Re: Any status on timestamp vulnerability fix for 4.X?
Uwe Doering wrote:
> Richard Coleman wrote:
>
>> Any information on when (or if) the following timestamp vulnerability
>> will be fixed for 4.X? Any information would be appreciated.
>>
>> http://www.kb.cert.org/vuls/id/637934
>
>
> FYI, the fix for RELENG_5 applies to RELENG_4 as is (apart from the CVS
> version header, of course):
>
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c.diff?r1=1.252.2.15&r2=1.252.2.16&f=u
>
>
> After verifying its semantic correctness for RELENG_4 we've been running
> the patch for a couple of weeks now with no ill effects.
>
> I'm posting this also as an encouragement for committers to go ahead and
> do the MFC. It's low hanging fruit.
>
> Uwe
We tried applying that diff to 4.10, but compilation failed with
tcp_input.o: In function 'tcp_dooptions':
tcp_input.o(.text+0x21d8): undefined reference to 'TSTMP_GT'
Did you just define that macro? Or was something else required?
Thanks for the help.
Richard Coleman
rcoleman@criticalmagic.com
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 2 之 4 篇):