article.xml revision 271687
1<?xml version="1.0" encoding="iso-8859-1"?> 2<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN" 3 "http://www.FreeBSD.org/XML/share/xml/freebsd50.dtd" [ 4<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN" 5 "http://www.FreeBSD.org/release/XML/release.ent"> 6%release; 7]> 8 9<article xmlns="http://docbook.org/ns/docbook" 10 xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"> 11 12 <info> 13 <title>&os; &release.prev; Errata </title> 14 15 <author><orgname>The &os; Project</orgname></author> 16 17 <pubdate>$FreeBSD: stable/10/release/doc/en_US.ISO8859-1/errata/article.xml 271687 2014-09-16 19:25:27Z gjb $</pubdate> 18 19 <copyright> 20 <year>2014</year> 21 22 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation 23 Project</holder> 24 </copyright> 25 26 <legalnotice xml:id="trademarks" role="trademarks"> 27 &tm-attrib.freebsd; 28 &tm-attrib.intel; 29 &tm-attrib.sparc; 30 &tm-attrib.general; 31 </legalnotice> 32 33 <abstract> 34 <para>This document lists errata items for &os; &release.prev;, 35 containing significant information discovered after the 36 release or too late in the release cycle to be otherwise 37 included in the release documentation. This information 38 includes security advisories, as well as news relating to the 39 software or documentation that could affect its operation or 40 usability. An up-to-date version of this document should 41 always be consulted before installing this version of 42 &os;.</para> 43 44 <para>This errata document for &os; &release.prev; will be 45 maintained until the release of &os; &release.next;.</para> 46 </abstract> 47 </info> 48 49 <sect1 xml:id="intro"> 50 <title>Introduction</title> 51 52 <para>This errata document contains <quote>late-breaking 53 news</quote> about &os; &release.prev; Before installing this 54 version, it is important to consult this document to learn about 55 any post-release discoveries or problems that may already have 56 been found and fixed.</para> 57 58 <para>Any version of this errata document actually distributed 59 with the release (for example, on a CDROM distribution) will be 60 out of date by definition, but other copies are kept updated on 61 the Internet and should be consulted as the <quote>current 62 errata</quote> for this release. These other copies of the 63 errata are located at <link 64 xlink:href="http://www.FreeBSD.org/releases/" />, plus any 65 sites which keep up-to-date mirrors of this location.</para> 66 67 <para>Source and binary snapshots of &os; &release.branch; also 68 contain up-to-date copies of this document (as of the time of 69 the snapshot).</para> 70 71 <para>For a list of all &os; CERT security advisories, see <link 72 xlink:href="http://www.FreeBSD.org/security/"/> or <link 73 xlink:href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"/>.</para> 74 </sect1> 75 76 <sect1 xml:id="security"> 77 <title>Security Advisories</title> 78 79 <informaltable frame="none" pgwide="0"> 80 <tgroup cols="3"> 81 <colspec colwidth="1*" /> 82 <colspec colwidth="1*" /> 83 <colspec colwidth="3*" /> 84 <thead> 85 <row> 86 <entry>Advisory</entry> 87 <entry>Date</entry> 88 <entry>Topic</entry> 89 </row> 90 </thead> 91 92 <tbody> 93 <row> 94 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-13:14.openssh.asc" 95 >SA-13:14.openssh</link></entry> 96 97 <entry>19 November 2013</entry> 98 99 <entry><para>OpenSSH AES-GCM memory corruption 100 vulnerability</para></entry> 101 </row> 102 103 <row> 104 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:01.bsnmpd.asc" 105 >SA-14:01.bsnmpd</link></entry> 106 107 <entry>14 January 2014</entry> 108 109 <entry><para>bsnmpd remote denial of service vulnerability</para></entry> 110 </row> 111 112 <row> 113 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:02.ntpd.asc" 114 >SA-14:02.ntpd</link></entry> 115 116 <entry>14 January 2014</entry> 117 118 <entry><para>ntpd distributed reflection Denial of Service vulnerability</para></entry> 119 </row> 120 121 <row> 122 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:03.openssl.asc" 123 >SA-14:03.openssl</link></entry> 124 125 <entry>14 January 2014</entry> 126 127 <entry><para>OpenSSL multiple vulnerabilities</para></entry> 128 </row> 129 130 <row> 131 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc" 132 >SA-14:04.bind</link></entry> 133 134 <entry>14 January 2014</entry> 135 136 <entry><para>BIND remote denial of service vulnerability</para></entry> 137 </row> 138 139 <row> 140 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc" 141 >SA-14:05.nfsserver</link></entry> 142 143 <entry>8 April 2014</entry> 144 145 <entry><para>Deadlock in the NFS server</para></entry> 146 </row> 147 148 <row> 149 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc" 150 >SA-14:06.openssl</link></entry> 151 152 <entry>8 April 2014</entry> 153 154 <entry><para>OpenSSL multiple vulnerabilities</para></entry> 155 </row> 156 157 <row> 158 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:07.devfs.asc">SA-14:07.devfs</link></entry> 159 <entry>30 April 2014</entry> 160 <entry><para>Fix devfs rules not applied by default for 161 jails</para></entry> 162 </row> 163 164 <row> 165 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc">SA-14:08.tcp</link></entry> 166 <entry>30 April 2014</entry> 167 <entry><para>Fix TCP reassembly 168 vulnerability</para></entry> 169 </row> 170 171 <row> 172 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:09.openssl.asc">SA-14:09.openssl</link></entry> 173 <entry>30 April 2014</entry> 174 <entry><para>Fix OpenSSL use-after-free 175 vulnerability</para></entry> 176 </row> 177 178 <row> 179 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:10.openssl.asc">SA-14:10.openssl</link></entry> 180 <entry>15 May 2014</entry> 181 <entry><para>Fix OpenSSL NULL pointer deference 182 vulnerability</para></entry> 183 </row> 184 185 <row> 186 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:11.sendmail.asc">SA-14:11.sendmail</link></entry> 187 <entry>3 June 2014</entry> 188 <entry><para>Fix sendmail improper close-on-exec flag 189 handling</para></entry> 190 </row> 191 192 <row> 193 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc">SA-14:13.pam</link></entry> 194 <entry>3 June 2014</entry> 195 <entry><para>Fix incorrect error handling in PAM policy 196 parser</para></entry> 197 </row> 198 199 <row> 200 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:14.openssl.asc">SA-14:14.openssl</link></entry> 201 <entry>5 June 2014</entry> 202 <entry><para>Multiple vulnerabilities</para></entry> 203 </row> 204 205 <row> 206 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:15.iconv.asc">SA-14:15.iconv</link></entry> 207 <entry>24 June 2014</entry> 208 <entry><para>NULL pointer dereference and out-of-bounds 209 array access</para></entry> 210 </row> 211 212 <row> 213 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:16.file.asc">SA-14:16.file</link></entry> 214 <entry>24 June 2014</entry> 215 <entry><para>Multiple vulnerabilities</para></entry> 216 </row> 217 218 <row> 219 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc">SA-14:17.kmem</link></entry> 220 <entry>8 July 2014</entry> 221 <entry><para>Kernel memory disclosure in control messages 222 and SCTP notifications</para></entry> 223 </row> 224 225 <row> 226 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc">SA-14:18.openssl</link></entry> 227 <entry>9 September 2014</entry> 228 <entry><para>Multiple vulnerabilities</para></entry> 229 </row> 230 231 <row> 232 <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc">SA-14:19.tcp</link></entry> 233 <entry>16 September 2014</entry> 234 <entry><para>Denial of Service in TCP packet 235 processing.</para></entry> 236 </row> 237 </tbody> 238 </tgroup> 239 </informaltable> 240 </sect1> 241 242 <sect1 xml:id="open-issues"> 243 <title>Open Issues</title> 244 245 <itemizedlist> 246 <listitem> 247 <para>&os;/&arch.i386; &release.prev; running as a guest 248 operating system on <application>VirtualBox</application> 249 can have a problem with disk I/O access. It depends on some 250 specific hardware configuration and does not depend on a 251 specific version of <application>VirtualBox</application> or 252 host operating system.</para> 253 254 <para>It causes various errors and makes &os; quite unstable. 255 Although the cause is still unclear, disabling unmapped I/O 256 works as a workaround. To disable it, choose 257 <literal>Escape to loader prompt</literal> in the boot menu 258 and enter the following lines from &man.loader.8; prompt, 259 after an <literal>OK</literal>:</para> 260 261 <screen>set vfs.unmapped_buf_allowed=0 262boot</screen> 263 264 <para>Note that the following line has to be added to 265 <filename>/boot/loader.conf</filename> after a boot. It 266 disables unmapped I/O at every boot:</para> 267 268 <programlisting>vfs.unmapped_buf_allowed=0</programlisting> 269 270 <para>[2014-04-03 update] It has been reported that 271 instability may be present on virtual machines running 272 on other hypervisors, such as Xen or KVM.</para> 273 </listitem> 274 275 <listitem> 276 <para>A bug in <application>Heimdal</application> (an 277 implementation of <application>Kerberos</application> 278 authentication in &os; base system) has been fixed. It 279 could cause an interoperability issue between 280 <application>Heimdal</application> and the other 281 implementations including <application>MIT 282 Kerberos</application>. However, due to this fix, 283 <application>Heimdal</application> and some applications 284 which depend on it in the previous &os; releases do not work 285 with one in &release.prev; in certain cases. Errata Notice 286 for the supported releases to fix it will be 287 released.</para> 288 </listitem> 289 290 <listitem> 291 <para>A bug in &man.killall.1; has been discovered. It 292 makes <userinput>killall -INT</userinput> to deliver 293 <literal>SIGTERM</literal> rather than the desired 294 <literal>SIGINT</literal>, and may cause blocking 295 behavior for scripts that uses it, as <literal>-I</literal> 296 means <quote>interactive</quote>. A workaround of this 297 would be to use <literal>-SIGINT</literal> instead. 298 This bug has been fixed on &os;-CURRENT and will be fixed 299 in &os; &release.current;.</para> 300 </listitem> 301 302 <listitem> 303 <para>The &man.bxe.4; driver can cause packet corruption when 304 TSO (TCP Segmentation Offload) feature is enabled. This 305 feature is enabled by default and can be disabled by using a 306 <option>-tso</option> parameter of &man.ifconfig.8;. It can 307 be specified in &man.rc.conf.5; like the following:</para> 308 309 <programlisting>ifconfig_bxe0="DHCP -tso"</programlisting> 310 311 <para>This bug has been fixed on &os; 312 &release.current;.</para> 313 </listitem> 314 315 <listitem> 316 <para>Due to a minor incompatibility with &man.pkg.7; version 317 <literal>1.2.x</literal>, &man.bsdconfig.8; will duplicate 318 the list of available packages for installation. This is 319 due to the <literal>PACKAGESITE</literal> environment 320 variable being set for backwards compatibility with older 321 versions of &man.pkg.7;. This affects generation of the 322 available package list only, and does not affect the 323 behavior when processing packages for installation.</para> 324 </listitem> 325 326 <listitem> 327 <para>A regression in &man.pw.8; does not remove a user from 328 groups not specified in the provided group list when the 329 <literal>-G</literal> flag is used. This is expected to be 330 corrected in &os;-CURRENT and &os; &release.current;.</para> 331 </listitem> 332 333 <listitem> 334 <para>&man.ipfw.8; <literal>fwd</literal> action can send 335 packets to the correct interface with a wrong link-layer 336 address when the route is updated. This bug has been fixed 337 on &os;-CURRENT and will be fixed in &os; 338 &release.current;.</para> 339 </listitem> 340 341 <listitem> 342 <para>The &man.mount.udf.8; utility has a bug which prevents 343 it from mounting any UDF file system. This has been fixed 344 in &os;-CURRENT and &os; &release.current;.</para> 345 </listitem> 346 347 <listitem> 348 <para>Updating LSI firmware on &man.mps.4; controllers with 349 the <application>sas2flash</application> utility may cause 350 the system to hang, or may cause the system to panic. This 351 is fixed in the <literal>stable/10</literal> branch with 352 revisions <literal>r262553</literal> and 353 <literal>r262575</literal>, and will be included in 354 &os; 10.1-RELEASE.</para> 355 </listitem> 356 </itemizedlist> 357 </sect1> 358 359 <sect1 xml:id="late-news"> 360 <title>Late-Breaking News</title> 361 362 <para>No news.</para> 363 </sect1> 364</article> 365