OpenBSD Journal

y Patch018 for 3.1, 035 for 3.0: getrtimer

Contributed by jose on from the -stable-branch dept.

In addition to the three patches released to 3.2 yesterday, a patch for older systems to the getrlimit(2) system call has been released. This is a denial of service attack allowing the attacker to crash the kernel. Note that OpenBSD 3.2 is unaffected, the code was merged in before release. However, 3.1 and 3.0 are affected.

Patch 035 for OpenBSD 3.0 and Patch 018 for OpenBSD 3.1 remedies this problem. Thanks to Miod for clarification regarding the affected systems.

(Comments are closed)


Comments
  1. By Anonymous Coward () on

    This has been in 3.{0,1}-stable for more than 3 weeks. The developers are a bit slow at releasing patches and updating errata.html

  2. By Ingela Markewärn () on

    I'm impressed that patches for 3.0 still comes out. Just wanted to say that.

  3. By Ray () rayl@spamcop.net on http://ray.cyth.net

    I'm surprised that trolls haven't suggested that maybe 3.0 was released too soon, and needed more testing.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]