svn commit: r286352 - in releng/9.3: . sbin/routed sys/conf
Xin LI
delphij at FreeBSD.org
Wed Aug 5 22:05:26 UTC 2015
Author: delphij
Date: Wed Aug 5 22:05:24 2015
New Revision: 286352
URL: https://svnweb.freebsd.org/changeset/base/286352
Log:
Fix routed remote denial of service vulnerability. [SA-15:19]
Approved by: so
Modified:
releng/9.3/UPDATING
releng/9.3/sbin/routed/input.c
releng/9.3/sys/conf/newvers.sh
Modified: releng/9.3/UPDATING
==============================================================================
--- releng/9.3/UPDATING Wed Aug 5 22:05:18 2015 (r286351)
+++ releng/9.3/UPDATING Wed Aug 5 22:05:24 2015 (r286352)
@@ -11,6 +11,10 @@ handbook:
Items affecting the ports and packages system can be found in
/usr/ports/UPDATING. Please read that file before running portupgrade.
+20150805: p22 FreeBSD-SA-15:19.routed
+
+ Fix routed remote denial of service vulnerability.
+
20150728: p21 FreeBSD-SA-15:15.tcp
FreeBSD-SA-15:16.openssh
FreeBSD-SA-15:17.bind
Modified: releng/9.3/sbin/routed/input.c
==============================================================================
--- releng/9.3/sbin/routed/input.c Wed Aug 5 22:05:18 2015 (r286351)
+++ releng/9.3/sbin/routed/input.c Wed Aug 5 22:05:24 2015 (r286352)
@@ -160,6 +160,12 @@ input(struct sockaddr_in *from, /* rece
trace_rip("Recv", "from", from, sifp, rip, cc);
+ if (sifp == 0) {
+ trace_pkt(" discard a request from an indirect router"
+ " (possibly an attack)");
+ return;
+ }
+
if (rip->rip_vers == 0) {
msglim(&bad_router, FROM_NADDR,
"RIP version 0, cmd %d, packet received from %s",
Modified: releng/9.3/sys/conf/newvers.sh
==============================================================================
--- releng/9.3/sys/conf/newvers.sh Wed Aug 5 22:05:18 2015 (r286351)
+++ releng/9.3/sys/conf/newvers.sh Wed Aug 5 22:05:24 2015 (r286352)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="9.3"
-BRANCH="RELEASE-p21"
+BRANCH="RELEASE-p22"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
More information about the svn-src-all
mailing list