> 129 130 <row> 131 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc" 132 >SA-14:04.bind</link></entry> 133 134 <entry>14 January 2014</entry> 135 136 <entry><para>BIND remote denial of service vulnerability</para></entry> 137 </row> 138 139 <row> 140 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc" 141 >SA-14:05.nfsserver</link></entry> 142 143 <entry>8 April 2014</entry> 144 145 <entry><para>Deadlock in the NFS server</para></entry> 146 </row> 147 148 <row> 149 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc" 150 >SA-14:06.openssl</link></entry> 151 152 <entry>8 April 2014</entry> 153 154 <entry><para>OpenSSL multiple vulnerabilities</para></entry> 155 </row> 156 157 <row> 158 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:07.devfs.asc">SA-14:07.devfs</link></entry> 159 <entry>30 April 2014</entry> 160 <entry><para>Fix devfs rules not applied by default for 161 jails</para></entry> 162 </row> 163 164 <row> 165 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc">SA-14:08.tcp</link></entry> 166 <entry>30 April 2014</entry> 167 <entry><para>Fix TCP reassembly 168 vulnerability</para></entry> 169 </row> 170 171 <row> 172 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:09.openssl.asc">SA-14:09.openssl</link></entry> 173 <entry>30 April 2014</entry> 174 <entry><para>Fix OpenSSL use-after-free 175 vulnerability</para></entry> 176 </row> 177 178 <row> 179 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:10.openssl.asc">SA-14:10.openssl</link></entry> 180 <entry>15 May 2014</entry> 181 <entry><para>Fix OpenSSL NULL pointer deference 182 vulnerability</para></entry> 183 </row> 184 185 <row> 186 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:11.sendmail.asc">SA-14:11.sendmail</link></entry> 187 <entry>3 June 2014</entry> 188 <entry><para>Fix sendmail improper close-on-exec flag 189 handling</para></entry> 190 </row> 191 192 <row> 193 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc">SA-14:13.pam</link></entry> 194 <entry>3 June 2014</entry> 195 <entry><para>Fix incorrect error handling in PAM policy 196 parser</para></entry> 197 </row> 198 199 <row> 200 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:14.openssl.asc">SA-14:14.openssl</link></entry> 201 <entry>5 June 2014</entry> 202 <entry><para>Multiple vulnerabilities</para></entry> 203 </row> 204 205 <row> 206 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:15.iconv.asc">SA-14:15.iconv</link></entry> 207 <entry>24 June 2014</entry> 208 <entry><para>NULL pointer dereference and out-of-bounds 209 array access</para></entry> 210 </row> 211 212 <row> 213 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:16.file.asc">SA-14:16.file</link></entry> 214 <entry>24 June 2014</entry> 215 <entry><para>Multiple vulnerabilities</para></entry> 216 </row> 217 218 <row> 219 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc">SA-14:17.kmem</link></entry> 220 <entry>8 July 2014</entry> 221 <entry><para>Kernel memory disclosure in control messages 222 and SCTP notifications</para></entry> 223 </row> 224 </tbody> 225 </tgroup> 226 </informaltable> 227 </sect1> 228 229 <sect1 xml:id="open-issues"> 230 <title>Open Issues</title> 231 232 <itemizedlist> 233 <listitem> 234 <para>&os;/&arch.i386; &release.prev; running as a guest 235 operating system on <application>VirtualBox</application> 236 can have a problem with disk I/O access. It depends on some 237 specific hardware configuration and does not depend on a 238 specific version of <application>VirtualBox</application> or 239 host operating system.</para> 240 241 <para>It causes various errors and makes &os; quite unstable. 242 Although the cause is still unclear, disabling unmapped I/O 243 works as a workaround. To disable it, choose <literal>Escape to 244 loader prompt</literal> in the boot menu and enter the following 245 lines from &man.loader.8; prompt, after 246 an <literal>OK</literal>:</para> 247 248 <screen>set vfs.unmapped_buf_allowed=0 249boot</screen> 250 251 <para>Note that the following line has to be added to 252 <filename>/boot/loader.conf</filename> after a boot. 253 It disables unmapped I/O at every boot:</para> 254 255 <programlisting>vfs.unmapped_buf_allowed=0</programlisting> 256 257 <para>[2014-04-03 update] It has been reported that 258 instability may be present on virtual machines running 259 on other hypervisors, such as Xen or KVM.</para> 260 </listitem> 261 262 <listitem> 263 <para>A bug in <application>Heimdal</application> (an 264 implementation of <application>Kerberos</application> 265 authentication in &os; base system) has been fixed. It 266 could cause an interoperability issue between 267 <application>Heimdal</application> and the other 268 implementations including <application>MIT 269 Kerberos</application>. However, due to this fix, 270 <application>Heimdal</application> and some applications 271 which depend on it in the previous &os; releases do not work 272 with one in &release.prev; in certain cases. Errata Notice 273 for the supported releases to fix it will be 274 released.</para> 275 </listitem> 276 277 <listitem> 278 <para>A bug in &man.killall.1; has been discovered. It 279 makes <userinput>killall -INT</userinput> to deliver 280 <literal>SIGTERM</literal> rather than the desired 281 <literal>SIGINT</literal>, and may cause blocking 282 behavior for scripts that uses it, as <literal>-I</literal> 283 means <quote>interactive</quote>. A workaround of this 284 would be to use <literal>-SIGINT</literal> instead. 285 This bug has been fixed on &os;-CURRENT and will be fixed 286 in &os; &release.current;.</para> 287 </listitem> 288 289 <listitem> 290 <para>The &man.bxe.4; driver can cause packet corruption when 291 TSO (TCP Segmentation Offload) feature is enabled. This 292 feature is enabled by default and can be disabled by using a 293 <option>-tso</option> parameter of &man.ifconfig.8;. It can 294 be specified in &man.rc.conf.5; like the following:</para> 295 296 <programlisting>ifconfig_bxe0="DHCP -tso"</programlisting> 297 298 <para>This bug has been fixed on &os; &release.current;.</para> 299 </listitem> 300 301 <listitem> 302 <para>Due to a minor incompatibility with &man.pkg.7; version 303 <literal>1.2.x</literal>, &man.bsdconfig.8; will duplicate 304 the list of available packages for installation. This is 305 due to the <literal>PACKAGESITE</literal> environment 306 variable being set for backwards compatibility with older 307 versions of &man.pkg.7;. This affects generation of the 308 available package list only, and does not affect the 309 behavior when processing packages for installation.</para> 310 </listitem> 311 312 <listitem> 313 <para>A regression in &man.pw.8; does not remove a user from 314 groups not specified in the provided group list when the 315 <literal>-G</literal> flag is used. This is expected to be 316 corrected in &os;-CURRENT and &os; &release.current;.</para> 317 </listitem> 318 319 <listitem> 320 <para>&man.ipfw.8; <literal>fwd</literal> action can send 321 packets to the correct interface with a wrong link-layer 322 address when the route is updated. This bug has been fixed 323 on &os;-CURRENT and will be fixed in &os; 324 &release.current;.</para> 325 </listitem> 326 327 <listitem> 328 <para>The &man.mount.udf.8; utility has a bug which prevents 329 it from mounting any UDF file system. This has been fixed 330 in &os;-CURRENT and &os; &release.current;.</para> 331 </listitem> 332 333 <listitem> 334 <para>Updating LSI firmware on &man.mps.4; controllers with 335 the <application>sas2flash</application> utility may cause 336 the system to hang, or may cause the sytem to panic. This 337 is fixed in the <literal>stable/10</literal> branch with 338 revisions <literal>r262553</literal> and 339 <literal>r262575</literal>, and will be included in 340 &os; 10.1-RELEASE.</para> 341 </listitem> 342 </itemizedlist> 343 </sect1> 344 345 <sect1 xml:id="late-news"> 346 <title>Late-Breaking News</title> 347 348 <para>No news.</para> 349 </sect1> 350</article> 351