Uwe Doering wrote:
Richard Coleman wrote:
Any information on when (or if) the following timestamp vulnerability
will be fixed for 4.X? Any information would be appreciated.
http://www.kb.cert.org/vuls/id/637934
FYI, the fix for RELENG_5 applies to RELENG_4 as is (apart from the CVS
version header, of course):
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c.diff?r1=1.252.2.15&r2=1.252.2.16&f=u
After verifying its semantic correctness for RELENG_4 we've been running
the patch for a couple of weeks now with no ill effects.
I'm posting this also as an encouragement for committers to go ahead and
do the MFC. It's low hanging fruit.
Uwe
We tried applying that diff to 4.10, but compilation failed with
tcp_input.o: In function 'tcp_dooptions':
tcp_input.o(.text+0x21d8): undefined reference to 'TSTMP_GT'
Did you just define that macro? Or was something else required?
Thanks for the help.
Richard Coleman
[EMAIL PROTECTED]
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
