In some email I received from Janne Snabb, sie wrote:
> Hi,
>
> Recently a serious bug was found in the ipfilter fragment cache code.
> FreeBSD etc. have issued an advisory and a patch a long time ago,
> but I haven't seen anything related to NetBSD. No advisory, no patch,
> no comments whatsoever.
>
> I would like to ask, if someone could confirm this:
>
> - is NetBSD not vulnerable for some reason?
>
> - are there plans to issue advisories or patches?
>
> - are there plans to upgrade NetBSD-current to non-vulnerable
> version of ipfilter (which is developed independetly of NetBSD)?
>
> This might cause some headaches to anyone who is using NetBSD as an IP
> filtering firewall solution.

FYI, NetBSD-current was patched the same day/hour as FreeBSD-current by
myself.

Merges of the patches required for the "release" versions of both OS's
happened some time later after the appropriate procedures were followed.

An email was sent to bugtraq as well as the IPFilter list with patches
to address the problem. Perhaps that email needs to be sent to a few
NetBSD lists since the other gears seem to be turning rather slowly...

Darren

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]