FreeBSD The Power to Serve

FreeBSD 12.4-RELEASE Errata

Abstract

This document lists errata items for FreeBSD 12.4-RELEASE, containing significant information discovered after the release or too late in the release cycle to be otherwise included in the release documentation. This information includes security advisories, as well as news relating to the software or documentation that could affect its operation or usability. An up-to-date version of this document should always be consulted before installing this version of FreeBSD.

This errata document for FreeBSD 12.4-RELEASE will be maintained until the FreeBSD 12.4-RELEASE end of life.

Introduction

This errata document contains "late-breaking news" about FreeBSD 12.4-RELEASE. Before installing this version, it is important to consult this document to learn about any post-release discoveries or problems that may already have been found and fixed.

Any version of this errata document actually distributed with the release (for example, on a CDROM distribution) will be out of date by definition, but other copies are kept updated on the Internet and should be consulted as the "current errata" for this release. These other copies of the errata are located at https://www.FreeBSD.org/releases/, plus any sites which keep up-to-date mirrors of this location.

Source and binary snapshots of FreeBSD 12-STABLE also contain up-to-date copies of this document (as of the time of the snapshot).

For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/security/.

Security Advisories

Advisory Date Topic

FreeBSD-SA-23:01.geli

8 February 2023

GELI silently omits the keyfile if read from stdin

FreeBSD-SA-23:02.openssh

16 February 2023

OpenSSH pre-authentication double free

FreeBSD-SA-23:03.openssl

16 February 2023

Multiple vulnerabilities in OpenSSL

FreeBSD-SA-23:04.pam_krb5

21 June 2023

Network authentication attack via pam_krb5

FreeBSD-SA-23:05.openssh

21 June 2023

ssh-add does not honor per-hop destination constraints

FreeBSD-SA-23:06.ipv6

1 August 2023

Remote denial of service in IPv6 fragment reassembly

FreeBSD-SA-23:08.ssh

1 August 2023

Potential remote code execution via ssh-agent forwarding

FreeBSD-SA-23:09.pam_krb5

1 August 2023

Network authentication attack via pam_krb5

FreeBSD-SA-23:10.pf

6 September 2023

pf incorrectly handles multiple IPv6 fragment headers

FreeBSD-SA-23:11.wifi

6 September 2023

Wi-Fi encryption bypass

FreeBSD-SA-23:12.msdosfs

3 October 2023

msdosfs data disclosure

FreeBSD-SA-23:15.stdio

8 November 2023

libc stdio buffer overflow

FreeBSD-SA-23:17.pf

5 December 2023

TCP spoofing vulnerability in pf(4)

FreeBSD-SA-23:19.openssh

19 December 2023

Prefix Truncation Attack in the SSH protocol

Errata Notices

Errata Date Topic

FreeBSD-EN-23:01.tzdata

8 February 2023

Timezone database information update

FreeBSD-EN-23:04.ixgbe

8 February 2023

ixgbe incorrectly reports input errors for 82599ES

FreeBSD-EN-23:05.tzdata

21 June 2023

Timezone database information update

FreeBSD-EN-23:07.mpr

21 June 2023

mpr(4) may fail to initialize devices

FreeBSD-EN-23:09.freebsd-update

3 October 2023 (revised)

freebsd-update to 14.0 fails

FreeBSD-EN-23:12.freebsd-update

3 October 2023

freebsd-update to 14.0 fails

FreeBSD-EN-23:13.freebsd-update

8 November 2023

freebsd-update does not handle deep boot environments

FreeBSD-EN-23:14.regcomp

8 November 2023

Incorrect regular expression escape handling

FreeBSD-EN-23:16.openzfs

1 December 2023

OpenZFS data corruption

Open Issues

If upgrading from an earlier version of FreeBSD, sshd (from OpenSSH 9.1p1) will not accept new connections until it is restarted. After installing the new userland, either reboot (as specified in the source update procedure), or execute service sshd restart.

Late-Breaking News

No late-breaking news


Last modified on: December 20, 2023 by Philip Paeps