y Patch 004: pool (3 of 3)

Contributed by jose on 2002-11-07 from the memory-allocation dept.

The final patch of three released tonight concerns the pool(9) kernel memory allocator. In low memory situations, pool(9) could corrupt memory, leading to system instability. Patch 004 remedies this problem and fixes up memory handling in pool(9).

Many thanks go out to Miod and Peter for their coordination with us on these advisories. I would also like to take a moment and clearly state that we are trying to coordinate the release of patch information with the OpenBSD team more closely to ensure that all information and patches are available at the appropriate time. They have been very helpful and accomodating in this, and their help is greatly appreciated.

(Comments are closed)

Comments

By Anonymous Coward () on 2002-11-07 03:15

Jesus H. Christ. WTF? Could Theo maybe take a little more interest in QC? I mean, I like the stickers I got and the song, but I would prefer have a better tested release. Is Theo trying to emulate Microsft's quality control? At this rate, he might win for most bugs...
By Dom () on 2002-11-07 10:31

If these bugs were "known" at release time, and presumebly they were, they should have put up the errata page before sending out the CDs.

Releasing software with bugs is fine, but releasing software with known bugs and then sitting on publishing fixes is not.

It would have gone to OpenBSDs credit if patches were announced before the CDs were posted.

This is not a good way to do things, and OpenBSD has taken a lot of critism in the past for doing the same thing ("oh yea, we found and fixed that ages ago, but didn't tell anyone til now")
By Anonymous Coward () on 2002-11-07 11:37

It seams that OpenBSD isn't so secure as I thought.
By Anonymous Coward () on 2002-11-07 11:51

"One remote hole in the default install, in nearly 6 years!" - that ISN'T TRUE!!!

Look at http://online.securityfocus.com/bid/5991
- remote Yes
- OpenBSD 2.8
- OpenBSD 2.9
- OpenBSD 3.0
- OpenBSD 3.1

OpenBSD ships with apache, but if you want a secure web-server you have to compile apace for the source and update when a new version is out.
By Pedro () on 2002-11-07 13:27

I'm very pleased with the coordination between the security team and this site. Coupled with the security announce mail list it certainly helps me to get the info i need. thanks

Too bad some people on in these comment boards feel the need to whine about an OS which they've probably never even used and at the same time dont understand the goals of OpenBSD well enough to even make a normal critical analysis of the project.

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (9)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (2)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]