OpenBSD errata, Jan 31, 2017

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

OpenBSD errata, Jan 31, 2017

Bob Beck-3
An issue has been identified whereby httpd(8) could be subject to a denial
of service attack. Repeated crafted requests could be made from a client
using file-range requests, making the server consume excessive amounts of

This issue has been fixed in current. For 5.9 and 6.0 the following errata
will disable range header processing in httpd(8) to prevent the problem.

Thanks to Pierre Kim <[hidden email]> for reporting
the issue.