Rewrite TCP segment reassembly note to mention SA-04:04, note MFC,

relocate to security advisory section.
2004-03-04 17:06:30 +00:00 · 2004-03-04 17:06:30 +00:00 · 9203287aef
commit 9203287aef
parent fe27a95e90
2 changed files with 14 additions and 14 deletions
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@ -148,6 +148,13 @@
      jail.  More information can be found in security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para>

+    <para>A potential low-bandwidth denial-of-service attack against
+      the &os; TCP stack has been prevented by limiting the number of
+      out-of-sequence TCP segments that can be held at one time.  More
+      details can be found in security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>.
+      &merged;</para>
+
  </sect2>

  <sect2 id="kernel">
@ -289,13 +296,6 @@
 	support for the TCP-MD5 class of security associations.
 	&merged;</para>

-      <para>The TCP segment reassembly queue now uses the UMA kernel
-	memory allocator and limits the maximum number of segments it
-	will hold, thus preventing a certain class of denial of
-	service attack.  Its behavior is controlled by the
-	<varname>net.inet.tcp.reass</varname> hierarchy of sysctl
-	variables.</para>
-
    </sect3>

    <sect3 id="disks">
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@ -148,6 +148,13 @@
      jail.  More information can be found in security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para>

+    <para>A potential low-bandwidth denial-of-service attack against
+      the &os; TCP stack has been prevented by limiting the number of
+      out-of-sequence TCP segments that can be held at one time.  More
+      details can be found in security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>.
+      &merged;</para>
+
  </sect2>

  <sect2 id="kernel">
@ -289,13 +296,6 @@
 	support for the TCP-MD5 class of security associations.
 	&merged;</para>

-      <para>The TCP segment reassembly queue now uses the UMA kernel
-	memory allocator and limits the maximum number of segments it
-	will hold, thus preventing a certain class of denial of
-	service attack.  Its behavior is controlled by the
-	<varname>net.inet.tcp.reass</varname> hierarchy of sysctl
-	variables.</para>
-
    </sect3>

    <sect3 id="disks">