From owner-freebsd-stable  Wed Apr 11 20:33:45 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from mx0.gmx.net (mx0.gmx.net [213.165.64.100])
	by hub.freebsd.org (Postfix) with SMTP id 6F42337B496
	for <stable@freebsd.org>; Wed, 11 Apr 2001 20:33:36 -0700 (PDT)
	(envelope-from Harald.Schmalzbauer@gmx.de)
Received: (qmail 18025 invoked by uid 0); 12 Apr 2001 03:33:35 -0000
Date: Thu, 12 Apr 2001 05:33:34 +0200 (MEST)
From: Harald Schmalzbauer <Harald.Schmalzbauer@gmx.de>
To: stable@freebsd.org
MIME-Version: 1.0
Subject: IP-Filter in release?
X-Priority: 3 (Normal)
X-Authenticated-Sender: #0000301138@gmx.net
X-Authenticated-IP: [212.63.129.190]
Message-ID: <26505.987046414@www51.gmx.net>
X-Mailer: WWW-Mail 1.5 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello all,

since IP-Filter 3.4.16 has a serious security hole in it's fragment state
cache, I'd love to see 3.4.17 in 4.3-release. Today there was an article in a
very popular german newsticker
(http://www.heise.de/newsticker/data/ju-11.04.01-000/) that somebody wrote a downloadable peace of code which generates that
fragmented packets, so attacking is made easy to everybody.

Right now I'm testing 3.4.17 on RC from today. I had to replace some
osreldate.h to param.h but it compiled fine and is running so far without problems.

I upgraded my 4.2-stable boxes earlier and it's also running fine.
Perhaps Darren can commit it to 4.3?

Greetings,

-Harry

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message