os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/en/releases/4.7R/errata.html
Bruce A. Mah 591abf2dc5 Regen from article.sgml 1.1.2.97.
2003-03-20 20:25:01 +00:00

284 lines
13 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>FreeBSD 4.7-RELEASE Errata</title>
<meta name="GENERATOR"
content="Modular DocBook HTML Stylesheet Version 1.73 " />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
</head>
<body class="ARTICLE" bgcolor="#FFFFFF" text="#000000"
link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="ARTICLE">
<div class="TITLEPAGE">
<h1 class="TITLE"><a id="AEN2" name="AEN2">FreeBSD
4.7-RELEASE Errata</a></h1>
<h3 class="CORPAUTHOR">The FreeBSD Project</h3>
<p class="COPYRIGHT">Copyright &copy; 2000, 2001, 2002,
2003 by The FreeBSD Documentation Project</p>
<p class="PUBDATE">$FreeBSD:
src/release/doc/en_US.ISO8859-1/errata/article.sgml,v
1.1.2.97 2003/03/20 20:03:52 bmah Exp $<br />
</p>
<hr />
</div>
<blockquote class="ABSTRACT">
<div class="ABSTRACT">
<a id="AEN12" name="AEN12"></a>
<p>This document lists errata items for FreeBSD
4.7-RELEASE, containing significant information
discovered after the release. This information includes
security advisories, as well as news relating to the
software or documentation that could affect its operation
or usability. An up-to-date version of this document
should always be consulted before installing this version
of FreeBSD.</p>
<p>This errata document for FreeBSD 4.7-RELEASE will be
maintained until the release of FreeBSD 4.8-RELEASE.</p>
</div>
</blockquote>
<div class="SECT1">
<hr />
<h1 class="SECT1"><a id="AEN15" name="AEN15">1
Introduction</a></h1>
<p>This errata document contains ``late-breaking news''
about FreeBSD 4.7-RELEASE. Before installing this version,
it is important to consult this document to learn about any
post-release discoveries or problems that may already have
been found and fixed.</p>
<p>Any version of this errata document actually distributed
with the release (for example, on a CDROM distribution)
will be out of date by definition, but other copies are
kept updated on the Internet and should be consulted as the
``current errata'' for this release. These other copies of
the errata are located at <a
href="http://www.FreeBSD.org/releases/"
target="_top">http://www.FreeBSD.org/releases/</a>, plus
any sites which keep up-to-date mirrors of this
location.</p>
<p>Source and binary snapshots of FreeBSD 4-STABLE also
contain up-to-date copies of this document (as of the time
of the snapshot).</p>
<p>For a list of all FreeBSD CERT security advisories, see
<a href="http://www.FreeBSD.org/security/"
target="_top">http://www.FreeBSD.org/security/</a> or <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"
target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
</div>
<div class="SECT1">
<hr />
<h1 class="SECT1"><a id="AEN26" name="AEN26">2 Security
Advisories</a></h1>
<p>Buffer overflows in kadmind(8) and k5admin could
potentially cause the administrative server to execute
arbitrary code. Bugfix and workaround information can be
found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:40.kadmind.asc"
target="_top">FreeBSD-SA-02:40</a>.</p>
<p>Errors in <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=smrsh&sektion=8&manpath=FreeBSD+4.7-stable">
<span class="CITEREFENTRY"><span
class="REFENTRYTITLE">smrsh</span>(8)</span></a>, which
could allow users to circumvent restrictions on what
programs can be executed, were fixed in FreeBSD
4.7-RELEASE. Because the applicable security advisory (<a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:41.smrsh.asc"
target="_top">FreeBSD-SA-02:41</a>) was not issued after
the release, this fact was not included in the release
notes.</p>
<p>Buffer overflows in the DNS <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=resolver&sektion=3&manpath=FreeBSD+4.7-stable">
<span class="CITEREFENTRY"><span
class="REFENTRYTITLE">resolver</span>(3)</span></a>, which
could cause some applications to fail, have been corrected.
This change was not mentioned in the release notes, as the
applicable security advisory (<a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:42.resolv.asc"
target="_top">FreeBSD-SA-02:42</a>) was not issued until
after the release.</p>
<p>Several vulnerabilities exist in the version of <b
class="APPLICATION">BIND</b> included with FreeBSD
4.7-RELEASE. More information, including bugfixes and
workaround suggestions, can be found in security advisory
<a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:43.bind.asc"
target="_top">FreeBSD-SA-02:43</a>.</p>
<p>A file descriptor leak in the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=fpathconf&sektion=2&manpath=FreeBSD+4.7-stable">
<span class="CITEREFENTRY"><span
class="REFENTRYTITLE">fpathconf</span>(2)</span></a> system
call, can allow a local user to crash the system or cause a
privilege escalation. Bugfix information can be found in
security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc"
target="_top">FreeBSD-SA-02:44</a>.</p>
<p>Remotely exploitable vulnerabilities in <b
class="APPLICATION">CVS</b> could allow an attacker to
execute arbitrary comands on a CVS server. More details can
be found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc"
target="_top">FreeBSD-SA-03:01</a>.</p>
<p>A timing-based attack on <b
class="APPLICATION">OpenSSL</b>, could allow a very
powerful attacker access to plaintext under certain
circumstances. This problem has been corrected in FreeBSD
4.8-RC with an upgrade to <b
class="APPLICATION">OpenSSL</b> 0.9.7. On supported
security fix branches, this problem has been corrected with
the import of <b class="APPLICATION">OpenSSL</b> 0.9.6i.
See security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc"
target="_top">FreeBSD-SA-03:02</a> for more details.</p>
<p>It may be possible to recover the shared secret key used
by the implementation of the ``syncookies'' feature. This
reduces its effectiveness in dealing with TCP SYN flood
denial-of-service attacks. Workaround information and fixes
are given in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc"
target="_top">FreeBSD-SA-03:03</a>.</p>
<p>Due to a buffer overflow in header parsing in <b
class="APPLICATION">sendmail</b>, a remote attacker can
create a specially-crafted message that may cause <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=sendmail&sektion=8&manpath=FreeBSD+4.7-stable">
<span class="CITEREFENTRY"><span
class="REFENTRYTITLE">sendmail</span>(8)</span></a> to
execute arbitrary code with the privileges of the user
running it, typically <tt class="USERNAME">root</tt>. More
information, including pointers to patches, can be found in
security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc"
target="_top">FreeBSD-SA-03:04</a>.</p>
<p>The XDR encoder/decoder does incorrect bounds-checking,
which could allow a remote attacker to cause a
denial-of-service. For bugfix information, see security
advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:05.xdr.asc"
target="_top">FreeBSD-SA-03:05</a>.</p>
</div>
<div class="SECT1">
<hr />
<h1 class="SECT1"><a id="AEN68" name="AEN68">3
Late-Breaking News</a></h1>
<p>Due to concerns over the licensing terms for the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=matcd&sektion=4&manpath=FreeBSD+4.7-stable">
<span class="CITEREFENTRY"><span
class="REFENTRYTITLE">matcd</span>(4)</span></a> driver
uncovered late in FreeBSD 4.7-RELEASE's release cycle, the
<a
href="http://www.FreeBSD.org/cgi/man.cgi?query=matcd&sektion=4&manpath=FreeBSD+4.7-stable">
<span class="CITEREFENTRY"><span
class="REFENTRYTITLE">matcd</span>(4)</span></a> driver was
removed. These issues are being addressed and this driver
may reappear in a future release of FreeBSD.</p>
<p>The <tt class="FILENAME">srelease</tt> distribution
contains object files for <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.7-stable">
<span class="CITEREFENTRY"><span
class="REFENTRYTITLE">sysinstall</span>(8)</span></a> in
the <tt class="FILENAME">release/sysinstall</tt> directory.
These files were generated during the release building
process but, for some reason, were not removed from the
distribution files. They are harmless.</p>
<p>The <a
href="http://www.FreeBSD.org/cgi/url.cgi?ports/databases/rdfdb/pkg-descr">
<tt class="FILENAME">databases/rdfdb</tt></a> and <a
href="http://www.FreeBSD.org/cgi/url.cgi?ports/mail/ssmtp/pkg-descr">
<tt class="FILENAME">mail/ssmtp</tt></a> packages included
in the 4.7-RELEASE package set cannot be installed
correctly. A workaround is to build and install these
programs using the Ports Collection.</p>
<p>The <a
href="http://www.FreeBSD.org/cgi/url.cgi?ports/net/gnomeicu/pkg-descr">
<tt class="FILENAME">net/gnomeicu</tt></a> package included
in the 4.7-RELEASE package set may not run correctly, due
to a missing dependency on the <a
href="http://www.FreeBSD.org/cgi/url.cgi?ports/net/gnet/pkg-descr">
<tt class="FILENAME">net/gnet</tt></a> package. To work
around this problem, install <a
href="http://www.FreeBSD.org/cgi/url.cgi?ports/net/gnet/pkg-descr">
<tt class="FILENAME">net/gnet</tt></a> either from a
package or the Ports Collection, preferably before
installing <a
href="http://www.FreeBSD.org/cgi/url.cgi?ports/net/gnomeicu/pkg-descr">
<tt class="FILENAME">net/gnomeicu</tt></a>.</p>
<p>The release notes for FreeBSD 4.7-RELEASE incorrectly
stated that the <tt class="OPTION">-J</tt> option to <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=xargs&sektion=1&manpath=FreeBSD+4.7-stable">
<span class="CITEREFENTRY"><span
class="REFENTRYTITLE">xargs</span>(1)</span></a> is
deprecated. In fact, there are no plans to remove this
option.</p>
<p><a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ftpd&sektion=8&manpath=FreeBSD+4.7-stable">
<span class="CITEREFENTRY"><span
class="REFENTRYTITLE">ftpd</span>(8)</span></a> has a bug
in its virtual hosting function triggered if <tt
class="FILENAME">/etc/ftphosts</tt> defines a virtual host
whose IP address can resolve back to a hostname. In that
case the daemon will be exiting on <tt
class="LITERAL">SIGSEGV</tt> (signal 11) if started from <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=inetd&sektion=8&manpath=FreeBSD+4.7-stable">
<span class="CITEREFENTRY"><span
class="REFENTRYTITLE">inetd</span>(8)</span></a>, or may
malfunction unpredictably if running stand-alone. This bug
has been fixed in FreeBSD 4.8-RC.</p>
</div>
</div>
<hr />
<p align="center"><small>This file, and other release-related
documents, can be downloaded from <a
href="http://snapshots.jp.FreeBSD.org/">http://snapshots.jp.FreeBSD.org/</a>.</small></p>
<p align="center"><small>For questions about FreeBSD, read the
<a href="http://www.FreeBSD.org/docs.html">documentation</a>
before contacting &#60;<a
href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.</small></p>
<p align="center"><small><small>All users of FreeBSD 4-STABLE
should subscribe to the &#60;<a
href="mailto:stable@FreeBSD.org">stable@FreeBSD.org</a>&#62;
mailing list.</small></small></p>
<p align="center">For questions about this documentation,
e-mail &#60;<a
href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</p>
<br />
<br />
</body>
</html>
Reference in a new issue View git blame Copy permalink