article.xml revision 271687 
1<?xml version="1.0" encoding="iso-8859-1"?>
2<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN"
3  "http://www.FreeBSD.org/XML/share/xml/freebsd50.dtd" [
4<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"
5  "http://www.FreeBSD.org/release/XML/release.ent">
6%release;
7]>
8
9<article xmlns="http://docbook.org/ns/docbook"
10  xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
11
12  <info>
13    <title>&os; &release.prev; Errata </title>
14
15    <author><orgname>The &os; Project</orgname></author>
16
17    <pubdate>$FreeBSD: stable/10/release/doc/en_US.ISO8859-1/errata/article.xml 271687 2014-09-16 19:25:27Z gjb $</pubdate>
18
19    <copyright>
20      <year>2014</year>
21
22      <holder role="mailto:doc@FreeBSD.org">The &os; Documentation
23	Project</holder>
24    </copyright>
25
26    <legalnotice xml:id="trademarks" role="trademarks">
27      &tm-attrib.freebsd;
28      &tm-attrib.intel;
29      &tm-attrib.sparc;
30      &tm-attrib.general;
31    </legalnotice>
32
33    <abstract>
34      <para>This document lists errata items for &os; &release.prev;,
35	containing significant information discovered after the
36	release or too late in the release cycle to be otherwise
37	included in the release documentation.  This information
38	includes security advisories, as well as news relating to the
39	software or documentation that could affect its operation or
40	usability.  An up-to-date version of this document should
41	always be consulted before installing this version of
42	&os;.</para>
43
44      <para>This errata document for &os; &release.prev; will be
45	maintained until the release of &os; &release.next;.</para>
46    </abstract>
47  </info>
48
49  <sect1 xml:id="intro">
50    <title>Introduction</title>
51
52    <para>This errata document contains <quote>late-breaking
53	news</quote> about &os; &release.prev; Before installing this
54      version, it is important to consult this document to learn about
55      any post-release discoveries or problems that may already have
56      been found and fixed.</para>
57
58    <para>Any version of this errata document actually distributed
59      with the release (for example, on a CDROM distribution) will be
60      out of date by definition, but other copies are kept updated on
61      the Internet and should be consulted as the <quote>current
62	errata</quote> for this release.  These other copies of the
63      errata are located at <link
64	xlink:href="http://www.FreeBSD.org/releases/" />, plus any
65      sites which keep up-to-date mirrors of this location.</para>
66
67    <para>Source and binary snapshots of &os; &release.branch; also
68      contain up-to-date copies of this document (as of the time of
69      the snapshot).</para>
70
71    <para>For a list of all &os; CERT security advisories, see <link
72	xlink:href="http://www.FreeBSD.org/security/"/> or <link
73      xlink:href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"/>.</para>
74  </sect1>
75
76  <sect1 xml:id="security">
77    <title>Security Advisories</title>
78
79    <informaltable frame="none" pgwide="0">
80      <tgroup cols="3">
81	<colspec colwidth="1*" />
82	<colspec colwidth="1*" />
83	<colspec colwidth="3*" />
84	<thead>
85	  <row>
86	    <entry>Advisory</entry>
87	    <entry>Date</entry>
88	    <entry>Topic</entry>
89	  </row>
90	</thead>
91
92	<tbody>
93	  <row>
94	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-13:14.openssh.asc"
95	      >SA-13:14.openssh</link></entry>
96
97	    <entry>19&nbsp;November&nbsp;2013</entry>
98
99	    <entry><para>OpenSSH AES-GCM memory corruption
100		vulnerability</para></entry>
101	  </row>
102
103	  <row>
104	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:01.bsnmpd.asc"
105	      >SA-14:01.bsnmpd</link></entry>
106
107	    <entry>14&nbsp;January&nbsp;2014</entry>
108
109	    <entry><para>bsnmpd remote denial of service vulnerability</para></entry>
110	  </row>
111
112	  <row>
113	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:02.ntpd.asc"
114	      >SA-14:02.ntpd</link></entry>
115
116	    <entry>14&nbsp;January&nbsp;2014</entry>
117
118	    <entry><para>ntpd distributed reflection Denial of Service vulnerability</para></entry>
119	  </row>
120
121	  <row>
122	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:03.openssl.asc"
123	      >SA-14:03.openssl</link></entry>
124
125	    <entry>14&nbsp;January&nbsp;2014</entry>
126
127	    <entry><para>OpenSSL multiple vulnerabilities</para></entry>
128	  </row>
129
130	  <row>
131	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc"
132	      >SA-14:04.bind</link></entry>
133
134	    <entry>14&nbsp;January&nbsp;2014</entry>
135
136	    <entry><para>BIND remote denial of service vulnerability</para></entry>
137	  </row>
138
139	  <row>
140	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc"
141	      >SA-14:05.nfsserver</link></entry>
142
143	    <entry>8&nbsp;April&nbsp;2014</entry>
144
145	    <entry><para>Deadlock in the NFS server</para></entry>
146	  </row>
147
148	  <row>
149	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc"
150	      >SA-14:06.openssl</link></entry>
151
152	    <entry>8&nbsp;April&nbsp;2014</entry>
153
154	    <entry><para>OpenSSL multiple vulnerabilities</para></entry>
155	  </row>
156
157	  <row>
158	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:07.devfs.asc">SA-14:07.devfs</link></entry>
159	    <entry>30&nbsp;April&nbsp;2014</entry>
160	    <entry><para>Fix devfs rules not applied by default for
161		jails</para></entry>
162	  </row>
163
164	  <row>
165	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc">SA-14:08.tcp</link></entry>
166	    <entry>30&nbsp;April&nbsp;2014</entry>
167	    <entry><para>Fix TCP reassembly
168		vulnerability</para></entry>
169	  </row>
170
171	  <row>
172	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:09.openssl.asc">SA-14:09.openssl</link></entry>
173	    <entry>30&nbsp;April&nbsp;2014</entry>
174	    <entry><para>Fix OpenSSL use-after-free
175		vulnerability</para></entry>
176	  </row>
177
178	  <row>
179	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:10.openssl.asc">SA-14:10.openssl</link></entry>
180	    <entry>15&nbsp;May&nbsp;2014</entry>
181	    <entry><para>Fix OpenSSL NULL pointer deference
182		vulnerability</para></entry>
183	  </row>
184
185	  <row>
186	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:11.sendmail.asc">SA-14:11.sendmail</link></entry>
187	    <entry>3&nbsp;June&nbsp;2014</entry>
188	    <entry><para>Fix sendmail improper close-on-exec flag
189		handling</para></entry>
190	  </row>
191
192	  <row>
193	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc">SA-14:13.pam</link></entry>
194	    <entry>3&nbsp;June&nbsp;2014</entry>
195	    <entry><para>Fix incorrect error handling in PAM policy
196		parser</para></entry>
197	  </row>
198
199	  <row>
200	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:14.openssl.asc">SA-14:14.openssl</link></entry>
201	    <entry>5&nbsp;June&nbsp;2014</entry>
202	    <entry><para>Multiple vulnerabilities</para></entry>
203	  </row>
204
205	  <row>
206	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:15.iconv.asc">SA-14:15.iconv</link></entry>
207	    <entry>24&nbsp;June&nbsp;2014</entry>
208	    <entry><para>NULL pointer dereference and out-of-bounds
209		array access</para></entry>
210	  </row>
211
212	  <row>
213	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:16.file.asc">SA-14:16.file</link></entry>
214	    <entry>24&nbsp;June&nbsp;2014</entry>
215	    <entry><para>Multiple vulnerabilities</para></entry>
216	  </row>
217
218	  <row>
219	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc">SA-14:17.kmem</link></entry>
220	    <entry>8&nbsp;July&nbsp;2014</entry>
221	    <entry><para>Kernel memory disclosure in control messages
222		and SCTP notifications</para></entry>
223	  </row>
224
225	  <row>
226	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc">SA-14:18.openssl</link></entry>
227	    <entry>9&nbsp;September&nbsp;2014</entry>
228	    <entry><para>Multiple vulnerabilities</para></entry>
229	  </row>
230
231	  <row>
232	    <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc">SA-14:19.tcp</link></entry>
233	    <entry>16&nbsp;September&nbsp;2014</entry>
234	    <entry><para>Denial of Service in TCP packet
235		processing.</para></entry>
236	  </row>
237	</tbody>
238      </tgroup>
239    </informaltable>
240  </sect1>
241
242  <sect1 xml:id="open-issues">
243    <title>Open Issues</title>
244
245    <itemizedlist>
246      <listitem>
247	<para>&os;/&arch.i386; &release.prev; running as a guest
248	  operating system on <application>VirtualBox</application>
249	  can have a problem with disk I/O access.  It depends on some
250	  specific hardware configuration and does not depend on a
251	  specific version of <application>VirtualBox</application> or
252	  host operating system.</para>
253
254	<para>It causes various errors and makes &os; quite unstable.
255	  Although the cause is still unclear, disabling unmapped I/O
256	  works as a workaround.  To disable it, choose
257	  <literal>Escape to loader prompt</literal> in the boot menu
258	  and enter the following lines from &man.loader.8; prompt,
259	  after an <literal>OK</literal>:</para>
260
261	<screen>set vfs.unmapped_buf_allowed=0
262boot</screen>
263
264	<para>Note that the following line has to be added to
265	  <filename>/boot/loader.conf</filename> after a boot.  It
266	  disables unmapped I/O at every boot:</para>
267
268	<programlisting>vfs.unmapped_buf_allowed=0</programlisting>
269
270	<para>[2014-04-03 update]  It has been reported that
271	  instability may be present on virtual machines running
272	  on other hypervisors, such as Xen or KVM.</para>
273      </listitem>
274
275      <listitem>
276	<para>A bug in <application>Heimdal</application> (an
277	  implementation of <application>Kerberos</application>
278	  authentication in &os; base system) has been fixed.  It
279	  could cause an interoperability issue between
280	  <application>Heimdal</application> and the other
281	  implementations including <application>MIT
282	  Kerberos</application>.  However, due to this fix,
283	  <application>Heimdal</application> and some applications
284	  which depend on it in the previous &os; releases do not work
285	  with one in &release.prev; in certain cases.  Errata Notice
286	  for the supported releases to fix it will be
287	  released.</para>
288      </listitem>
289
290      <listitem>
291	<para>A bug in &man.killall.1; has been discovered.  It
292	  makes <userinput>killall -INT</userinput> to deliver
293	  <literal>SIGTERM</literal> rather than the desired
294	  <literal>SIGINT</literal>, and may cause blocking
295	  behavior for scripts that uses it, as <literal>-I</literal>
296	  means <quote>interactive</quote>.  A workaround of this
297	  would be to use <literal>-SIGINT</literal> instead.
298	  This bug has been fixed on &os;-CURRENT and will be fixed
299	  in &os; &release.current;.</para>
300      </listitem>
301
302      <listitem>
303	<para>The &man.bxe.4; driver can cause packet corruption when
304	  TSO (TCP Segmentation Offload) feature is enabled.  This
305	  feature is enabled by default and can be disabled by using a
306	  <option>-tso</option> parameter of &man.ifconfig.8;.  It can
307	  be specified in &man.rc.conf.5; like the following:</para>
308
309	<programlisting>ifconfig_bxe0="DHCP -tso"</programlisting>
310
311	<para>This bug has been fixed on &os;
312	  &release.current;.</para>
313      </listitem>
314
315      <listitem>
316	<para>Due to a minor incompatibility with &man.pkg.7; version
317	  <literal>1.2.x</literal>, &man.bsdconfig.8; will duplicate
318	  the list of available packages for installation.  This is
319	  due to the <literal>PACKAGESITE</literal> environment
320	  variable being set for backwards compatibility with older
321	  versions of &man.pkg.7;.  This affects generation of the
322	  available package list only, and does not affect the
323	  behavior when processing packages for installation.</para>
324      </listitem>
325
326      <listitem>
327	<para>A regression in &man.pw.8; does not remove a user from
328	  groups not specified in the provided group list when the
329	  <literal>-G</literal> flag is used.  This is expected to be
330	  corrected in &os;-CURRENT and &os; &release.current;.</para>
331      </listitem>
332
333      <listitem>
334	<para>&man.ipfw.8; <literal>fwd</literal> action can send
335	  packets to the correct interface with a wrong link-layer
336	  address when the route is updated.  This bug has been fixed
337	  on &os;-CURRENT and will be fixed in &os;
338	  &release.current;.</para>
339      </listitem>
340
341      <listitem>
342	<para>The &man.mount.udf.8; utility has a bug which prevents
343	  it from mounting any UDF file system.  This has been fixed
344	  in &os;-CURRENT and &os; &release.current;.</para>
345      </listitem>
346
347      <listitem>
348	<para>Updating LSI firmware on &man.mps.4; controllers with
349	  the <application>sas2flash</application> utility may cause
350	  the system to hang, or may cause the system to panic.  This
351	  is fixed in the <literal>stable/10</literal> branch with
352	  revisions <literal>r262553</literal> and
353	  <literal>r262575</literal>, and will be included in
354	  &os;&nbsp;10.1-RELEASE.</para>
355      </listitem>
356    </itemizedlist>
357  </sect1>
358
359  <sect1 xml:id="late-news">
360    <title>Late-Breaking News</title>
361
362    <para>No news.</para>
363  </sect1>
364</article>
365