Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!spool.mu.edu!newspump.sol.net!howland.erols.net!news.mathworks.com!uunet!in3.uu.net!omega.metrics.com!omega.metrics.com!not-for-mail From: polk@BSDI.COM Newsgroups: comp.unix.bsd.bsdi.announce Subject: BSDI: New official patches for BSD/OS 2.1 Followup-To: comp.unix.bsd.bsdi.misc Date: 29 Oct 1996 21:05:35 -0500 Organization: Software Metrics Inc. Lines: 89 Sender: tomh@omega.metrics.com Approved: tomh@metrics.com Message-ID: <556d5f$67s@omega.metrics.com> NNTP-Posting-Host: omega.metrics.com There are several new patches available from the patches server or via the ftp archive at; ftp://ftp.bsdi.com/bsdi/patches/patches-2.1 All of the README file entries are appended at the bottom of this message. The patches are K210-024, U210-027, and U210-028. The kernel patch (K210-024) enhances the recent K210-021 and K210-022 networking patches (see the README entry below for more info). The two utilities patches update sendmail to version 8.8.2 to fix misc. security problems in previous versions (U210-027) and close a buffer overflow hole in lpr which could allow local users to gain root access (U210-028). An exploitation script for the lpr hole was recently posted to the bsdi-users mailing list. Jeff -- /\ Jeff Polk Berkeley Software Design, Inc. (BSDI) /\/ \ polk@BSDI.COM 5575 Tech Center Dr. #110, Colo Spgs, CO 80919 =================================================================== PATCH: K210-024 SUMMARY: This patch enhances the K210-021 and K210-022 patches. IP fragmentation: o Setting "sysctl -w net.inet.ip.maxfragpackets=0" will now cause all IP fragments to be dropped. o Setting "sysctl -w net.inet.ip.maxfragpackets=-1" will effectively remove the limit. o If maxfragpackets is reduced, the fragment queue will now be trimmed back to the new, lower limit, rather than waiting for fragments to time out. TCP SYN caching: o Receiving an ICMP Unreachable or a RST for a cached connection will now remove that cached entry. o We no longer send out the Timestamps or Scale option if we receive a SYN without any TCP options, and the MAXSEG value is now filled in correctly (it was byte swapped). o When turning around the TCP packet for the SYN,ACK, make sure we have space for the TCP options, and if not, make some space. md5 checksum: d7dfc8b6c528ab18f4a10aa572eda1b8 K210-024 =================================================================== PATCH: U210-027 SUMMARY: This patch updates sendmail to the official 8.8.2 release which fixes some security problems from previous versions. md5 checksum: 6aa1980f928fdc0cf3e7ec4204e54e2c U210-027 =================================================================== PATCH: U210-028 SUMMARY: This patch fixes a buffer overflow problem which can allow local users to gain root access. This problem has received press recently via Bugtraq, and an exploitation script was recently posted to bsdi-users. md5 checksum: 2afffb5ac46465a9aa51a7573c8ce639 U210-028 =================================================================== -- [ /tom haapanen -- tomh@metrics.com -- software metrics inc -- waterloo, ont ] [ "walk a straight line through a cow pasture, and you'll step ] [ in some cow pies, but you'll get where you are going." -- joe kidd ]