From owner-freebsd-security@freebsd.org Wed Aug 15 14:26:11 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 42ECD1055782 for ; Wed, 15 Aug 2018 14:26:11 +0000 (UTC) (envelope-from shuriku@shurik.kiev.ua) Received: from mail.flex-it.com.ua (mail.flex-it.com.ua [193.239.74.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D0EA38F677 for ; Wed, 15 Aug 2018 14:26:10 +0000 (UTC) (envelope-from shuriku@shurik.kiev.ua) Received: from mail.lissoft.com.ua ([109.237.91.29] helo=thinkpad.it-profi.org.ua) by mail.flex-it.com.ua with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91 (FreeBSD)) (envelope-from ) id 1fpwkK-000P7Q-Fj for freebsd-security@freebsd.org; Wed, 15 Aug 2018 17:26:00 +0300 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-18:08.tcp To: freebsd-security@freebsd.org References: <20180815054732.9D8C61C2C8@freefall.freebsd.org> From: Alexandr Krivulya Message-ID: <306fd368-1093-ace2-7075-a9c6d2bf6860@shurik.kiev.ua> Date: Wed, 15 Aug 2018 17:25:53 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.0 MIME-Version: 1.0 In-Reply-To: <20180815054732.9D8C61C2C8@freefall.freebsd.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-SA-Exim-Connect-IP: 109.237.91.29 X-SA-Exim-Mail-From: shuriku@shurik.kiev.ua X-SA-Exim-Scanned: No (on mail.flex-it.com.ua); SAEximRunCond expanded to false X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Aug 2018 14:26:11 -0000 Hi, freebsd-security Can CVE-2018-6922 be addressed by pf's  fragment reassemble and reassemble tcp options or can it potentially lead to memory overflow (set limit frags?) when this options enabled?