From owner-freebsd-stable Wed Apr 11 21: 6:30 2001 Delivered-To: freebsd-stable@freebsd.org Received: from lerami.lerctr.org (lerami.lerctr.org [207.158.72.11]) by hub.freebsd.org (Postfix) with ESMTP id 7F8BE37B496 for ; Wed, 11 Apr 2001 21:06:18 -0700 (PDT) (envelope-from ler@lerctr.org) Received: (from ler@localhost) by lerami.lerctr.org (8.12.0.Beta7/8.12.0.Beta7/20010318/$Revision: 1.21 $) id f3C46D4I009742 for stable@FreeBSD.ORG; Wed, 11 Apr 2001 23:06:13 -0500 (CDT) (envelope-from ler) Date: Wed, 11 Apr 2001 23:06:12 -0500 From: Larry Rosenman To: stable@FreeBSD.ORG Subject: Re: IP-Filter in release? Message-ID: <20010411230612.A9722@lerami.lerctr.org> References: <26505.987046414@www51.gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.16i In-Reply-To: <26505.987046414@www51.gmx.net>; from Harald.Schmalzbauer@gmx.de on Thu, Apr 12, 2001 at 05:33:34AM +0200 X-Mailer: Mutt http://www.mutt.org/ Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * Harald Schmalzbauer [010411 22:34]: > Hello all, > > since IP-Filter 3.4.16 has a serious security hole in it's fragment state > cache, I'd love to see 3.4.17 in 4.3-release. Today there was an article in a > very popular german newsticker > (http://www.heise.de/newsticker/data/ju-11.04.01-000/) that somebody wrote a downloadable peace of code which generates that > fragmented packets, so attacking is made easy to everybody. > > Right now I'm testing 3.4.17 on RC from today. I had to replace some > osreldate.h to param.h but it compiled fine and is running so far without problems. > > I upgraded my 4.2-stable boxes earlier and it's also running fine. > Perhaps Darren can commit it to 4.3? > > Greetings, Darren put a patch in for the frag-cache problem. I doubt he will do another MFC before the -RELEASE... LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message