Slashdot Mirror

← Back to Stories (view on slashdot.org)

New FreeBSD, NetBSD Security Advisories

Posted by timothy on Wednesday September 17, 2003 @01:19AM from the tell-everyone-why-don't-you dept.

Dan writes "FreeBSD has formally announced a security advisory entitled "OpenSSH buffer management error" for the now famous OpenSSH advisory (OpenSSH has released a new version 3.7.1 to address this issue). NetBSD has issued a similar advisory and fix for this issue. NetBSD has released two additional security advisories entitled "Kernel memory disclosure via ibcs2" and "Insufficient argument checking in sysctl(2)"."

3 of 71 comments (clear)

Min score:

Reason:

Sort:

Patches vs. Fixes by Dancin_Santa · 2003-09-17 01:27 · Score: 5, Interesting

If you ever take a look at the patched code for one of these security advisories, you mainly see some special case code stuck in there to patch up the problem. You never see a reconsideration of the problem. I wonder how long it takes to go from a release version through patch after patch until a piece of code is just old and crufty and in need of wholesale replacement.
I'll tell you what's REAL BSD news by Anonymous Coward · 2003-09-17 01:41 · Score: 5, Funny

The first comment on a BSD story wasn't a BSD troll, now that my freinds is news for nerds, stuff that matters.
Re:OS X by dthable · 2003-09-17 03:49 · Score: 5, Informative

I'm running 10.2.6 and I have OpenSSH 3.4p1. So yes, we are at risk.

Check your system. In terminal type:
sshd -v