Date: Tue, 25 Feb 1997 18:18:42 -0800 (PST) From: Doug White <dwhite@gdi.uoregon.edu> To: Jon Mah <mahj@rpi.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: 2.2 security Message-ID: <Pine.BSI.3.94.970225180819.5802B-100000@localhost> In-Reply-To: <9702252017.AA10494@hitomi.daze.club>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Feb 1997, Jon Mah wrote: > Hi, just wondering if any of the recent CERT advisories ("ping of > death", talkd, and most importantly, setlocale() ) will apply to 2.2-RELEASE, > or will those all be patched up? Also, when is 2.2-RELEASE scheduled to be > available, early March? In order... 1. Ping of Death: FreeBSD is not susceptable to the Ping of Death. 2. talkd buffer overrun: The code shows that a fix was committed and is in 2.2. 3. setlocale(): Ditto. A total code comb is in progress to root out any remaining buffer overruns, anything they find may end up in 2.2. If there's anything you're specifically interested in, you can look at the source tree over the Web at http://www.freebsd.org/cgi/cvsweb.cgi. Very, very handy utility for those of us without enough diskspace to keep the whole source tree around. (thanks Mr. Fenner!!) The current target area for 2.2 is Mid-March, depending on how many more showstopping security holes we find. :) Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.94.970225180819.5802B-100000>