OpenBSD Journal

Two New Kernel Errata

Contributed by jj on from the p-p-p-patch-my-kernel-over-ethernet dept.

In an email to tech@, Ted Unangst (tedu@) lets us know about two new kernel bugs for which patches exist:

Patches are now available for 5.5 and 5.6 which fix two kernel errata.

5.5 errata 16 and 5.6 errata 10: Several bugs were fixed that allowed a crash from remote when an active pipex session exists.

5.5 errata 17 and 5.6 errata 11: An incorrect memcpy call would result in corrupted MAC addresses when using PPPOE.

Users who don't use don't use PPPOE or PIPEX are not affected, but can still apply the patches.

Links:

http://www.openbsd.org/errata55.html http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/016_pipex.patch.sig http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/017_pppoe.patch.sig

and

http://www.openbsd.org/errata56.html http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/010_pipex.patch.sig http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/011_pppoe.patch.sig

(Comments are closed)

Comments

  1. By Sebastian Rother (2a02:810d:700:5d8:e1f5:2543:5350:6acd) on

    It's more from the "Told-You-That-IF-I-Want-To-Laught-I-Do-Audit-Your-Networkstack-Theo_Dept." :-)

    It would be nice if somebody who is more skilled then me (because I am an idiot and Moron and a Troll... related to Theo) might audit the USB Stack too (USB Fuzzing).


    Kind regards,
    Sebastian Rother

    Comments

    1. By Anonymous Coward (192.35.17.17) on

      > It would be nice if somebody who is more skilled then me (because I am an idiot and Moron and a Troll... related to Theo) might audit the USB Stack too (USB Fuzzing).

      Just do it and send findings and patches to tech@. Until then, please stop trolling ;-)

      Comments

      1. By Sebastian Rother (91.66.45.132) https://www.mercenary-security.com on

        > > It would be nice if somebody who is more skilled then me (because I am an idiot and Moron and a Troll... related to Theo) might audit the USB Stack too (USB Fuzzing).
        >
        > Just do it and send findings and patches to tech@. Until then, please stop trolling ;-)

        I am deeply sorry for the late answer but to make a long storry short: NO

        I once told Henning about a PF Bug and he simply Issued a fix. Sounds great but not so great if you know that other Vendors/Developers/Networks maybe use this code and maybe need time to evaluate the risk....

        It was the only "Bug" wich was not "critical" where the notification was Issued via security@ (proof: http://marc.info/?l=openbsd-security-announce&m=123949585205081&w=2 , I was not honored for the finding... nor the notification nor anything.. and Theo and co risked other projects like NetBSD (NetBSD Issues a fix before 5.0, an emergency fix.. back then)... I was told PF "was not enabled by default" back then.... some weeks later it was.. I wonder why... *ahem..*)

        I told Theo there are Issues in the IP Stack. judge me by the DATE at this forum (the Post you answered to!) .. afterwards they found some (Impressive, I am a magican... or somebody with too much time to read Code) things they "corrected"... (see CVS dates)

        The USB Stack needs help too... (use fuzzers..... magic of the 21th century, yes USB fuzzers do exist!).

        So I directed them at a specific part of the OS. I think it's fair enought for such clever guys to find the Bugs.. especialy for the way they communicate with me. :-)

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]