From owner-freebsd-questions Tue Feb 25 18:19:31 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id SAA05473 for questions-outgoing; Tue, 25 Feb 1997 18:19:31 -0800 (PST) Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA05467 for ; Tue, 25 Feb 1997 18:19:28 -0800 (PST) Received: from localhost (dwhite@localhost) by gdi.uoregon.edu (8.8.5/8.6.12) with SMTP id SAA05837; Tue, 25 Feb 1997 18:18:43 -0800 (PST) Date: Tue, 25 Feb 1997 18:18:42 -0800 (PST) From: Doug White X-Sender: dwhite@localhost Reply-To: Doug White To: Jon Mah cc: freebsd-questions@FreeBSD.ORG Subject: Re: 2.2 security In-Reply-To: <9702252017.AA10494@hitomi.daze.club> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Tue, 25 Feb 1997, Jon Mah wrote: > Hi, just wondering if any of the recent CERT advisories ("ping of > death", talkd, and most importantly, setlocale() ) will apply to 2.2-RELEASE, > or will those all be patched up? Also, when is 2.2-RELEASE scheduled to be > available, early March? In order... 1. Ping of Death: FreeBSD is not susceptable to the Ping of Death. 2. talkd buffer overrun: The code shows that a fix was committed and is in 2.2. 3. setlocale(): Ditto. A total code comb is in progress to root out any remaining buffer overruns, anything they find may end up in 2.2. If there's anything you're specifically interested in, you can look at the source tree over the Web at http://www.freebsd.org/cgi/cvsweb.cgi. Very, very handy utility for those of us without enough diskspace to keep the whole source tree around. (thanks Mr. Fenner!!) The current target area for 2.2 is Mid-March, depending on how many more showstopping security holes we find. :) Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major