Hello everybody
I undersatnd that this issue doesn't affect many people even though I'd like
to know about the problem.
Is there any mailing list related to newly discovered security problems in
OpenBSD? I know only about security-announce list but as far as I know there
are only messages related to Errata patches and to be hones I haven't seen
an email from this list for really long time.
In my opinion it is very important to have information about all potentional
risks. For example this problem in PF: I have information about it only from
this mailing list and I think I was lucky that I spoted this among many
others messages and topics.
Maybe it is my fault by I'm just a human and I just do not have time to get
through all emails on many lists, search for new bugs on SecurityFocus,
Secunia and so on.
So my question is simple, is there any project which delas in all security
problems in OpenBSD? Or is it really necessary to check misc list and other
lists, many webpages every day?
Thank you
Best Regards
MK
----- Original Message -----
From: "Dries Schellekens" <[EMAIL PROTECTED]>
To: "Subcommander l0r3zz" <[EMAIL PROTECTED]>
Cc: <misc@openbsd.org>
Sent: Wednesday, February 01, 2006 9:28 AM
Subject: Re: OpenBSD PF IP Fragment Remote Denial Of Service
Subcommander l0r3zz wrote:
This came across security focus and I haven't seen it mentioned here.
THey claim 3.8 is vulnerable, anybody know anything?
This has been fixed in -current, 3.8-stable and 3.7-stable.
This crash only works if you have 'scrub fragment crop' or 'scrub fragment
drop-ovl' in your pf rules. Not a lot of people use this option so there
is no patch on errata.hml
Cheers,
Dries
