Copyright © 2000, 2001, 2002 by The FreeBSD Documentation Project
$FreeBSD:
src/release/doc/en_US.ISO8859-1/errata/article.sgml,v
- 1.1.2.55 2002/02/28 20:51:24 bmah Exp $
+ 1.1.2.56 2002/03/07 17:01:17 bmah Exp $
This document lists errata items for FreeBSD 4.5-RELEASE, containing significant information discovered after the release. This information includes security advisories, as well as news relating to the software or documentation that could affect its operation or usability. An up-to-date version of this document should always be consulted before installing this version of FreeBSD.
This errata document for FreeBSD 4.5-RELEASE will be maintained until the release of FreeBSD 4.6-RELEASE.
This errata document contains ``late-breaking news'' about FreeBSD 4.5-RELEASE. Before installing this version, it is important to consult this document to learn about any post-release discoveries or problems that may already have been found and fixed.
Any version of this errata document actually distributed with the release (for example, on a CDROM distribution) will be out of date by definition, but other copies are kept updated on the Internet and should be consulted as the ``current errata'' for this release. These other copies of the errata are located at http://www.FreeBSD.org/releases/, plus any sites which keep up-to-date mirrors of this location.
Source and binary snapshots of FreeBSD 4-STABLE also contain up-to-date copies of this document (as of the time of the snapshot).
For a list of all FreeBSD CERT security advisories, see http://www.FreeBSD.org/security/ or ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/.
A race condition existed whereby a file could be removed between a fstatfs(2) call and the point where the file is accessed, causing a kernel panic. Only the procfs(5) filesystem was known to be vulnerable to this attack. This bug was fixed in FreeBSD 4.5-RELEASE, but the security advisory describing the bug was issued after the release. For more information, including a workaround and bug fix, see security advisory FreeBSD-SA-02:09.
+ +An ``off-by-one'' bug has been fixed in OpenSSH's multiplexing code. This bug + could have allowed a connecting SSH client to execute + arbitrary code with the privileges of the client user. + Various workarounds and bugfixes, for versions of OpenSSH in both the base system and Ports + Collection, can be found in security advisory FreeBSD-SA-02:13.
Certain SSH clients, when attempting to connect to a FreeBSD 4.5-RELEASE server, will unexpectedly present an S/Key prompt, even if sshd(8) on the server has not been later explicitly configured for S/Key authentication. This is due to the default settings of clients having changed (e.g. use of SSH protocol version 2 where it was not used before), or from a change from the client's old default authentication sequence. There are a number of ways to disable this behavior:
On newer OpenSSH clients, add the following line to your ~/.ssh/config file:
PreferredAuthentications publickey,password,keyboard-interactive
For PuTTY clients, the authentication sequence order cannot be changed, but keyboard-interactive authentication can be disabled in the settings.
To disable keyboard-interactive authentication in the server, uncomment the following line in the /etc/ssh/sshd_config file (on the server host):
ChallengeResponseAuthentication no
The release notes mentioned the new sbni device driver, but gave an incorrect reference to the program in the FreeBSD Ports Collection used to configure the driver. The correct filename for the port is sysutils/sbniconfig.
Linux emulation now requires options SYSVSEM in the kernel configuration. This dependency was introduced into FreeBSD before 4.5-RELEASE.
Packages containing some optional components of KDE were accidentally omitted from the ISO images (and hence the official 4-CD set). In prior releases, these packages could be installed using the x11/kde2 package. These components can either be installed using the FreeBSD Ports Collection or by downloading the binary packages from one of the FreeBSD FTP servers. The affected ports are: games/kdegames2, misc/kdeutils2, editors/koffice, net/kdenetwork2, graphics/kdegraphics2, and audio/kdemultimedia2. Note that the x11/kdelibs2 and x11/kdebase2 packages, which are frequently required by these other components, are included on disk 1 of the official 4-CD set. [1]
+ "AEN77" href="#FTN.AEN77">[1]A binary package containing Samba was accidentally omitted from the ISO images. This software can either be installed using the net/samba port in the FreeBSD Ports Collection or by downloading and installing its binary package from one of the FreeBSD FTP servers.
A bug has been fixed in soft updates that can cause occasional filesystem corruption if the system is shut down immediately after performing heavy filesystem activities, such as installing a new kernel or other software. The system shutdown was unable to flush all buffers on shutdown and would report this fact. The problem can be worked around by running sync(8) a few times before rebooting, or solved by updating to a recent FreeBSD 4.5-STABLE snapshot.
| [1] | + "FTN.AEN77" href="#AEN77">[1]
The complete FreeBSD package collection currently fills nine CDROMs. The official 4-CD set therefore only contains a subset of the available packages. Several FreeBSD vendors offer distributions that contain a more complete set of packages; a more complete collection can also be found on the FreeBSD FTP sites. |
This file, and other release-related documents, can be downloaded from ftp://releng4.FreeBSD.org/pub/FreeBSD/.
For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
All users of FreeBSD 4-STABLE should subscribe to the <stable@FreeBSD.org> mailing list.
For questions about this documentation, e-mail <doc@FreeBSD.org>.