Dear DragonFly BSD users, I am addressing you as the security officer of DragonFly, because this is a very serious issue. Please take this as serious as we, KAME, Cisco and other vendors are and therefore react *immediately* and update *all* your installations. This is *very* serious; Cisco has assigned it the score 10 on a scale from 1 to 10. For details read [1] or [2].
This issue is related to the IPv6 network stack. However, even if you are not actively using IPv6, you *must* to update your installation, because this security issue can be exploited! Firewalls are no help either, so please do not consider yourself protected if your DragonFly installation is behind a packet filter. IPv6 allows for source routing using the routing header type 0 (RH0). Already over one decade ago source routing with IPv4 was considered insecure and thus has been blocked per default by all major operating systems. Properties of IPv6 however allow exploits with a damage potential which is many magnitudes higher. Especially, there is a risk of creating packet storms which will be able to break the internet, including the IPv4 part -- the problem is *not* restricted to IPv6 connected hosts! All current branches of DragonFly have been updated to contain this fix. Please make sure to update your sources, rebuild + install a new kernel and reboot your system to actually activate this fix! For reference on how to update your kernel, see build(7). If you have any questions, please do not hesitate to ask. Thanks in advance for updating, simon [1] http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf [2] http://natisbad.org/ -- Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\ Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
