FreeBSD The Power to Serve

FreeBSD 5.1-RELEASE Errata

The FreeBSD Project

$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v 1.54 2003/12/04 23:53:54 bmah Exp $

FreeBSD is a registered trademark of Wind River Systems, Inc. This is expected to change soon.

Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

Sparc, Sparc64, SPARCEngine, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. Products bearing SPARC trademarks are based upon architecture developed by Sun Microsystems, Inc.

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the ``™'' or the ``®'' symbol.


This document lists errata items for FreeBSD 5.1-RELEASE, containing significant information discovered after the release or too late in the release cycle to be otherwise included in the release documentation. This information includes security advisories, as well as news relating to the software or documentation that could affect its operation or usability. An up-to-date version of this document should always be consulted before installing this version of FreeBSD.

This errata document for FreeBSD 5.1-RELEASE will be maintained until the release of FreeBSD 5.2-RELEASE.


1 Introduction

This errata document contains ``late-breaking news'' about FreeBSD 5.1-RELEASE. Before installing this version, it is important to consult this document to learn about any post-release discoveries or problems that may already have been found and fixed.

Any version of this errata document actually distributed with the release (for example, on a CDROM distribution) will be out of date by definition, but other copies are kept updated on the Internet and should be consulted as the ``current errata'' for this release. These other copies of the errata are located at http://www.FreeBSD.org/releases/, plus any sites which keep up-to-date mirrors of this location.

Source and binary snapshots of FreeBSD 5-CURRENT also contain up-to-date copies of this document (as of the time of the snapshot).

For a list of all FreeBSD CERT security advisories, see http://www.FreeBSD.org/security/ or ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/.


2 Security Advisories

The implementation of the realpath(3) function contained a single-byte buffer overflow bug. This had various impacts, depending on the application using realpath(3) and other factors. This bug was fixed on the 5-CURRENT development branch before 5.1-RELEASE; FreeBSD 5.1-RELEASE is therefore not affected. However, this change was not noted in the release documentation. For more information, see security advisory FreeBSD-SA-03:08.

The kernel contains a bug that could allow it to attempt delivery of invalid signals, leading to a kernel panic or, under some circumstances, unauthorized modification of kernel memory. This bug has been fixed on the 5-CURRENT development branch and the 5.1-RELEASE security fix branch. For more information, see security advisory FreeBSD-SA-03:09.

A bug in the iBCS2 emulation module could result in disclosing the contents of kernel memory. (Note that this module is not enabled in FreeBSD by default.) This bug has been fixed on the 5-CURRENT development branch and the 5.1-RELEASE security fix branch. More information can be found in security advisory FreeBSD-SA-03:10.

OpenSSH contains a bug in its buffer management code that could potentially cause it to crash. This bug has been fixed via a vendor-supplied patch on the 5-CURRENT development branch and the 5.1-RELEASE security fix branch. For more details, refer to security advisory FreeBSD-SA-03:12.

sendmail contains a remotely-exploitable buffer overflow. This bug has been fixed via a new version import on the 5-CURRENT development branch and via a vendor-supplied patch on the 5.1-RELEASE security fix branch. More details can be found in security advisory FreeBSD-SA-03:13.

The FreeBSD ARP code contains a bug that could allow the kernel to cause resource starvation which eventually results in a system panic. This bug has been fixed on the 5-CURRENT development branch and the 5.1-RELEASE security fix branch. More information can be found in security advisory FreeBSD-SA-03:14.

Several bugs in the OpenSSH PAM authentication code could have impacts ranging from incorrect authentication to a stack corruption. These have been corrected via vendor-supplied patches; details can be found in security advisory FreeBSD-SA-03:15.

The implementation of the procfs(5) and the linprocfs(5) contain a bug that could result in disclosing the contents of kernel memory. This bug has been fixed on the 5-CURRENT development branch and the 5.1-RELEASE security fix branch. More information can be found in security advisory FreeBSD-SA-03:17.

OpenSSL contains several bugs which could allow a remote attacker to crash an OpenSSL-using application or to execute arbitrary code with the privileges of the application. These bugs have been fixed via a vendor-supplied patch on the 5-CURRENT development branch and the 5.1-RELEASE security fix branch. Note that only applications that use OpenSSL's ASN.1 or X.509 handling code are affected (OpenSSH is unaffected, for example). More information can be found in security advisory FreeBSD-SA-03:18.

BIND contains the potential for a denial-of-service attack. This vulnerability has been addressed by a vendor patch on the 5.1-RELEASE security fix branch and by the import of a new version to the 5-CURRENT development branch. For more information, see FreeBSD-SA-03:19.


3 Open Issues

The RAIDframe disk driver described in raid(4) is non-functional for this release.

ACPI seems to make some i386™ machines unstable. Turning off ACPI support may help solve some of these problems; see an item in Section 4.

An integer overflow could cause kernel panics on PAE-using machines with certain memory sizes. This bug has been corrected on both the RELENG_5_1 and HEAD branches. A workaround for this problem is to remove some memory, update the system in question, and reinstall the memory.

Attempting to write to an msdosfs(5) file system that has been upgraded from read-only to read-write via mount -u will cause the system to lock up. To work around this problem, unmount the file system first, then mount it again with the appropriate options instead of using mount -u.


4 Late-Breaking News

ipfw(4) should work correctly on strict-alignment 64-bit architectures such as alpha and Sparc64®.

The release notes should have stated that the libthr library is built by default for the i386 platform.

FreeBSD 5.1-RELEASE includes some new boot loader scripts designed to make booting FreeBSD with different options easier. This may help diagnose bootstrapping problems. These scripts build on the existing Forth-based boot loader scripts (thus, /boot/loader.conf and other existing loader configuration files still apply). They are only installed by default for new binary installs on i386 machines. The new scripts present a boot-time menu that controls how FreeBSD is booted, and include options to turn off ACPI, a ``safe mode'' boot, single-user booting, and verbose booting. ``Safe mode'' booting can be particularly useful when compatibility with a system's hardware is uncertain, and sets the following kernel tunable variables:

hint.acpi.0.disabled=1 # disable ACPI (i386 only)
hw.ata.ata_dma=0       # disable IDE DMA
hw.ata.atapi_dma=0     # disable ATAPI/IDE DMA
hw.ata.wc=0            # disable IDE disk write cache
hw.eisa_slots=0        # disable probing for EISA devices

For new installs on i386 architecture machines, sysinstall(8) will try to determine if ACPI was disabled via the new boot loader scripts mentioned above, and if so, ask if this change should be made permanent.

The release notes should have mentioned that work on the following features was sponsored by the Defense Advanced Research Projects Agency (DARPA): OpenPAM, NSS support, PAE support, various MAC framework updates, the GEOM disk geometry system.


This file, and other release-related documents, can be downloaded from http://snapshots.jp.FreeBSD.org/.

For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.

All users of FreeBSD 5-CURRENT should subscribe to the <current@FreeBSD.org> mailing list.

For questions about this documentation, e-mail <doc@FreeBSD.org>.