Date: Fri, 5 Jun 2009 10:37:10 +0400 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Oliver Pinter <oliver.pntr@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL DoS/PoC in milw0rm Message-ID: <Jhkbktl1PY/9FSE2gd1DnCga%2BiM@j4OYE6OL8eALCd4BvSxIfwgoxSc> In-Reply-To: <6101e8c40906041315t5b9c2b6ep4f35b2068586f2c3@mail.gmail.com> References: <6101e8c40906041315t5b9c2b6ep4f35b2068586f2c3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thu, Jun 04, 2009 at 10:15:34PM +0200, Oliver Pinter wrote: > the base system contins 0.9.8e and this PoC is affected up to 0.9.8i There was combined PR for the ports/base system OpenSSL, http://www.freebsd.org/cgi/query-pr.cgi?pr=134653 Probably more complete patch for DTLS stuff, http://sctp.fh-muenster.de/dtls/dtls-bugs.patch that additionally fixes MTU problems and other stuff can be integrated to the base system as it was recently done with the security/openssl. I am in ENOTIME now, so I'm not able to test these patches myself, sorry. -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ #
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Jhkbktl1PY/9FSE2gd1DnCga%2BiM>