Saturday, March 17, 2007

Errata 010 r2

PuffyThe OpenBSD team has just released a second revision to patch 010 for OpenBSD 4.0.

This is a security fix and applies to all architectures. It is serious and should be applied immediately.

Quote from the Errata page:
Incorrect mbuf handling for ICMP6 packets.
Using pf(4) to avoid the problem packets is an effective workaround until the patch can be installed.
Use "block in inet6" in /etc/pf.conf.

If you previously installed rev1 of my binpatch (motd banner looks like "OpenBSD 4.0 (GENERIC) #4: Thu Mar 8 17:30:41 EST 2007"), you should upgrade to my rev2 binpatch (motd banner looks like "OpenBSD 4.0 (GENERIC) #5: Sun Mar 18 01:05:50 EDT 2007").

For those playing along at home:

  • If you previously installed rev1 of 010, find a copy of the rev1 patch and apply it again. At the "Reversed (or previously applied) patch detected! Assume -R? [y]" prompt, press the Enter key to undo the patch. Then, download the new patch from the OpenBSD FTP site (or my mirror) and apply this patch and rebuild your kernel(s).

  • If you had not previously applied the patch, slam your hand into a kitchen drawer once or twice. BAD SysAdmin! BAD! Now, apply the patch and build your kernel. No need to back out of the rev1 patch. Bad.