os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/en/releases/4.5R/errata.html
Bruce A. Mah caab5a4707 Regen from article.sgml 1.1.2.65.
2002-05-13 15:43:40 +00:00

338 lines
15 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org">
<title>FreeBSD 4.5-RELEASE Errata</title>
<meta name="GENERATOR" content=
"Modular DocBook HTML Stylesheet Version 1.73 ">
<link rel="STYLESHEET" type="text/css" href="docbook.css">
</head>
<body class="ARTICLE" bgcolor="#FFFFFF" text="#000000" link=
"#0000FF" vlink="#840084" alink="#0000FF">
<div class="ARTICLE">
<div class="TITLEPAGE">
<h1 class="TITLE"><a name="AEN2">FreeBSD 4.5-RELEASE
Errata</a></h1>
<h3 class="CORPAUTHOR">The FreeBSD Project</h3>
<p class="COPYRIGHT">Copyright &copy; 2000, 2001, 2002 by
The FreeBSD Documentation Project</p>
<p class="PUBDATE">$FreeBSD:
src/release/doc/en_US.ISO8859-1/errata/article.sgml,v
1.1.2.65 2002/05/13 15:30:59 bmah Exp $<br>
</p>
<hr>
</div>
<blockquote class="ABSTRACT">
<div class="ABSTRACT">
<a name="AEN11"></a>
<p>This document lists errata items for FreeBSD
4.5-RELEASE, containing significant information
discovered after the release. This information includes
security advisories, as well as news relating to the
software or documentation that could affect its operation
or usability. An up-to-date version of this document
should always be consulted before installing this version
of FreeBSD.</p>
<p>This errata document for FreeBSD 4.5-RELEASE will be
maintained until the release of FreeBSD 4.6-RELEASE.</p>
</div>
</blockquote>
<div class="SECT1">
<hr>
<h1 class="SECT1"><a name="AEN14">1 Introduction</a></h1>
<p>This errata document contains ``late-breaking news''
about FreeBSD 4.5-RELEASE. Before installing this version,
it is important to consult this document to learn about any
post-release discoveries or problems that may already have
been found and fixed.</p>
<p>Any version of this errata document actually distributed
with the release (for example, on a CDROM distribution)
will be out of date by definition, but other copies are
kept updated on the Internet and should be consulted as the
``current errata'' for this release. These other copies of
the errata are located at <a href=
"http://www.FreeBSD.org/releases/" target=
"_top">http://www.FreeBSD.org/releases/</a>, plus any sites
which keep up-to-date mirrors of this location.</p>
<p>Source and binary snapshots of FreeBSD 4-STABLE also
contain up-to-date copies of this document (as of the time
of the snapshot).</p>
<p>For a list of all FreeBSD CERT security advisories, see
<a href="http://www.FreeBSD.org/security/" target=
"_top">http://www.FreeBSD.org/security/</a> or <a href=
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/" target=
"_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
</div>
<div class="SECT1">
<hr>
<h1 class="SECT1"><a name="AEN25">2 Security
Advisories</a></h1>
<p>A race condition existed whereby a file could be removed
between a <a href=
"http://www.FreeBSD.org/cgi/man.cgi?query=fstatfs&sektion=2&manpath=FreeBSD+4.5-stable">
<span class="CITEREFENTRY"><span class=
"REFENTRYTITLE">fstatfs</span>(2)</span></a> call and the
point where the file is accessed, causing a kernel panic.
Only the <a href=
"http://www.FreeBSD.org/cgi/man.cgi?query=procfs&sektion=5&manpath=FreeBSD+4.5-stable">
<span class="CITEREFENTRY"><span class=
"REFENTRYTITLE">procfs</span>(5)</span></a> filesystem was
known to be vulnerable to this attack. This bug was fixed
in FreeBSD 4.5-RELEASE, but the security advisory
describing the bug was issued after the release. For more
information, including a workaround and bug fix, see
security advisory <a href=
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09.fstatfs.asc"
target="_top">FreeBSD-SA-02:09</a>.</p>
<p>An ``off-by-one'' bug has been fixed in <b class=
"APPLICATION">OpenSSH</b>'s multiplexing code. This bug
could have allowed an authenticated remote user to cause <a
href=
"http://www.FreeBSD.org/cgi/man.cgi?query=sshd&sektion=8&manpath=FreeBSD+4.5-stable">
<span class="CITEREFENTRY"><span class=
"REFENTRYTITLE">sshd</span>(8)</span></a> to execute
arbitrary code with superuser privileges, or allowed a
malicious SSH server to execute arbitrary code on the
client system with the privileges of the client user.
Various workarounds and bugfixes, for versions of <b class=
"APPLICATION">OpenSSH</b> in both the base system and Ports
Collection, can be found in security advisory <a href=
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
target="_top">FreeBSD-SA-02:13</a>.</p>
<p>A programming error in <b class="APPLICATION">zlib</b>
could result in attempts to free memory multiple times. The
<a href=
"http://www.FreeBSD.org/cgi/man.cgi?query=malloc&sektion=3&manpath=FreeBSD+4.5-stable">
<span class="CITEREFENTRY"><span class=
"REFENTRYTITLE">malloc</span>(3)</span></a>/<a href=
"http://www.FreeBSD.org/cgi/man.cgi?query=free&sektion=3&manpath=FreeBSD+4.5-stable">
<span class="CITEREFENTRY"><span class=
"REFENTRYTITLE">free</span>(3)</span></a> routines used in
FreeBSD are not vulnerable to this error, but applications
receiving specially-crafted blocks of invalid compressed
data could be made to function incorrectly or abort. This
<b class="APPLICATION">zlib</b> bug has been fixed. For a
workaround and solutions, see security advisory <a href=
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.v1.2.asc"
target="_top">FreeBSD-SA-02:18</a>.</p>
<p>Bugs in the TCP SYN cache (``syncache'') and SYN cookie
(``syncookie'') implementations, which could cause
legitimate TCP/IP traffic to crash a machine, have been
fixed. For a workaround and patches, see security advisory
<a href=
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc"
target="_top">FreeBSD-SA-02:20</a>.</p>
<p>A routing table memory leak, which could allow a remote
attacker to exhaust the memory of a target machine, has
been fixed. A workaround and patches can be found in
security advisory <a href=
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc"
target="_top">FreeBSD-SA-02:21</a>.</p>
<p>A bug with memory-mapped I/O, which could cause a system
crash, has been fixed. For more information about a
solution, see security advisory <a href=
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc"
target="_top">FreeBSD-SA-02:22</a>.</p>
<p>A security hole, in which SUID programs could be made to
read from or write to inappropriate files through
manipulation of their standard I/O file descriptors, has
been fixed. Information regarding a solution can be found
in security advisory <a href=
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc"
target="_top">FreeBSD-SA-02:23</a>.</p>
</div>
<div class="SECT1">
<hr>
<h1 class="SECT1"><a name="AEN63">3 System Update
Information</a></h1>
<p>Certain SSH clients, when attempting to connect to a
FreeBSD 4.5-RELEASE server, will unexpectedly present an <b
class="APPLICATION">S/Key</b> prompt, even if <a href=
"http://www.FreeBSD.org/cgi/man.cgi?query=sshd&sektion=8&manpath=FreeBSD+4.5-stable">
<span class="CITEREFENTRY"><span class=
"REFENTRYTITLE">sshd</span>(8)</span></a> on the server has
not been later explicitly configured for <b class=
"APPLICATION">S/Key</b> authentication. This is due to the
default settings of clients having changed (e.g. use of SSH
protocol version 2 where it was not used before), or from a
change from the client's old default authentication
sequence. There are a number of ways to disable this
behavior:</p>
<ul>
<li>
<p>On newer <b class="APPLICATION">OpenSSH</b> clients,
add the following line to your <tt class=
"FILENAME">~/.ssh/config</tt> file:</p>
<pre class="PROGRAMLISTING">
PreferredAuthentications publickey,password,keyboard-interactive
</pre>
<br>
<br>
</li>
<li>
<p>For <b class="APPLICATION">PuTTY</b> clients, the
authentication sequence order cannot be changed, but
keyboard-interactive authentication can be disabled in
the settings.</p>
</li>
<li>
<p>To disable keyboard-interactive authentication in
the server, uncomment the following line in the <tt
class="FILENAME">/etc/ssh/sshd_config</tt> file (on the
server host):</p>
<pre class="PROGRAMLISTING">
ChallengeResponseAuthentication no
</pre>
<br>
<br>
</li>
</ul>
This problem has been corrected in FreeBSD 4.6-PRERELEASE.
<br>
<br>
<p>The release notes mentioned the new sbni device driver,
but gave an incorrect reference to the program in the
FreeBSD Ports Collection used to configure the driver. The
correct filename for the port is <a href=
"http://www.FreeBSD.org/cgi/url.cgi?ports/sysutils/sbniconfig/pkg-descr">
<tt class="FILENAME">sysutils/sbniconfig</tt></a>.</p>
<p>Linux emulation now requires <tt class="LITERAL">options
SYSVSEM</tt> in the kernel configuration. This dependency
was introduced into FreeBSD before 4.5-RELEASE.</p>
<p>Packages containing some optional components of <b
class="APPLICATION">KDE</b> were accidentally omitted from
the ISO images (and hence the official 4-CD set). In prior
releases, these packages could be installed using the <a
href=
"http://www.FreeBSD.org/cgi/url.cgi?ports/x11/kde2/pkg-descr">
<tt class="FILENAME">x11/kde2</tt></a> package. These
components can either be installed using the FreeBSD Ports
Collection or by downloading the binary packages from one
of the FreeBSD FTP servers. The affected ports are: <a
href=
"http://www.FreeBSD.org/cgi/url.cgi?ports/games/kdegames2/pkg-descr">
<tt class="FILENAME">games/kdegames2</tt></a>, <a href=
"http://www.FreeBSD.org/cgi/url.cgi?ports/misc/kdeutils2/pkg-descr">
<tt class="FILENAME">misc/kdeutils2</tt></a>, <a href=
"http://www.FreeBSD.org/cgi/url.cgi?ports/editors/koffice/pkg-descr">
<tt class="FILENAME">editors/koffice</tt></a>, <a href=
"http://www.FreeBSD.org/cgi/url.cgi?ports/net/kdenetwork2/pkg-descr">
<tt class="FILENAME">net/kdenetwork2</tt></a>, <a href=
"http://www.FreeBSD.org/cgi/url.cgi?ports/graphics/kdegraphics2/pkg-descr">
<tt class="FILENAME">graphics/kdegraphics2</tt></a>, and <a
href=
"http://www.FreeBSD.org/cgi/url.cgi?ports/audio/kdemultimedia2/pkg-descr">
<tt class="FILENAME">audio/kdemultimedia2</tt></a>. Note
that the <a href=
"http://www.FreeBSD.org/cgi/url.cgi?ports/x11/kdelibs2/pkg-descr">
<tt class="FILENAME">x11/kdelibs2</tt></a> and <a href=
"http://www.FreeBSD.org/cgi/url.cgi?ports/x11/kdebase2/pkg-descr">
<tt class="FILENAME">x11/kdebase2</tt></a> packages, which
are frequently required by these other components, <span
class="emphasis"><i class="EMPHASIS">are</i></span>
included on disk 1 of the official 4-CD set. <a name=
"AEN100" href="#FTN.AEN100">[1]</a></p>
<p>A binary package containing <b class=
"APPLICATION">Samba</b> was accidentally omitted from the
ISO images. This software can either be installed using the
<a href=
"http://www.FreeBSD.org/cgi/url.cgi?ports/net/samba/pkg-descr">
<tt class="FILENAME">net/samba</tt></a> port in the FreeBSD
Ports Collection or by downloading and installing its
binary package from one of the FreeBSD FTP servers.</p>
<p>A bug has been fixed in soft updates that can cause
occasional filesystem corruption if the system is shut down
immediately after performing heavy filesystem activities,
such as installing a new kernel or other software. The
system shutdown was unable to flush all buffers on shutdown
and would report this fact. The problem can be worked
around by running <a href=
"http://www.FreeBSD.org/cgi/man.cgi?query=sync&sektion=8&manpath=FreeBSD+4.5-stable">
<span class="CITEREFENTRY"><span class=
"REFENTRYTITLE">sync</span>(8)</span></a> a few times
before rebooting, or solved by updating to a recent FreeBSD
4.6-PRERELEASE snapshot.</p>
<p>The ciss driver was inadvertently omitted from the
FreeBSD 4.5-RELEASE <tt class="FILENAME">GENERIC</tt>
kernel, thus making it impossible (or at least very
difficult) to perform an initial install to disks attached
to this controller. This problem has been corrected in
FreeBSD 4.6-PRERELEASE.</p>
</div>
</div>
<h3 class="FOOTNOTES">Notes</h3>
<table border="0" class="FOOTNOTES" width="100%">
<tr>
<td align="LEFT" valign="TOP" width="5%"><a name=
"FTN.AEN100" href="#AEN100">[1]</a></td>
<td align="LEFT" valign="TOP" width="95%">
<p>The complete FreeBSD package collection currently
fills nine CDROMs. The official 4-CD set therefore only
contains a subset of the available packages. Several
FreeBSD vendors offer distributions that contain a more
complete set of packages; a more complete collection can
also be found on the FreeBSD FTP sites.</p>
</td>
</tr>
</table>
<hr>
<p align="center"><small>This file, and other release-related
documents, can be downloaded from <a href=
"ftp://releng4.FreeBSD.org/pub/FreeBSD/">ftp://releng4.FreeBSD.org/pub/FreeBSD/</a>.</small></p>
<p align="center"><small>For questions about FreeBSD, read the
<a href="http://www.FreeBSD.org/docs.html">documentation</a>
before contacting &#60;<a href=
"mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.</small></p>
<p align="center"><small><small>All users of FreeBSD 4-STABLE
should subscribe to the &#60;<a href=
"mailto:stable@FreeBSD.org">stable@FreeBSD.org</a>&#62; mailing
list.</small></small></p>
<p align="center">For questions about this documentation,
e-mail &#60;<a href=
"mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</p>
<br>
<br>
</body>
</html>
Reference in a new issue View git blame Copy permalink