VIMAGE + pf security fix?
Loganaden Velvindron
logan at elandsys.com
Fri Nov 21 15:58:43 UTC 2014
On Fri, Nov 21, 2014 at 10:52:05AM +0000, Bjoern A. Zeeb wrote:
>
> On 21 Nov 2014, at 08:06 , Craig Rodrigues <rodrigc at FreeBSD.org> wrote:
>
> > On Thu, Nov 20, 2014 at 10:07 AM, Craig Rodrigues <rodrigc at freebsd.org>
> > wrote:
> >
> >> On Wed, Nov 19, 2014 at 6:05 AM, Bjoern A. Zeeb <bz at freebsd.org> wrote:
> >>
> >>>
> >>> For people to use pf with VIMAGE we first MUST have the security fix
> >>> imported that I pointed out a couple of times in the past.
> >>>
> >>
> >> At this link: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3830
> >>
> >> I see the security issue mentioned, but I can't find the patch that fixes
> >> the problem.
> >> Where is the patch?
> >>
> >
> > I read this link:
> > http://esec-lab.sogeti.com/post/2010/12/09/CVE-2010-3830-iOS-4.2.1-packet-filter-local-kernel-vulnerability
> >
> > and I think this is the fix:
> > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_ioctl.c?rev=1.236&content-type=text/x-cvsweb-markup
> >
> > but I can?t even apply that patch to our pf_ioctl.c.
>
> to my best knowledge we have never pulled a fix for this in. The last ?sync? of pf was way before that vulnerability (unless I completely missed something).
I'd be interested in helping to fix this, as I depend on this.
>
> ?
> Bjoern A. Zeeb "Come on. Learn, goddamn it.", WarGames, 1983
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
More information about the freebsd-net
mailing list