Date: Tue, 25 Feb 1997 18:18:42 -0800 (PST) From: Doug White <dwhite@gdi.uoregon.edu> To: Jon Mah <mahj@rpi.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: 2.2 security Message-ID: <Pine.BSI.3.94.970225180819.5802B-100000@localhost> In-Reply-To: <9702252017.AA10494@hitomi.daze.club>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Feb 1997, Jon Mah wrote:
> Hi, just wondering if any of the recent CERT advisories ("ping of
> death", talkd, and most importantly, setlocale() ) will apply to 2.2-RELEASE,
> or will those all be patched up? Also, when is 2.2-RELEASE scheduled to be
> available, early March?
In order...
1. Ping of Death: FreeBSD is not susceptable to the Ping of Death.
2. talkd buffer overrun: The code shows that a fix was committed and is
in 2.2.
3. setlocale(): Ditto.
A total code comb is in progress to root out any remaining buffer
overruns, anything they find may end up in 2.2. If there's anything
you're specifically interested in, you can look at the source tree over
the Web at http://www.freebsd.org/cgi/cvsweb.cgi. Very, very handy
utility for those of us without enough diskspace to keep the whole source
tree around. (thanks Mr. Fenner!!)
The current target area for 2.2 is Mid-March, depending on how many more
showstopping security holes we find. :)
Doug White | University of Oregon
Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite | Computer Science Major
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.94.970225180819.5802B-100000>