343 lines
		
	
	
	
		
			11 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
			
		
		
	
	
			343 lines
		
	
	
	
		
			11 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 | |
|     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 | |
| <html xmlns="http://www.w3.org/1999/xhtml">
 | |
| <head>
 | |
| <meta name="generator" content="HTML Tidy, see www.w3.org" />
 | |
| <title>FreeBSD 4.11-RELEASE Errata</title>
 | |
| <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79" />
 | |
| <link rel="STYLESHEET" type="text/css" href="docbook.css" />
 | |
| <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
 | |
| </head>
 | |
| <body class="ARTICLE" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
 | |
| alink="#0000FF">
 | |
| <div class="ARTICLE">
 | |
| <div class="TITLEPAGE">
 | |
| <h1 class="TITLE"><a id="AEN2" name="AEN2">FreeBSD 4.11-RELEASE Errata</a></h1>
 | |
| 
 | |
| <h3 class="CORPAUTHOR">The FreeBSD Project</h3>
 | |
| 
 | |
| <p class="COPYRIGHT">Copyright © 2000, 2001, 2002, 2003, 2004, 2005 The FreeBSD
 | |
| Documentation Project</p>
 | |
| 
 | |
| <p class="PUBDATE">$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v
 | |
| 1.1.2.136 2007/03/07 20:00:32 bmah Exp $<br />
 | |
| </p>
 | |
| 
 | |
| <div class="LEGALNOTICE"><a id="TRADEMARKS" name="TRADEMARKS"></a>
 | |
| <p>FreeBSD is a registered trademark of the FreeBSD Foundation.</p>
 | |
| 
 | |
| <p>Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or
 | |
| registered trademarks of Intel Corporation or its subsidiaries in the United States and
 | |
| other countries.</p>
 | |
| 
 | |
| <p>Many of the designations used by manufacturers and sellers to distinguish their
 | |
| products are claimed as trademarks. Where those designations appear in this document, and
 | |
| the FreeBSD Project was aware of the trademark claim, the designations have been followed
 | |
| by the ``™'' or the ``®'' symbol.</p>
 | |
| </div>
 | |
| 
 | |
| <hr />
 | |
| </div>
 | |
| 
 | |
| <blockquote class="ABSTRACT">
 | |
| <div class="ABSTRACT"><a id="AEN20" name="AEN20"></a>
 | |
| <p>This document lists errata items for FreeBSD 4.11-RELEASE, containing significant
 | |
| information discovered after the release or too late in the release cycle to be otherwise
 | |
| included in the release documentation. This information includes security advisories, as
 | |
| well as news relating to the software or documentation that could affect its operation or
 | |
| usability. An up-to-date version of this document should always be consulted before
 | |
| installing this version of FreeBSD.</p>
 | |
| </div>
 | |
| </blockquote>
 | |
| 
 | |
| <div class="SECT1">
 | |
| <hr />
 | |
| <h2 class="SECT1"><a id="AEN22" name="AEN22">1 Introduction</a></h2>
 | |
| 
 | |
| <p>This errata document contains ``late-breaking news'' about FreeBSD 4.11-RELEASE.
 | |
| Before installing this version, it is important to consult this document to learn about
 | |
| any post-release discoveries or problems that may already have been found and fixed.</p>
 | |
| 
 | |
| <p>Any version of this errata document actually distributed with the release (for
 | |
| example, on a CDROM distribution) will be out of date by definition, but other copies are
 | |
| kept updated on the Internet and should be consulted as the ``current errata'' for this
 | |
| release. These other copies of the errata are located at <a
 | |
| href="http://www.FreeBSD.org/releases/"
 | |
| target="_top">http://www.FreeBSD.org/releases/</a>, plus any sites which keep up-to-date
 | |
| mirrors of this location.</p>
 | |
| 
 | |
| <p>Source and binary snapshots of FreeBSD 4-STABLE also contain up-to-date copies of this
 | |
| document (as of the time of the snapshot).</p>
 | |
| 
 | |
| <p>For a list of all FreeBSD CERT security advisories, see <a
 | |
| href="http://security.FreeBSD.org/" target="_top">http://security.FreeBSD.org/</a> or <a
 | |
| href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"
 | |
| target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
 | |
| 
 | |
| <div class="NOTE">
 | |
| <blockquote class="NOTE">
 | |
| <p><b>Note:</b> FreeBSD 4.11-RELEASE, as well as the FreeBSD 4-STABLE branch from which
 | |
| it comes, have reached ``End of Life'' status and are no longer supported as of 1
 | |
| February 2007. Specifically, the Security Officer Team will no longer be issuing
 | |
| advisories against FreeBSD 4-STABLE. In addition, the Ports Manager Team will no longer
 | |
| perform package builds for 4-STABLE, and building ports from source on 4-STABLE is no
 | |
| longer supported.</p>
 | |
| 
 | |
| <p>Additional information on this topic can be found in <a
 | |
| href="http://lists.freebsd.org/pipermail/freebsd-stable/2007-February/032766.html"
 | |
| target="_top">a posting</a> to the <a
 | |
| href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-stable"
 | |
| target="_top">FreeBSD-STABLE mailing list</a>.</p>
 | |
| </blockquote>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div class="SECT1">
 | |
| <hr />
 | |
| <h2 class="SECT1"><a id="AEN39" name="AEN39">2 Security Advisories</a></h2>
 | |
| 
 | |
| <p>The following security advisories pertain to FreeBSD 4.11-RELEASE. For more
 | |
| information, consult the individual advisories available from <a
 | |
| href="http://security.FreeBSD.org/advisories/"
 | |
| target="_top">http://security.FreeBSD.org/advisories/</a>.</p>
 | |
| 
 | |
| <div class="INFORMALTABLE"><a id="AEN43" name="AEN43"></a>
 | |
| <table border="0" frame="void" class="CALSTABLE">
 | |
| <col width="1*" />
 | |
| <col width="1*" />
 | |
| <col width="3*" />
 | |
| <thead>
 | |
| <tr>
 | |
| <th>Advisory</th>
 | |
| <th>Date</th>
 | |
| <th>Topic</th>
 | |
| </tr>
 | |
| </thead>
 | |
| 
 | |
| <tbody>
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-05:01.telnet.asc"
 | |
| target="_top">SA-05:01.telnet</a></td>
 | |
| <td>28 March 2005</td>
 | |
| <td>
 | |
| <p>telnet client buffer overflows</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-05:02.sendfile.asc"
 | |
| target="_top">SA-05:02.sendfile</a></td>
 | |
| <td>4 April 2005</td>
 | |
| <td>
 | |
| <p>sendfile kernel memory disclosure</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-05:04.ifconf.asc"
 | |
| target="_top">SA-05:04.ifconf</a></td>
 | |
| <td>15 April 2005</td>
 | |
| <td>
 | |
| <p>Kernel memory disclosure in ifconf()</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-05:05.cvs.asc"
 | |
| target="_top">SA-05:05.cvs</a></td>
 | |
| <td>22 April 2005</td>
 | |
| <td>
 | |
| <p>Multiple vulnerabilities in CVS</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-05:06.iir.asc"
 | |
| target="_top">SA-05:06.iir</a></td>
 | |
| <td>6 May 2005</td>
 | |
| <td>
 | |
| <p>Incorrect permissions on /dev/iir</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-05:07.ldt.asc"
 | |
| target="_top">SA-05:07.ldt</a></td>
 | |
| <td>6 May 2005</td>
 | |
| <td>
 | |
| <p>Local kernel memory disclosure in i386_get_ldt</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-05:08.kmem.asc"
 | |
| target="_top">SA-05:08.kmem</a></td>
 | |
| <td>6 May 2005</td>
 | |
| <td>
 | |
| <p>Local kernel memory disclosure</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-05:09.htt.asc"
 | |
| target="_top">SA-05:09.htt</a></td>
 | |
| <td>13 May 2005</td>
 | |
| <td>
 | |
| <p>information disclosure when using HTT</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-05:11.gzip.asc"
 | |
| target="_top">SA-05:11.gzip</a></td>
 | |
| <td>9 June 2005</td>
 | |
| <td>
 | |
| <p>gzip directory traversal and permission race vulnerabilities</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-05:14.bzip2.asc"
 | |
| target="_top">SA-05:14.bzip2</a></td>
 | |
| <td>29 June 2005</td>
 | |
| <td>
 | |
| <p>bzip2 denial of service and permission race vulnerabilities</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-05:15.tcp.asc"
 | |
| target="_top">SA-05:15.tcp</a></td>
 | |
| <td>29 June 2005</td>
 | |
| <td>
 | |
| <p>TCP connection stall denial of service</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:16.smbfs.asc"
 | |
| target="_top">SA-06:16.smbfs</a></td>
 | |
| <td>31 May 2006</td>
 | |
| <td>
 | |
| <p>smbfs chroot escape</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc"
 | |
| target="_top">SA-06:17.sendmail</a></td>
 | |
| <td>14 June 2006</td>
 | |
| <td>
 | |
| <p>Incorrect multipart message handling in Sendmail</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc"
 | |
| target="_top">SA-06:18.ppp</a></td>
 | |
| <td>23 August 2006</td>
 | |
| <td>
 | |
| <p>Buffer overflow in <a
 | |
| href="http://www.FreeBSD.org/cgi/man.cgi?query=sppp&sektion=4&manpath=FreeBSD+4.11-stable">
 | |
| <span class="CITEREFENTRY"><span class="REFENTRYTITLE">sppp</span>(4)</span></a></p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:19.openssl.asc"
 | |
| target="_top">SA-06:19.openssl</a></td>
 | |
| <td>06 September 2006</td>
 | |
| <td>
 | |
| <p>Incorrect PKCS#1 v1.5 padding validation in <a
 | |
| href="http://www.FreeBSD.org/cgi/man.cgi?query=crypto&sektion=3&manpath=FreeBSD+4.11-stable">
 | |
| <span class="CITEREFENTRY"><span class="REFENTRYTITLE">crypto</span>(3)</span></a></p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:21.gzip.asc"
 | |
| target="_top">SA-06:21.gzip</a></td>
 | |
| <td>19 September 2006</td>
 | |
| <td>
 | |
| <p>Multiple vulnerabilities in <a
 | |
| href="http://www.FreeBSD.org/cgi/man.cgi?query=gzip&sektion=1&manpath=FreeBSD+4.11-stable">
 | |
| <span class="CITEREFENTRY"><span class="REFENTRYTITLE">gzip</span>(1)</span></a></p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:22.openssh.asc"
 | |
| target="_top">SA-06:22.openssh</a></td>
 | |
| <td>30 September 2006</td>
 | |
| <td>
 | |
| <p>Multiple vulnerabilities in OpenSSH</p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc"
 | |
| target="_top">SA-06:23.openssl</a></td>
 | |
| <td>28 September 2006</td>
 | |
| <td>
 | |
| <p>Multiple problems in <a
 | |
| href="http://www.FreeBSD.org/cgi/man.cgi?query=crypto&sektion=3&manpath=FreeBSD+4.11-stable">
 | |
| <span class="CITEREFENTRY"><span class="REFENTRYTITLE">crypto</span>(3)</span></a></p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:25.kmem.asc"
 | |
| target="_top">SA-06:25.kmem</a></td>
 | |
| <td>6 December 2006</td>
 | |
| <td>
 | |
| <p>Kernel memory disclosure in <a
 | |
| href="http://www.FreeBSD.org/cgi/man.cgi?query=firewire&sektion=4&manpath=FreeBSD+4.11-stable">
 | |
| <span class="CITEREFENTRY"><span class="REFENTRYTITLE">firewire</span>(4)</span></a></p>
 | |
| </td>
 | |
| </tr>
 | |
| 
 | |
| <tr>
 | |
| <td><a href="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:26.gtar.asc"
 | |
| target="_top">SA-06:26.gtar</a></td>
 | |
| <td>6 December 2006</td>
 | |
| <td>
 | |
| <p><a
 | |
| href="http://www.FreeBSD.org/cgi/man.cgi?query=gtar&sektion=1&manpath=FreeBSD+4.11-stable">
 | |
| <span class="CITEREFENTRY"><span class="REFENTRYTITLE">gtar</span>(1)</span></a> name
 | |
| mangling symlink vulnerability</p>
 | |
| </td>
 | |
| </tr>
 | |
| </tbody>
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div class="SECT1">
 | |
| <hr />
 | |
| <h2 class="SECT1"><a id="AEN192" name="AEN192">3 Late-Breaking News</a></h2>
 | |
| 
 | |
| <p>No news.</p>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <hr />
 | |
| <p align="center"><small>This file, and other release-related documents, can be
 | |
| downloaded from <a
 | |
| href="http://snapshots.jp.FreeBSD.org/">http://snapshots.jp.FreeBSD.org/</a>.</small></p>
 | |
| 
 | |
| <p align="center"><small>For questions about FreeBSD, read the <a
 | |
| href="http://www.FreeBSD.org/docs.html">documentation</a> before contacting <<a
 | |
| href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>>.</small></p>
 | |
| 
 | |
| <p align="center"><small><small>All users of FreeBSD 4-STABLE should subscribe to the
 | |
| <<a href="mailto:stable@FreeBSD.org">stable@FreeBSD.org</a>> mailing
 | |
| list.</small></small></p>
 | |
| 
 | |
| <p align="center">For questions about this documentation, e-mail <<a
 | |
| href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>>.</p>
 | |
| 
 | |
| <br />
 | |
| <br />
 | |
| </body>
 | |
| </html>
 | |
| 
 |