Re: VIMAGE + pf security fix?
On Thu, Nov 20, 2014 at 10:07 AM, Craig Rodrigues rodr...@freebsd.org wrote: On Wed, Nov 19, 2014 at 6:05 AM, Bjoern A. Zeeb b...@freebsd.org wrote: For people to use pf with VIMAGE we first MUST have the security fix imported that I pointed out a couple of times in the past. At this link: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3830 I see the security issue mentioned, but I can't find the patch that fixes the problem. Where is the patch? I read this link: http://esec-lab.sogeti.com/post/2010/12/09/CVE-2010-3830-iOS-4.2.1-packet-filter-local-kernel-vulnerability and I think this is the fix: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_ioctl.c?rev=1.236content-type=text/x-cvsweb-markup but I can't even apply that patch to our pf_ioctl.c. -- Craig ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: VIMAGE + pf security fix?
On 21 Nov 2014, at 08:06 , Craig Rodrigues rodr...@freebsd.org wrote: On Thu, Nov 20, 2014 at 10:07 AM, Craig Rodrigues rodr...@freebsd.org wrote: On Wed, Nov 19, 2014 at 6:05 AM, Bjoern A. Zeeb b...@freebsd.org wrote: For people to use pf with VIMAGE we first MUST have the security fix imported that I pointed out a couple of times in the past. At this link: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3830 I see the security issue mentioned, but I can't find the patch that fixes the problem. Where is the patch? I read this link: http://esec-lab.sogeti.com/post/2010/12/09/CVE-2010-3830-iOS-4.2.1-packet-filter-local-kernel-vulnerability and I think this is the fix: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_ioctl.c?rev=1.236content-type=text/x-cvsweb-markup but I can’t even apply that patch to our pf_ioctl.c. to my best knowledge we have never pulled a fix for this in. The last “sync” of pf was way before that vulnerability (unless I completely missed something). — Bjoern A. Zeeb Come on. Learn, goddamn it., WarGames, 1983 ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: VIMAGE + pf security fix?
On Fri, Nov 21, 2014 at 10:52:05AM +, Bjoern A. Zeeb wrote: On 21 Nov 2014, at 08:06 , Craig Rodrigues rodr...@freebsd.org wrote: On Thu, Nov 20, 2014 at 10:07 AM, Craig Rodrigues rodr...@freebsd.org wrote: On Wed, Nov 19, 2014 at 6:05 AM, Bjoern A. Zeeb b...@freebsd.org wrote: For people to use pf with VIMAGE we first MUST have the security fix imported that I pointed out a couple of times in the past. At this link: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3830 I see the security issue mentioned, but I can't find the patch that fixes the problem. Where is the patch? I read this link: http://esec-lab.sogeti.com/post/2010/12/09/CVE-2010-3830-iOS-4.2.1-packet-filter-local-kernel-vulnerability and I think this is the fix: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_ioctl.c?rev=1.236content-type=text/x-cvsweb-markup but I can?t even apply that patch to our pf_ioctl.c. to my best knowledge we have never pulled a fix for this in. The last ?sync? of pf was way before that vulnerability (unless I completely missed something). I'd be interested in helping to fix this, as I depend on this. ? Bjoern A. Zeeb Come on. Learn, goddamn it., WarGames, 1983 ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: VIMAGE + pf security fix?
The fix for that was imported with the new import of pf(4) AFARIR. On Thu, Nov 20, 2014 at 7:07 PM, Craig Rodrigues rodr...@freebsd.org wrote: On Wed, Nov 19, 2014 at 6:05 AM, Bjoern A. Zeeb b...@freebsd.org wrote: For people to use pf with VIMAGE we first MUST have the security fix imported that I pointed out a couple of times in the past. At this link: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3830 I see the security issue mentioned, but I can't find the patch that fixes the problem. Where is the patch? Thanks. -- Craig ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org -- Ermal ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org