Any status on timestamp vulnerability fix for 4.X?
Uwe Doering
gemini at geminix.org
Sat Jun 25 11:06:32 GMT 2005
Richard Coleman wrote:
> Any information on when (or if) the following timestamp vulnerability
> will be fixed for 4.X? Any information would be appreciated.
>
> http://www.kb.cert.org/vuls/id/637934
FYI, the fix for RELENG_5 applies to RELENG_4 as is (apart from the CVS
version header, of course):
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c.diff?r1=1.252.2.15&r2=1.252.2.16&f=u
After verifying its semantic correctness for RELENG_4 we've been running
the patch for a couple of weeks now with no ill effects.
I'm posting this also as an encouragement for committers to go ahead and
do the MFC. It's low hanging fruit.
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini at geminix.org | http://www.escapebox.net
More information about the freebsd-security
mailing list