Date: Tue, 16 Sep 2003 09:32:01 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: "Jacques A. Vidrine" <nectar@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH heads-up Message-ID: <200309161632.h8GGW1PC002728@apollo.backplane.com> References: <20030916134347.GA30359@madman.celabo.org> <20030916161121.GA91300@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
: :On Tue, Sep 16, 2003 at 06:05:43PM +0200, Udo Schweigert wrote: :> On Tue, Sep 16, 2003 at 08:43:47 -0500, Jacques A. Vidrine wrote: :> > OK, an official OpenSSH advisory was released, see here: :> > <URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html > :> > :> > The fix is currently in FreeBSD -CURRENT and -STABLE. It will be :> > applied to the security branches as well today. Attached are patches: :> > :> > buffer46.patch -- For FreeBSD 4.6-RELEASE and later :> > buffer45.patch -- For FreeBSD 4.5-RELEASE and earlier :> > :> :> And what about the port /usr/ports/security/openssh-portable? It should - at :> least - be fixed for the 4.9-RELEASE. : :Ports fixed about 3 hours 27 minutes ago :-) : :Cheers, :-- :Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal :nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se :_______________________________________________ :freebsd-security@freebsd.org mailing list :http://lists.freebsd.org/mailman/listinfo/freebsd-security :To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" I've been staring at the patch for 30 minutes and I can't figure out what it is supposed to fix. Is there some other thread or signal or something that might access the buffer while it's length is in an indeterminant state? The code doesn't seem to be structured for that case. -Matt Matthew Dillon <dillon@backplane.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309161632.h8GGW1PC002728>