From a864a49704fbe40529ab8fe0904f95889140f685 Mon Sep 17 00:00:00 2001 From: Hiroki Sato Date: Sun, 5 Oct 2003 17:11:16 +0000 Subject: [PATCH] Regen from article.sgml 1.1.2.112. --- en/releases/4.8R/errata.html | 119 +++++++++++++++++++++++------------ 1 file changed, 78 insertions(+), 41 deletions(-) diff --git a/en/releases/4.8R/errata.html b/en/releases/4.8R/errata.html index 7a5c5ea292..70d20a06af 100644 --- a/en/releases/4.8R/errata.html +++ b/en/releases/4.8R/errata.html @@ -4,7 +4,7 @@ FreeBSD 4.8-RELEASE Errata - +

The FreeBSD Project

-

Copyright © 2000, 2001, 2002, 2003 by The FreeBSD Documentation +

Copyright © 2000, 2001, 2002, 2003 The FreeBSD Documentation Project

$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v -1.1.2.111 2003/09/20 00:20:26 bmah Exp $
+1.1.2.112 2003/10/05 16:56:24 hrs Exp $

@@ -41,7 +41,7 @@ FreeBSD 4.9-RELEASE.

-

1 Introduction

+

1 Introduction

This errata document contains ``late-breaking news'' about FreeBSD 4.8-RELEASE. Before installing this version, it is important to consult this document to learn about any @@ -67,28 +67,28 @@ target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/.

-

2 Security Advisories

+

2 Security Advisories

A buffer overflow in header parsing exists in older versions of sendmail. It could allow a remote attacker to create a specially-crafted message that may cause +href="http://www.FreeBSD.org/cgi/man.cgi?query=sendmail&sektion=8&manpath=FreeBSD+4.8-stable"> sendmail(8) to execute arbitrary code with the privileges of the user running it, typically root. More information, including pointers to patches, can be found in security advisory FreeBSD-SA-03:07. This problem was corrected for FreeBSD 4.8-RELEASE -with a vendor patch and was corrected for FreeBSD 4.9-PRERELEASE with the import of a new -version of sendmail. However, these changes may not otherwise -have been noted in the release documentation.

+with a vendor patch and was corrected for FreeBSD 4.9-RC with the import of a new version +of sendmail. However, these changes may not otherwise have +been noted in the release documentation.

The implementation of the +href="http://www.FreeBSD.org/cgi/man.cgi?query=realpath&sektion=3&manpath=FreeBSD+4.8-stable"> realpath(3) function contains a single-byte buffer overflow bug. This may have various impacts, depending on the application using +href="http://www.FreeBSD.org/cgi/man.cgi?query=realpath&sektion=3&manpath=FreeBSD+4.8-stable"> realpath(3) and other factors. This bug has been fixed on the 4.8-RELEASE security fix branch and the 4-STABLE development branch. For more information, see security advisory FreeBSD-SA-03:10.

A programming error in the sendmail implementation of its ``DNS maps'' feature could lead to a +href="http://www.FreeBSD.org/cgi/man.cgi?query=sendmail&sektion=8&manpath=FreeBSD+4.8-stable"> sendmail(8) child process crashing or behaving incorrectly. This error has been fixed with a patch on the 4.8-RELEASE security fix branch and with the import of a new version of FreeBSD-SA-03:13.

+ +

The FreeBSD ARP code contains a bug that could allow the kernel to cause resource +starvation which eventually results in a system panic. This bug has been fixed on the +4-STABLE development branch and the 4.8-RELEASE security fix branch. More information can +be found in security advisory FreeBSD-SA-03:14.

+ +

The implementation of the +readv(2) system +call contains a bug which could potentially cause a system crash or privilege escalation. +This bug has been fixed on the 4-STABLE development branch and the 4.8-RELEASE security +fix branch. More information can be found in security advisory FreeBSD-SA-03:16.

+ +

The implementation of the +procfs(5) and +the +linprocfs(5) +contain a bug that could result in disclosing the contents of kernel memory. This bug has +been fixed on the 4-STABLE development branch and the 4.8-RELEASE security fix branch. +More information can be found in security advisory FreeBSD-SA-03:17.

+ +

OpenSSL contains several bugs which could allow a remote +attacker to crash an OpenSSL-using application or to execute +arbitrary code with the privileges of the application. These bugs have been fixed with +the import of a new version of OpenSSL on the 4-STABLE +development branch and with a vendor-supplied patch on the 4.8-RELEASE security fix +branch. Note that only applications that use OpenSSL's ASN.1 +or X.509 handling code are affected (OpenSSH is unaffected, +for example). More information can be found in security advisory FreeBSD-SA-03:18.

-

3 Late-Breaking News

+

3 Late-Breaking News

Due to some problems discovered very late in the release cycle, the ISO images and FTP install directories for FreeBSD 4.8-RELEASE/i386 needed to be re-generated and re-uploaded to the FTP mirror sites. For reference, the final ISO images have checksums computed via -md5(1) as +href="http://www.FreeBSD.org/cgi/man.cgi?query=md5&sektion=1&manpath=FreeBSD+4.8-stable">md5(1) as follows:

@@ -157,9 +196,9 @@ MD5 (4.8-RELEASE-i386-mini.iso) = 5f0d2576dbb56d6ec85d49ac9fa4bbf9
 
 
FreeBSD 4.8-RELEASE restores the ability to install from the installation media to a
 
-mly(4) device.
-(This capability was broken in FreeBSD 4.7-RELEASE.)

+href="http://www.FreeBSD.org/cgi/man.cgi?query=mly&sektion=4&manpath=FreeBSD+4.8-stable">mly(4) device. (This
+capability was broken in FreeBSD 4.7-RELEASE.)

 
 
After installing GNOME, the default terminal font might be
 garbled. If this is the case, install the 
 
 
Due to space limitations, the 
-awi(4) driver
-has been removed from the kernel used on the 1.44MB kern.flp
-i386 boot floppy. Because no module is available for this driver in FreeBSD 4.8-RELEASE,
-this means that it is generally not possible to install FreeBSD 4.8-RELEASE over an 
-awi(4)
-network.

+href="http://www.FreeBSD.org/cgi/man.cgi?query=awi&sektion=4&manpath=FreeBSD+4.8-stable">awi(4) driver has
+been removed from the kernel used on the 1.44MB kern.flp i386
+boot floppy. Because no module is available for this driver in FreeBSD 4.8-RELEASE, this
+means that it is generally not possible to install FreeBSD 4.8-RELEASE over an awi(4) network.

 
 
Due to space limitations, support for ATAPI floppy disks and the DEC AlphaServer 8200
 and 8400 (``TurboLaser'') machines has been removed from the kernel used on the 1.44MB
@@ -189,38 +227,38 @@ and the 4-STABLE development branch.

 
FreeBSD supports a hashed form of the login capabilities database, stored in /etc/login.conf.db. This is generated from the /etc/login.conf text file. If the hashed database is present, 
+href="http://www.FreeBSD.org/cgi/man.cgi?query=login&sektion=1&manpath=FreeBSD+4.8-stable">
 login(1) will
 use it in preference to the contents of the text file. FreeBSD 4.8-RELEASE is the first
 release that actually includes /etc/login.conf.db on the
 distribution media; thus, users modifying /etc/login.conf need
 to remember to regenerate the database, using 
+href="http://www.FreeBSD.org/cgi/man.cgi?query=cap_mkdb&sektion=1&manpath=FreeBSD+4.8-stable">
 cap_mkdb(1).
 Users performing source upgrades are generally not affected by this change, because 
+href="http://www.FreeBSD.org/cgi/man.cgi?query=mergemaster&sektion=8&manpath=FreeBSD+4.8-stable">
 mergemaster(8)
 offers the option to regenerate /etc/login.conf.db during
 upgrades. 
+href="http://www.FreeBSD.org/cgi/man.cgi?query=login.conf&sektion=5&manpath=FreeBSD+4.8-stable">
 login.conf(5)
 has more details on the format and usage of the login capabilities database.

 
 
A file that is a part of the multimedia/gstreamer-plugins
 port may appear to have a corrupted filename when the ports collection is installed using
 
+href="http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.8-stable">
 sysinstall(8).
 This should not affect building the port or installing the corresponding package.
 However, it is recommended to rename the file in question, to prevent problems during any
 future updates to the installed ports collection:

 
 
-# cd /usr/ports/multimedia/gstreamer-plugins/files
-# mv patch-gst-libs_ext_ffmpeg_ffmpeg_libavcodec_alpha_simple_i \
-patch-gst-libs_ext_ffmpeg_ffmpeg_libavcodec_alpha_simple_idct_alpha.c
+# cd /usr/ports/multimedia/gstreamer-plugins/files
+# mv patch-gst-libs_ext_ffmpeg_ffmpeg_libavcodec_alpha_simple_i \
+patch-gst-libs_ext_ffmpeg_ffmpeg_libavcodec_alpha_simple_idct_alpha.c
 

 
 
Recently the mailing lists were changed from majordomo to the currently used Mailman
@@ -229,11 +267,10 @@ the FreeBSD Mai
 Page.

 
 
The 
-dc(4) driver
-does not properly transmit data through Davicom DC9102 cards. This problem, which has
-been present since FreeBSD 4.5-RELEASE, has been corrected for FreeBSD
-4.9-PRERELEASE.

+href="http://www.FreeBSD.org/cgi/man.cgi?query=dc&sektion=4&manpath=FreeBSD+4.8-stable">dc(4) driver does not
+properly transmit data through Davicom DC9102 cards. This problem, which has been present
+since FreeBSD 4.5-RELEASE, has been corrected for FreeBSD 4.9-RC.