diff options
| author | bmah <bmah@FreeBSD.org> | 2004-03-04 17:06:30 +0000 |
|---|---|---|
| committer | bmah <bmah@FreeBSD.org> | 2004-03-04 17:06:30 +0000 |
| commit | dd748ddf00a637db7ea6c2ea0444fc07687c80e2 (patch) | |
| tree | d7b7dc32074cbf4d734f044bd88ce4760f1f2297 /release | |
| parent | 88a283005e37d51865005bf239bc658ed5ae9fd6 (diff) | |
| download | FreeBSD-src-dd748ddf00a637db7ea6c2ea0444fc07687c80e2.zip FreeBSD-src-dd748ddf00a637db7ea6c2ea0444fc07687c80e2.tar.gz | |
Rewrite TCP segment reassembly note to mention SA-04:04, note MFC,
relocate to security advisory section.
Diffstat (limited to 'release')
| -rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/article.sgml | 14 | ||||
| -rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/common/new.sgml | 14 |
2 files changed, 14 insertions, 14 deletions
diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index c25b6ca..12a0a31 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -148,6 +148,13 @@ jail. More information can be found in security advisory <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para> + <para>A potential low-bandwidth denial-of-service attack against + the &os; TCP stack has been prevented by limiting the number of + out-of-sequence TCP segments that can be held at one time. More + details can be found in security advisory <ulink + url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>. + &merged;</para> + </sect2> <sect2 id="kernel"> @@ -289,13 +296,6 @@ support for the TCP-MD5 class of security associations. &merged;</para> - <para>The TCP segment reassembly queue now uses the UMA kernel - memory allocator and limits the maximum number of segments it - will hold, thus preventing a certain class of denial of - service attack. Its behavior is controlled by the - <varname>net.inet.tcp.reass</varname> hierarchy of sysctl - variables.</para> - </sect3> <sect3 id="disks"> diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index c25b6ca..12a0a31 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -148,6 +148,13 @@ jail. More information can be found in security advisory <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para> + <para>A potential low-bandwidth denial-of-service attack against + the &os; TCP stack has been prevented by limiting the number of + out-of-sequence TCP segments that can be held at one time. More + details can be found in security advisory <ulink + url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>. + &merged;</para> + </sect2> <sect2 id="kernel"> @@ -289,13 +296,6 @@ support for the TCP-MD5 class of security associations. &merged;</para> - <para>The TCP segment reassembly queue now uses the UMA kernel - memory allocator and limits the maximum number of segments it - will hold, thus preventing a certain class of denial of - service attack. Its behavior is controlled by the - <varname>net.inet.tcp.reass</varname> hierarchy of sysctl - variables.</para> - </sect3> <sect3 id="disks"> |
