Fix a typo: s/sytem/system/

[FreeBSD/stable/10.git] / release / doc / en_US.ISO8859-1 / errata / article.xml

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN"
        "http://www.FreeBSD.org/XML/share/xml/freebsd50.dtd" [
<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"
        "http://www.FreeBSD.org/release/XML/release.ent">
%release;
]>

<article xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         version="5.0">
  <info>
    <title>&os; &release.prev; Errata </title>

    <author><orgname>The &os; Project</orgname></author>

    <pubdate>$FreeBSD$</pubdate>

    <copyright>
      <year>2014</year>

      <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
    </copyright>

    <legalnotice xml:id="trademarks" role="trademarks">
      &tm-attrib.freebsd;
      &tm-attrib.intel;
      &tm-attrib.sparc;
      &tm-attrib.general;
    </legalnotice>

    <abstract>
      <para>This document lists errata items for &os; &release.prev;,
        containing significant information discovered after the release
        or too late in the release cycle to be otherwise included in the
        release documentation.
        This information includes security advisories, as well as news
        relating to the software or documentation that could affect its
        operation or usability.  An up-to-date version of this document
        should always be consulted before installing this version of
        &os;.</para>

      <para>This errata document for &os; &release.prev;
        will be maintained until the release of &os; &release.next;.</para>
    </abstract>
  </info>

  <sect1 xml:id="intro">
    <title>Introduction</title>

    <para>This errata document contains <quote>late-breaking news</quote>
      about &os; &release.prev;
      Before installing this version, it is important to consult this
      document to learn about any post-release discoveries or problems
      that may already have been found and fixed.</para>

    <para>Any version of this errata document actually distributed
      with the release (for example, on a CDROM distribution) will be
      out of date by definition, but other copies are kept updated on
      the Internet and should be consulted as the <quote>current
      errata</quote> for this release.  These other copies of the
      errata are located at
      <link xlink:href="http://www.FreeBSD.org/releases/" />,
      plus any sites
      which keep up-to-date mirrors of this location.</para>

    <para>Source and binary snapshots of &os; &release.branch; also
      contain up-to-date copies of this document (as of the time of
      the snapshot).</para>

    <para>For a list of all &os; CERT security advisories, see
      <link xlink:href="http://www.FreeBSD.org/security/" />
      or <link xlink:href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/" />.</para>
  </sect1>

  <sect1 xml:id="security">
    <title>Security Advisories</title>

    <informaltable frame="none" pgwide="0">
      <tgroup cols="3">
        <colspec colwidth="1*" />
        <colspec colwidth="1*" />
        <colspec colwidth="3*" />
        <thead>
          <row>
            <entry>Advisory</entry>
            <entry>Date</entry>
            <entry>Topic</entry>
          </row>
        </thead>

        <tbody>
          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-13:14.openssh.asc"
              >SA-13:14.openssh</link></entry>

            <entry>19&nbsp;November&nbsp;2013</entry>

            <entry><para>OpenSSH AES-GCM memory corruption
                vulnerability</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:01.bsnmpd.asc"
              >SA-14:01.bsnmpd</link></entry>

            <entry>14&nbsp;January&nbsp;2014</entry>

            <entry><para>bsnmpd remote denial of service vulnerability</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:02.ntpd.asc"
              >SA-14:02.ntpd</link></entry>

            <entry>14&nbsp;January&nbsp;2014</entry>

            <entry><para>ntpd distributed reflection Denial of Service vulnerability</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:03.openssl.asc"
              >SA-14:03.openssl</link></entry>

            <entry>14&nbsp;January&nbsp;2014</entry>

            <entry><para>OpenSSL multiple vulnerabilities</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc"
              >SA-14:04.bind</link></entry>

            <entry>14&nbsp;January&nbsp;2014</entry>

            <entry><para>BIND remote denial of service vulnerability</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc"
              >SA-14:05.nfsserver</link></entry>

            <entry>8&nbsp;April&nbsp;2014</entry>

            <entry><para>Deadlock in the NFS server</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc"
              >SA-14:06.openssl</link></entry>

            <entry>8&nbsp;April&nbsp;2014</entry>

            <entry><para>OpenSSL multiple vulnerabilities</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:07.devfs.asc">SA-14:07.devfs</link></entry>
            <entry>30&nbsp;April&nbsp;2014</entry>
            <entry><para>Fix devfs rules not applied by default for
                jails</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc">SA-14:08.tcp</link></entry>
            <entry>30&nbsp;April&nbsp;2014</entry>
            <entry><para>Fix TCP reassembly
                vulnerability</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:09.openssl.asc">SA-14:09.openssl</link></entry>
            <entry>30&nbsp;April&nbsp;2014</entry>
            <entry><para>Fix OpenSSL use-after-free
                vulnerability</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:10.openssl.asc">SA-14:10.openssl</link></entry>
            <entry>15&nbsp;May&nbsp;2014</entry>
            <entry><para>Fix OpenSSL NULL pointer deference
                vulnerability</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:11.sendmail.asc">SA-14:11.sendmail</link></entry>
            <entry>3&nbsp;June&nbsp;2014</entry>
            <entry><para>Fix sendmail improper close-on-exec flag
                handling</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc">SA-14:13.pam</link></entry>
            <entry>3&nbsp;June&nbsp;2014</entry>
            <entry><para>Fix incorrect error handling in PAM policy
                parser</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:14.openssl.asc">SA-14:14.openssl</link></entry>
            <entry>5&nbsp;June&nbsp;2014</entry>
            <entry><para>Multiple vulnerabilities</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:15.iconv.asc">SA-14:15.iconv</link></entry>
            <entry>24&nbsp;June&nbsp;2014</entry>
            <entry><para>NULL pointer dereference and out-of-bounds
                array access</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:16.file.asc">SA-14:16.file</link></entry>
            <entry>24&nbsp;June&nbsp;2014</entry>
            <entry><para>Multiple vulnerabilities</para></entry>
          </row>

          <row>
            <entry><link xlink:href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc">SA-14:17.kmem</link></entry>
            <entry>8&nbsp;July&nbsp;2014</entry>
            <entry><para>Kernel memory disclosure in control messages
                and SCTP notifications</para></entry>
          </row>
        </tbody>
      </tgroup>
    </informaltable>
  </sect1>

  <sect1 xml:id="open-issues">
    <title>Open Issues</title>

    <itemizedlist>
      <listitem>
        <para>&os;/&arch.i386; &release.prev; running as a guest
          operating system on <application>VirtualBox</application>
          can have a problem with disk I/O access.  It depends on some
          specific hardware configuration and does not depend on a
          specific version of <application>VirtualBox</application> or
          host operating system.</para>

        <para>It causes various errors and makes &os; quite unstable.
          Although the cause is still unclear, disabling unmapped I/O
          works as a workaround.  To disable it, choose <literal>Escape to
            loader prompt</literal> in the boot menu and enter the following
          lines from &man.loader.8; prompt, after
          an <literal>OK</literal>:</para>

        <screen>set vfs.unmapped_buf_allowed=0
boot</screen>

        <para>Note that the following line has to be added to
          <filename>/boot/loader.conf</filename> after a boot.
          It disables unmapped I/O at every boot:</para>

        <programlisting>vfs.unmapped_buf_allowed=0</programlisting>

        <para>[2014-04-03 update]  It has been reported that
          instability may be present on virtual machines running
          on other hypervisors, such as Xen or KVM.</para>
      </listitem>

      <listitem>
        <para>A bug in <application>Heimdal</application> (an
          implementation of <application>Kerberos</application>
          authentication in &os; base system) has been fixed.  It
          could cause an interoperability issue between
          <application>Heimdal</application> and the other
          implementations including <application>MIT
          Kerberos</application>.  However, due to this fix,
          <application>Heimdal</application> and some applications
          which depend on it in the previous &os; releases do not work
          with one in &release.prev; in certain cases.  Errata Notice
          for the supported releases to fix it will be
          released.</para>
      </listitem>

      <listitem>
        <para>A bug in &man.killall.1; has been discovered.  It
          makes <userinput>killall -INT</userinput> to deliver
          <literal>SIGTERM</literal> rather than the desired
          <literal>SIGINT</literal>, and may cause blocking
          behavior for scripts that uses it, as <literal>-I</literal>
          means <quote>interactive</quote>.  A workaround of this
          would be to use <literal>-SIGINT</literal> instead.
          This bug has been fixed on &os;-CURRENT and will be fixed
          in &os; &release.current;.</para>
      </listitem>

      <listitem>
        <para>The &man.bxe.4; driver can cause packet corruption when
          TSO (TCP Segmentation Offload) feature is enabled.  This
          feature is enabled by default and can be disabled by using a
          <option>-tso</option> parameter of &man.ifconfig.8;.  It can
          be specified in &man.rc.conf.5; like the following:</para>

        <programlisting>ifconfig_bxe0="DHCP -tso"</programlisting>

        <para>This bug has been fixed on &os; &release.current;.</para>
      </listitem>

      <listitem>
        <para>Due to a minor incompatibility with &man.pkg.7; version
          <literal>1.2.x</literal>, &man.bsdconfig.8; will duplicate
          the list of available packages for installation.  This is
          due to the <literal>PACKAGESITE</literal> environment
          variable being set for backwards compatibility with older
          versions of &man.pkg.7;.  This affects generation of the
          available package list only, and does not affect the
          behavior when processing packages for installation.</para>
      </listitem>

      <listitem>
        <para>A regression in &man.pw.8; does not remove a user from
          groups not specified in the provided group list when the
          <literal>-G</literal> flag is used.  This is expected to be
          corrected in &os;-CURRENT and &os; &release.current;.</para>
      </listitem>

      <listitem>
        <para>&man.ipfw.8; <literal>fwd</literal> action can send
          packets to the correct interface with a wrong link-layer
          address when the route is updated.  This bug has been fixed
          on &os;-CURRENT and will be fixed in &os;
          &release.current;.</para>
      </listitem>

      <listitem>
        <para>The &man.mount.udf.8; utility has a bug which prevents
          it from mounting any UDF file system.  This has been fixed
          in &os;-CURRENT and &os; &release.current;.</para>
      </listitem>

      <listitem>
        <para>Updating LSI firmware on &man.mps.4; controllers with
          the <application>sas2flash</application> utility may cause
          the system to hang, or may cause the system to panic.  This
          is fixed in the <literal>stable/10</literal> branch with
          revisions <literal>r262553</literal> and
          <literal>r262575</literal>, and will be included in
          &os;&nbsp;10.1-RELEASE.</para>
      </listitem>
    </itemizedlist>
  </sect1>

  <sect1 xml:id="late-news">
    <title>Late-Breaking News</title>

    <para>No news.</para>
  </sect1>
</article>