Regen from: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v 1.67
This commit is contained in:
Ken Smith
parent
08c5705137
commit
9376a1d4b4
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/www/; revision=20447
1 changed files with 33 additions and 32 deletions
|
|
@ -18,8 +18,8 @@ alink="#0000FF">
|
|||
<p class="COPYRIGHT">Copyright © 2000, 2001, 2002, 2003, 2004 The FreeBSD
|
||||
Documentation Project</p>
|
||||
|
||||
<p class="PUBDATE">$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v 1.66
|
||||
2004/03/05 04:19:06 bmah Exp $<br />
|
||||
<p class="PUBDATE">$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v 1.67
|
||||
2004/03/30 17:43:26 kensmith Exp $<br />
|
||||
</p>
|
||||
|
||||
<div class="LEGALNOTICE"><a id="TRADEMARKS" name="TRADEMARKS"></a>
|
||||
|
|
@ -92,19 +92,19 @@ target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
|
|||
<h2 class="SECT1"><a id="SECURITY" name="SECURITY">2 Security Advisories</a></h2>
|
||||
|
||||
<p>(30 Jan 2004, updated 28 Feb 2004) A bug in <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">mksnap_ffs</span>(8)</span></a>
|
||||
causes the creation of a filesystem snapshot to reset the flags on the filesystem to
|
||||
their default values. The possible consequences depend on local usage, but can include
|
||||
disabling extended access control lists or enabling the use of setuid executables stored
|
||||
on an untrusted filesystem. This bug also affects the <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=dump&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=dump&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">dump</span>(8)</span></a> <var
|
||||
class="OPTION">-L</var> option, which uses <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">mksnap_ffs</span>(8)</span></a>.
|
||||
Note that <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">mksnap_ffs</span>(8)</span></a> is
|
||||
normally only available to the superuser and members of the <tt
|
||||
class="GROUPNAME">operator</tt> group. This bug has been fixed on the FreeBSD 5.2-RELEASE
|
||||
|
|
@ -115,7 +115,7 @@ target="_top">FreeBSD-SA-04:01</a>.</p>
|
|||
|
||||
<p>(8 Feb 2004, updated 28 Feb 2004) A bug with the System V Shared Memory interface
|
||||
(specifically the <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=shmat&sektion=2&manpath=FreeBSD+5.2-current">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=shmat&sektion=2&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">shmat</span>(2)</span></a> system
|
||||
call) can cause a shared memory segment to reference unallocated kernel memory. In turn,
|
||||
this can permit a local attacker to gain unauthorized access to parts of kernel memory,
|
||||
|
|
@ -128,7 +128,7 @@ target="_top">FreeBSD-SA-04:02</a>.</p>
|
|||
|
||||
<p>(28 Feb 2004) It is possible, under some circumstances, for a processor with superuser
|
||||
privileges inside a <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=jail&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=jail&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">jail</span>(8)</span></a>
|
||||
environment to change its root directory to a different jail, giving it read and write
|
||||
access to the files and directories within. This vulnerability has been closed on the
|
||||
|
|
@ -146,21 +146,22 @@ href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc
|
|||
target="_top">FreeBSD-SA-04:04</a> contains more details, as well as information on
|
||||
patching existing systems.</p>
|
||||
|
||||
<p>(17 Mar 2004) By performing a specially crafted SSL/TLS handshake with
|
||||
an application that uses OpenSSL a null pointer may be dereferenced. This
|
||||
may in turn cause the application to crash, resulting in a denial of service
|
||||
attack. For more information see the Security Advisory
|
||||
<a href="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
|
||||
target="_top">FreeBSD-SA-04:05</a> which contains more details and instructions
|
||||
on how to patch existing systems.</p>
|
||||
<p>(17 Mar 2004) By performing a specially crafted SSL/TLS handshake with an application
|
||||
that uses OpenSSL a null pointer may be dereferenced. This may in turn cause the
|
||||
application to crash, resulting in a denial of service attack. For more information see
|
||||
the Security Advisory <a
|
||||
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
|
||||
target="_top">FreeBSD-SA-04:05</a> which contains more details and instructions on how to
|
||||
patch existing systems.</p>
|
||||
|
||||
<p>(29 Mar 2004) A local attacker may take advantage of a programming error in the
|
||||
handling of certain IPv6 socket options in the
|
||||
<a href="http://www.FreeBSD.org/cgi/man.cgi?query=setsockopt&sektion=2&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">setsockopt</span>(2)</span></a> system call
|
||||
to read portions of kernel memory without proper authorization. This may result in disclosure of
|
||||
sensitive data, or potentially cause a panic. See Security Advisory
|
||||
<a href="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc"
|
||||
handling of certain IPv6 socket options in the <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=setsockopt&sektion=2&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">setsockopt</span>(2)</span></a>
|
||||
system call to read portions of kernel memory without proper authorization. This may
|
||||
result in disclosure of sensitive data, or potentially cause a panic. See Security
|
||||
Advisory <a
|
||||
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc"
|
||||
target="_top">FreeBSD-SA-04:06</a> for a more detailed description and instructions on
|
||||
how to patch existing systems.</p>
|
||||
</div>
|
||||
|
|
@ -170,13 +171,13 @@ how to patch existing systems.</p>
|
|||
<h2 class="SECT1"><a id="OPEN-ISSUES" name="OPEN-ISSUES">3 Open Issues</a></h2>
|
||||
|
||||
<p>(9 Jan 2004) Due to a change in <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=cpp&sektion=1&manpath=FreeBSD+5.2-current">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=cpp&sektion=1&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">cpp</span>(1)</span></a> behavior,
|
||||
the login screen for <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=xdm&sektion=1&manpath=XFree86+4.3.0">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">xdm</span>(1)</span></a> is in
|
||||
black and white, even on systems with color displays. As a workaround, update to a newer
|
||||
version of the <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=xdm&sektion=1&manpath=XFree86+4.3.0"><span
|
||||
class="CITEREFENTRY"><span class="REFENTRYTITLE">xdm</span>(1)</span></a> is in black and
|
||||
white, even on systems with color displays. As a workaround, update to a newer version of
|
||||
the <a
|
||||
href="http://www.FreeBSD.org/cgi/url.cgi?ports/x11/XFree86-4-clients/pkg-descr"><tt
|
||||
class="FILENAME">x11/XFree86-4-clients</tt></a> port/package.</p>
|
||||
|
||||
|
|
@ -187,9 +188,9 @@ class="VARNAME">hint.acpi.0.disabled</var> kernel environment variable. These pr
|
|||
are being investigated. For problems that have not already been reported (check the
|
||||
mailing list archives <span class="emphasis"><i class="EMPHASIS">before</i></span>
|
||||
posting), sending the output of <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=dmesg&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=dmesg&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">dmesg</span>(8)</span></a> and <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=acpidump&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=acpidump&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">acpidump</span>(8)</span></a> to
|
||||
the <a href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-current"
|
||||
target="_top">FreeBSD-CURRENT mailing list</a> may help diagnose the problem.</p>
|
||||
|
|
@ -218,26 +219,26 @@ the <var class="VARNAME">hint.acpi.0.disabled</var> kernel environment variable.
|
|||
|
||||
<p>Some of these problems were addressed in FreeBSD 5.2.1-RELEASE with the import of a
|
||||
newer <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+5.2-current">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ata</span>(4)</span></a> from
|
||||
5.2-CURRENT.</p>
|
||||
|
||||
<p>(9 Jan 2004) Installing over NFS when using the install floppies requires that the <tt
|
||||
class="FILENAME">nfsclient.ko</tt> module be manually loaded from the third floppy disk.
|
||||
This can be done by following the prompts when <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">sysinstall</span>(8)</span></a>
|
||||
launches to load a driver off of the third floppy disk.</p>
|
||||
|
||||
<p>(9 Jan 2004) The use of multiple vchans (virtual audio channels with dynamic mixing in
|
||||
software) in the <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=pcm&sektion=4&manpath=FreeBSD+5.2-current">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=pcm&sektion=4&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">pcm</span>(4)</span></a> driver
|
||||
has been known to cause some instability.</p>
|
||||
|
||||
<p>(10 Jan 2004) Although APIC interrupt routing seems to work correctly on many systems,
|
||||
on some others (such as some laptops) it can cause various errors, such as <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+5.2-current">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+5.2-current">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ata</span>(4)</span></a> errors or
|
||||
hangs when starting or exiting X11. For these situations, it may be advisable to disable
|
||||
APIC routing, using the ``safe mode'' of the bootloader or the <var
|
||||
|
|
|
|||
Loading…
Reference in a new issue