OpenBSD errata, Jan 31, 2017

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

OpenBSD errata, Jan 31, 2017

Bob Beck-3
An issue has been identified whereby httpd(8) could be subject to a denial
of service attack. Repeated crafted requests could be made from a client
using file-range requests, making the server consume excessive amounts of
memory.

This issue has been fixed in current. For 5.9 and 6.0 the following errata
will disable range header processing in httpd(8) to prevent the problem.

Thanks to Pierre Kim <[hidden email]> for reporting
the issue.

https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/017_httpd.patch.sig

https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/034_httpd.patch.sig
Loading...