Re: OpenSSL DoS/PoC in milw0rm



thanks for the fast reply, and the patch

On 6/5/09, Eygene Ryabinkin <rea-fbsd@xxxxxxxxxxx> wrote:
Thu, Jun 04, 2009 at 10:15:34PM +0200, Oliver Pinter wrote:
the base system contins 0.9.8e and this PoC is affected up to 0.9.8i

There was combined PR for the ports/base system OpenSSL,
http://www.freebsd.org/cgi/query-pr.cgi?pr=134653

Probably more complete patch for DTLS stuff,
http://sctp.fh-muenster.de/dtls/dtls-bugs.patch
that additionally fixes MTU problems and other stuff can be integrated
to the base system as it was recently done with the security/openssl.
I am in ENOTIME now, so I'm not able to test these patches myself, sorry.
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"