diff --git a/en/releases/4.7R/errata.html b/en/releases/4.7R/errata.html index 7ec0f3c283..4e64305d75 100644 --- a/en/releases/4.7R/errata.html +++ b/en/releases/4.7R/errata.html @@ -23,7 +23,7 @@ <p class="PUBDATE">$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v - 1.1.2.95 2003/02/24 17:52:10 bmah Exp $<br /> + 1.1.2.96 2003/03/03 18:29:03 bmah Exp $<br /> </p> <hr /> </div> @@ -94,7 +94,7 @@ target="_top">FreeBSD-SA-02:40</a>.</p> <p>Errors in <a - href="http://www.FreeBSD.org/cgi/man.cgi?query=smrsh&sektion=8&manpath=FreeBSD+4.7-stable"> + href="http://www.FreeBSD.org/cgi/man.cgi?query=smrsh&sektion=8&manpath=FreeBSD+4.7-stable"> <span class="CITEREFENTRY"><span class="REFENTRYTITLE">smrsh</span>(8)</span></a>, which could allow users to circumvent restrictions on what @@ -106,7 +106,7 @@ notes.</p> <p>Buffer overflows in the DNS <a - href="http://www.FreeBSD.org/cgi/man.cgi?query=resolver&sektion=3&manpath=FreeBSD+4.7-stable"> + href="http://www.FreeBSD.org/cgi/man.cgi?query=resolver&sektion=3&manpath=FreeBSD+4.7-stable"> <span class="CITEREFENTRY"><span class="REFENTRYTITLE">resolver</span>(3)</span></a>, which could cause some applications to fail, have been corrected. @@ -125,7 +125,7 @@ target="_top">FreeBSD-SA-02:43</a>.</p> <p>A file descriptor leak in the <a - href="http://www.FreeBSD.org/cgi/man.cgi?query=fpathconf&sektion=2&manpath=FreeBSD+4.7-stable"> + href="http://www.FreeBSD.org/cgi/man.cgi?query=fpathconf&sektion=2&manpath=FreeBSD+4.7-stable"> <span class="CITEREFENTRY"><span class="REFENTRYTITLE">fpathconf</span>(2)</span></a> system call, can allow a local user to crash the system or cause a @@ -145,7 +145,7 @@ class="APPLICATION">OpenSSL</b>, could allow a very powerful attacker access to plaintext under certain circumstances. This problem has been corrected in FreeBSD - 4.8-PRERELEASE with an upgrade to <b + 4.8-RC with an upgrade to <b class="APPLICATION">OpenSSL</b> 0.9.7. On supported security fix branches, this problem has been corrected with the import of <b class="APPLICATION">OpenSSL</b> 0.9.6i. @@ -160,21 +160,34 @@ are given in security advisory <a href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc" target="_top">FreeBSD-SA-03:03</a>.</p> + + <p>Due to a buffer overflow in header parsing in <b + class="APPLICATION">sendmail</b>, a remote attacker can + create a specially-crafted message that may cause <a + href="http://www.FreeBSD.org/cgi/man.cgi?query=sendmail&sektion=8&manpath=FreeBSD+4.7-stable"> + <span class="CITEREFENTRY"><span + class="REFENTRYTITLE">sendmail</span>(8)</span></a> to + execute arbitrary code with the privileges of the user + running it, typically <tt class="USERNAME">root</tt>. More + information, including pointers to patches, can be found in + security advisory <a + href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc" + target="_top">FreeBSD-SA-03:04</a>.</p> </div> <div class="SECT1"> <hr /> - <h1 class="SECT1"><a id="AEN59" name="AEN59">3 + <h1 class="SECT1"><a id="AEN66" name="AEN66">3 Late-Breaking News</a></h1> <p>Due to concerns over the licensing terms for the <a - href="http://www.FreeBSD.org/cgi/man.cgi?query=matcd&sektion=4&manpath=FreeBSD+4.7-stable"> + href="http://www.FreeBSD.org/cgi/man.cgi?query=matcd&sektion=4&manpath=FreeBSD+4.7-stable"> <span class="CITEREFENTRY"><span class="REFENTRYTITLE">matcd</span>(4)</span></a> driver uncovered late in FreeBSD 4.7-RELEASE's release cycle, the <a - href="http://www.FreeBSD.org/cgi/man.cgi?query=matcd&sektion=4&manpath=FreeBSD+4.7-stable"> + href="http://www.FreeBSD.org/cgi/man.cgi?query=matcd&sektion=4&manpath=FreeBSD+4.7-stable"> <span class="CITEREFENTRY"><span class="REFENTRYTITLE">matcd</span>(4)</span></a> driver was removed. These issues are being addressed and this driver @@ -182,7 +195,7 @@ <p>The <tt class="FILENAME">srelease</tt> distribution contains object files for <a - href="http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.7-stable"> + href="http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.7-stable"> <span class="CITEREFENTRY"><span class="REFENTRYTITLE">sysinstall</span>(8)</span></a> in the <tt class="FILENAME">release/sysinstall</tt> directory. @@ -216,14 +229,14 @@ <p>The release notes for FreeBSD 4.7-RELEASE incorrectly stated that the <tt class="OPTION">-J</tt> option to <a - href="http://www.FreeBSD.org/cgi/man.cgi?query=xargs&sektion=1&manpath=FreeBSD+4.7-stable"> + href="http://www.FreeBSD.org/cgi/man.cgi?query=xargs&sektion=1&manpath=FreeBSD+4.7-stable"> <span class="CITEREFENTRY"><span class="REFENTRYTITLE">xargs</span>(1)</span></a> is deprecated. In fact, there are no plans to remove this option.</p> <p><a - href="http://www.FreeBSD.org/cgi/man.cgi?query=ftpd&sektion=8&manpath=FreeBSD+4.7-stable"> + href="http://www.FreeBSD.org/cgi/man.cgi?query=ftpd&sektion=8&manpath=FreeBSD+4.7-stable"> <span class="CITEREFENTRY"><span class="REFENTRYTITLE">ftpd</span>(8)</span></a> has a bug in its virtual hosting function triggered if <tt @@ -231,11 +244,11 @@ whose IP address can resolve back to a hostname. In that case the daemon will be exiting on <tt class="LITERAL">SIGSEGV</tt> (signal 11) if started from <a - href="http://www.FreeBSD.org/cgi/man.cgi?query=inetd&sektion=8&manpath=FreeBSD+4.7-stable"> + href="http://www.FreeBSD.org/cgi/man.cgi?query=inetd&sektion=8&manpath=FreeBSD+4.7-stable"> <span class="CITEREFENTRY"><span class="REFENTRYTITLE">inetd</span>(8)</span></a>, or may malfunction unpredictably if running stand-alone. This bug - has been fixed in FreeBSD 4.8-PRERELEASE.</p> + has been fixed in FreeBSD 4.8-RC.</p> </div> </div> <hr />