Slashdot Mirror

← Back to Stories (view on slashdot.org)

New FreeBSD, NetBSD Security Advisories

Posted by timothy on from the tell-everyone-why-don't-you dept.

Dan writes "FreeBSD has formally announced a security advisory entitled "OpenSSH buffer management error" for the now famous OpenSSH advisory (OpenSSH has released a new version 3.7.1 to address this issue). NetBSD has issued a similar advisory and fix for this issue. NetBSD has released two additional security advisories entitled "Kernel memory disclosure via ibcs2" and "Insufficient argument checking in sysctl(2)"."

2 of 71 comments (clear)

  1. Patches vs. Fixes by Dancin_Santa · · Score: 5, Interesting

    If you ever take a look at the patched code for one of these security advisories, you mainly see some special case code stuck in there to patch up the problem. You never see a reconsideration of the problem. I wonder how long it takes to go from a release version through patch after patch until a piece of code is just old and crufty and in need of wholesale replacement.

  2. OS X by Zelet · · Score: 4, Interesting

    Does this affect OS X's implementation of SSHD? So far Apple has not released a patch.

    --
    ...And when they came for me, there was no one left to speak out for me." - Martin Niemoeller (1892-1984)