Date: Wed, 11 Apr 2001 23:06:12 -0500 From: Larry Rosenman <ler@lerctr.org> To: stable@FreeBSD.ORG Subject: Re: IP-Filter in release? Message-ID: <20010411230612.A9722@lerami.lerctr.org> In-Reply-To: <26505.987046414@www51.gmx.net>; from Harald.Schmalzbauer@gmx.de on Thu, Apr 12, 2001 at 05:33:34AM %2B0200 References: <26505.987046414@www51.gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
* Harald Schmalzbauer <Harald.Schmalzbauer@gmx.de> [010411 22:34]: > Hello all, > > since IP-Filter 3.4.16 has a serious security hole in it's fragment state > cache, I'd love to see 3.4.17 in 4.3-release. Today there was an article in a > very popular german newsticker > (http://www.heise.de/newsticker/data/ju-11.04.01-000/) that somebody wrote a downloadable peace of code which generates that > fragmented packets, so attacking is made easy to everybody. > > Right now I'm testing 3.4.17 on RC from today. I had to replace some > osreldate.h to param.h but it compiled fine and is running so far without problems. > > I upgraded my 4.2-stable boxes earlier and it's also running fine. > Perhaps Darren can commit it to 4.3? > > Greetings, Darren put a patch in for the frag-cache problem. I doubt he will do another MFC before the -RELEASE... LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010411230612.A9722>