--- title: "FreeBSD 4.3 Errata Notes" sidenav: download --- include::shared/en/urls.adoc[] = FreeBSD 4.3 Errata Notes .... If you read no other documentation before installing this version of FreeBSD, you should at least by all means *READ THE ERRATA* for this release so that you don't stumble over problems which have already been found and fixed. This ERRATA.TXT file is obviously already out of date by definition, but other copies are kept updated on the net and should be consulted as the "current errata" for your release. These other copies of the errata are located at: 1. http://www.FreeBSD.org/releases/ 2. ftp://ftp.FreeBSD.org/pub/FreeBSD/releases//ERRATA.TXT (and any sites which keep up-to-date mirrors of this location). Any changes to this file are also automatically emailed to: freebsd-current@FreeBSD.org For all FreeBSD security advisories, see: http://www.FreeBSD.org/security/ for the latest security incident information. ---- Security Advisories: The vulnerability documented in security advisory FreeBSD-SA-01:39 was fixed in FreeBSD 4.3-RELEASE. The release notes mentioned the fix, but made no mention of the security advisory. A vulnerability in the fts(3) routines (used by applications for recursively traversing a filesystem) could allow a program to operate on files outside the intended directory hierarchy. This bug, as well as a fix, is described in security advisory FreeBSD-SA-01:40. A flaw allowed some signal handlers to remain in effect in a child process after being exec-ed from its parent. This allowed an attacker to execute arbitrary code in the context of a setuid binary. More details, as well as a fix, are described in security advisory FreeBSD-SA-01:42. A remote buffer overflow in tcpdump(1) could be triggered by sending certain packets at a target machine. More details, as well as a fix, can be found in security advisory FreeBSD-SA-01:48. A remote buffer overflow in telnetd(8) could result in arbitrary code running on a target machine. More details, as well as a fix, can be found in security advisory FreeBSD-SA-01:49. A vulnerability whereby a remote attacker could exhaust a target's pool of network buffers has been closed. More details, as well as a fix, can be found in security advisory FreeBSD-SA-01:52. A flaw existed in ipfw(8), in which ``me'' filter rules would match the remote IP address of a point-to-point interface in addition to the intended local IP address. More details, as well as a fix, can be found in security advisory FreeBSD-SA-01:53. A vulnerability in procfs(5) could allow a process to read sensitive information from another process's memory space. For more details, as well as information on patches, see security advisory FreeBSD-SA-01:55. PARANOID hostname checking in tcp_wrappers did not work correctly. For more details and information on patches, see security advisory FreeBSD-SA-01:56. sendmail(8) has a local root vulnerability. For more details and patch information, see security advisory FreeBSD-SA-01:57. lpd(8) contained a remotely-exploitable buffer overflow. For more details, and a fix for this problem, see security advisory FreeBSD-SA-01:58. rmuser(8) had a race condition that briefly exposed a world-readable /etc/master.passwd. For more details, as well as workarounds and solutions, see security advisory FreeBSD-SA-01:59. ---- System Update Information: The release note entry for the ESS Maestro-3/Allegro sound driver gave an incorrect command for loading the driver via /boot/loader.conf. The correct command is: snd_maestro3_load="YES" ssh(1) is no longer SUID root. The primary manifestation of this change is that .shosts authentication may not work "out of the box". Both temporary and permanent fixes are described in the FAQ at: link:{faq}#SSH-SHOSTS[http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/faq/admin.html#SSH-SHOSTS] .... link:../../[Release Home]