summaryrefslogtreecommitdiffstats
path: root/release
diff options
context:
space:
mode:
Diffstat (limited to 'release')
-rw-r--r--release/doc/en_US.ISO8859-1/relnotes/article.sgml14
-rw-r--r--release/doc/en_US.ISO8859-1/relnotes/common/new.sgml14
2 files changed, 14 insertions, 14 deletions
diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
index c25b6ca..12a0a31 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@@ -148,6 +148,13 @@
jail. More information can be found in security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para>
+ <para>A potential low-bandwidth denial-of-service attack against
+ the &os; TCP stack has been prevented by limiting the number of
+ out-of-sequence TCP segments that can be held at one time. More
+ details can be found in security advisory <ulink
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>.
+ &merged;</para>
+
</sect2>
<sect2 id="kernel">
@@ -289,13 +296,6 @@
support for the TCP-MD5 class of security associations.
&merged;</para>
- <para>The TCP segment reassembly queue now uses the UMA kernel
- memory allocator and limits the maximum number of segments it
- will hold, thus preventing a certain class of denial of
- service attack. Its behavior is controlled by the
- <varname>net.inet.tcp.reass</varname> hierarchy of sysctl
- variables.</para>
-
</sect3>
<sect3 id="disks">
diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
index c25b6ca..12a0a31 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@@ -148,6 +148,13 @@
jail. More information can be found in security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para>
+ <para>A potential low-bandwidth denial-of-service attack against
+ the &os; TCP stack has been prevented by limiting the number of
+ out-of-sequence TCP segments that can be held at one time. More
+ details can be found in security advisory <ulink
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>.
+ &merged;</para>
+
</sect2>
<sect2 id="kernel">
@@ -289,13 +296,6 @@
support for the TCP-MD5 class of security associations.
&merged;</para>
- <para>The TCP segment reassembly queue now uses the UMA kernel
- memory allocator and limits the maximum number of segments it
- will hold, thus preventing a certain class of denial of
- service attack. Its behavior is controlled by the
- <varname>net.inet.tcp.reass</varname> hierarchy of sysctl
- variables.</para>
-
</sect3>
<sect3 id="disks">
OpenPOWER on IntegriCloud