Date: Fri, 5 Jun 2009 11:51:27 +0200 From: Oliver Pinter <oliver.pntr@gmail.com> To: rea-fbsd@codelabs.ru Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL DoS/PoC in milw0rm Message-ID: <6101e8c40906050251l6d744649ja6a051a807c860b8@mail.gmail.com> In-Reply-To: <Jhkbktl1PY/9FSE2gd1DnCga%2BiM@j4OYE6OL8eALCd4BvSxIfwgoxSc> References: <6101e8c40906041315t5b9c2b6ep4f35b2068586f2c3@mail.gmail.com> <Jhkbktl1PY/9FSE2gd1DnCga%2BiM@j4OYE6OL8eALCd4BvSxIfwgoxSc>
next in thread | previous in thread | raw e-mail | index | archive | help
thanks for the fast reply, and the patch On 6/5/09, Eygene Ryabinkin <rea-fbsd@codelabs.ru> wrote: > Thu, Jun 04, 2009 at 10:15:34PM +0200, Oliver Pinter wrote: >> the base system contins 0.9.8e and this PoC is affected up to 0.9.8i > > There was combined PR for the ports/base system OpenSSL, > http://www.freebsd.org/cgi/query-pr.cgi?pr=134653 > > Probably more complete patch for DTLS stuff, > http://sctp.fh-muenster.de/dtls/dtls-bugs.patch > that additionally fixes MTU problems and other stuff can be integrated > to the base system as it was recently done with the security/openssl. > I am in ENOTIME now, so I'm not able to test these patches myself, sorry. > -- > Eygene > _ ___ _.--. # > \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard > / ' ` , __.--' # to read the on-line manual > )/' _/ \ `-_, / # while single-stepping the kernel. > `-'" `"\_ ,_.-;_.-\_ ', fsc/as # > _.-'_./ {_.' ; / # -- FreeBSD Developers handbook > {_.-``-' {_/ # >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6101e8c40906050251l6d744649ja6a051a807c860b8>