Slashdot Mirror

← Back to Stories (view on slashdot.org)

New FreeBSD, NetBSD Security Advisories

Posted by timothy on Wednesday September 17, 2003 @01:19AM from the tell-everyone-why-don't-you dept.

Dan writes "FreeBSD has formally announced a security advisory entitled "OpenSSH buffer management error" for the now famous OpenSSH advisory (OpenSSH has released a new version 3.7.1 to address this issue). NetBSD has issued a similar advisory and fix for this issue. NetBSD has released two additional security advisories entitled "Kernel memory disclosure via ibcs2" and "Insufficient argument checking in sysctl(2)"."

1 of 71 comments (clear)

Min score:

Reason:

Sort:

Re:Patches vs. Fixes by Anonymous Coward · 2003-09-17 04:41 · Score: 4, Insightful

If you ever take a look at the patched code for one of these security advisories, you mainly see some special case code stuck in there to patch up the problem.

If you ever take a look at the actual *problem*, you'll find that hey are usually just buffer overflows or other unchecked data, in which case 'some special case code' is the only appropriate course of action.