From owner-svn-doc-head@FreeBSD.ORG Tue Jan 21 07:02:45 2014 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0342B53E; Tue, 21 Jan 2014 07:02:45 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id DFBE51953; Tue, 21 Jan 2014 07:02:44 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id s0L72iXF026227; Tue, 21 Jan 2014 07:02:44 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.7/8.14.7/Submit) id s0L72iTb026226; Tue, 21 Jan 2014 07:02:44 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201401210702.s0L72iTb026226@svn.freebsd.org> From: Glen Barber Date: Tue, 21 Jan 2014 07:02:44 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r43606 - head/en_US.ISO8859-1/htdocs/releases/10.0R X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jan 2014 07:02:45 -0000 Author: gjb Date: Tue Jan 21 07:02:44 2014 New Revision: 43606 URL: http://svnweb.freebsd.org/changeset/doc/43606 Log: Regen after mention of capsicum enabled by default. Sponsored by: The FreeBSD Foundation Modified: head/en_US.ISO8859-1/htdocs/releases/10.0R/relnotes.html Modified: head/en_US.ISO8859-1/htdocs/releases/10.0R/relnotes.html ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/10.0R/relnotes.html Tue Jan 21 00:46:03 2014 (r43605) +++ head/en_US.ISO8859-1/htdocs/releases/10.0R/relnotes.html Tue Jan 21 07:02:44 2014 (r43606) @@ -1,5 +1,5 @@ -FreeBSD 10.0-RELEASE Release Notes

FreeBSD 10.0-RELEASE Release Notes

The FreeBSD Project

Copyright © 2013-2014 The FreeBSD Documentation +FreeBSD 10.0-RELEASE Release Notes

FreeBSD 10.0-RELEASE Release Notes

The FreeBSD Project

Copyright © 2013-2014 The FreeBSD Documentation Project

FreeBSD is a registered trademark of the FreeBSD Foundation.

IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are @@ -52,7 +52,9 @@ advisories available from FreeBSD Security Information.

AdvisoryDateTopic
SA-13:14.openssh19 November 2013

OpenSSH AES-GCM memory corruption - vulnerability

SA-14:01.bsnmpd14 January 2014

bsnmpd remote denial of service vulnerability

SA-14:02.ntpd14 January 2014

ntpd distributed reflection Denial of Service vulnerability

SA-14:03.openssl14 January 2014

OpenSSL multiple vulnerabilities

SA-14:04.bind< /a>14 January 2014

BIND remote denial of service vulnerability

2.2. Kernel Changes

The use of unmapped VMIO buffers + vulnerability

SA-14:01.bsnmpd14 January 2014

bsnmpd remote denial of service vulnerability

SA-14:02.ntpd14 January 2014

ntpd distributed reflection Denial of Service vulnerability

SA-14:03.openssl14 January 2014

OpenSSL multiple vulnerabilities

SA-14:04.bind< /a>14 January 2014

BIND remote denial of service vulnerability

2.2. Kernel Changes

Capsicum has been enabled in the kernel by default, allowing + sandboxing of several programs that work within the + capabilities mode.

The use of unmapped VMIO buffers eliminates the need to perform TLB shootdown for mapping on buffer creation and reuse, greatly reducing the amount of IPIs for shootdown on big-SMP machines and eliminating up to 25-30%