Slashdot Mirror

← Back to Stories (view on slashdot.org)

NetBSD Announces Four New Security Advisories

Posted by CowboyNeal on from the staying-wary dept.

Dan writes "The NetBSD project has announced four new security advisories. NetBSD ships with the racoon(8) IKE (Internet Key Exchange) daemon, a vulnerability was found in the code for packet validation of "informational exchange" messages. Inconsistent IPv6 path MTU discovery handling vulnerability states that a malicious party can cause a remote kernel panic by using ICMPv6 "too big" messages. The OpenSSL 0.9.6 ASN.1 parser vulnerability could lead to a possible denial-of-service. Finally, shmat reference counting bug - programming error in the shmat(2) system call can result in a shared memory segment's reference count being erroneously incremented."

2 of 62 comments (clear)

  1. OpenBSD too ... except by Anonymous Coward · · Score: 1, Interesting

    The patches were issued a rather long time ago...

  2. Did we copy the Windows Source Code? by sheapshearer · · Score: 3, Interesting

    The OpenSSL 0.9.6 ASN.1 parser vulnerability...

    What is going on? Didn't Microsoft have the same vulnerability recently? How is it that three entirely different operating systems (Linux,Windows,BSD) have the same vulnerability?

    Is this caused by human mistake or laziness?