*BSD News Article 81930


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!spool.mu.edu!newspump.sol.net!howland.erols.net!news.mathworks.com!uunet!in3.uu.net!omega.metrics.com!omega.metrics.com!not-for-mail
From: polk@BSDI.COM
Newsgroups: comp.unix.bsd.bsdi.announce
Subject: BSDI: New official patches for BSD/OS 2.1
Followup-To: comp.unix.bsd.bsdi.misc
Date: 29 Oct 1996 21:05:35 -0500
Organization: Software Metrics Inc.
Lines: 89
Sender: tomh@omega.metrics.com
Approved: tomh@metrics.com
Message-ID: <556d5f$67s@omega.metrics.com>
NNTP-Posting-Host: omega.metrics.com



There are several new patches available from the patches
server or via the ftp archive at;
	ftp://ftp.bsdi.com/bsdi/patches/patches-2.1 

All of the README file entries are appended at the bottom of this
message.  The patches are K210-024, U210-027, and U210-028.

The kernel patch (K210-024) enhances the recent K210-021 and K210-022
networking patches (see the README entry below for more info).

The two utilities patches update sendmail to version 8.8.2 to fix
misc. security problems in previous versions (U210-027) and close
a buffer overflow hole in lpr which could allow local users to gain
root access (U210-028).  An exploitation script for the lpr hole
was recently posted to the bsdi-users mailing list.

Jeff
--
     /\   Jeff Polk            Berkeley Software Design, Inc. (BSDI)
  /\/  \  polk@BSDI.COM        5575 Tech Center Dr. #110, Colo Spgs, CO 80919

===================================================================

PATCH:
    K210-024

SUMMARY:
	This patch enhances the K210-021 and K210-022 patches.

	IP fragmentation:

	o Setting "sysctl -w net.inet.ip.maxfragpackets=0"
	  will now cause all IP fragments to be dropped.

	o Setting "sysctl -w net.inet.ip.maxfragpackets=-1"
	  will effectively remove the limit.

	o If maxfragpackets is reduced, the fragment queue
	  will now be trimmed back to the new, lower limit,
	  rather than waiting for fragments to time out.

	TCP SYN caching:

	o Receiving an ICMP Unreachable or a RST for a cached
	  connection will now remove that cached entry.

	o We no longer send out the Timestamps or Scale option
	  if we receive a SYN without any TCP options, and the
	  MAXSEG value is now filled in correctly (it was byte
	  swapped).

	o When turning around the TCP packet for the SYN,ACK,
	  make sure we have space for the TCP options, and if
	  not, make some space.

md5 checksum: d7dfc8b6c528ab18f4a10aa572eda1b8 K210-024

===================================================================

PATCH:
    U210-027

SUMMARY:
    This patch updates sendmail to the official 8.8.2 release which
    fixes some security problems from previous versions.

md5 checksum: 6aa1980f928fdc0cf3e7ec4204e54e2c U210-027

===================================================================

PATCH:
    U210-028

SUMMARY:
    This patch fixes a buffer overflow problem which can allow
    local users to gain root access.  This problem has received 
    press recently via Bugtraq, and an exploitation script was
    recently posted to bsdi-users.

md5 checksum: 2afffb5ac46465a9aa51a7573c8ce639 U210-028

===================================================================

-- 
[ /tom haapanen -- tomh@metrics.com -- software metrics inc -- waterloo, ont ]
[ "walk a straight line through a cow pasture, and you'll step               ]
[  in some cow pies, but you'll get where you are going."        -- joe kidd ]