Any status on timestamp vulnerability fix for 4.X?
Richard Coleman
rcoleman at criticalmagic.com
Wed Jun 29 21:00:06 GMT 2005
Uwe Doering wrote:
> Richard Coleman wrote:
>
>> Any information on when (or if) the following timestamp vulnerability
>> will be fixed for 4.X? Any information would be appreciated.
>>
>> http://www.kb.cert.org/vuls/id/637934
>
>
> FYI, the fix for RELENG_5 applies to RELENG_4 as is (apart from the CVS
> version header, of course):
>
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c.diff?r1=1.252.2.15&r2=1.252.2.16&f=u
>
>
> After verifying its semantic correctness for RELENG_4 we've been running
> the patch for a couple of weeks now with no ill effects.
>
> I'm posting this also as an encouragement for committers to go ahead and
> do the MFC. It's low hanging fruit.
>
> Uwe
We tried applying that diff to 4.10, but compilation failed with
tcp_input.o: In function 'tcp_dooptions':
tcp_input.o(.text+0x21d8): undefined reference to 'TSTMP_GT'
Did you just define that macro? Or was something else required?
Thanks for the help.
Richard Coleman
rcoleman at criticalmagic.com
More information about the freebsd-security
mailing list