[Date Prev][Date Next] [Chronological] [Thread] [Top]

ITS#8046 - remote unauth DoS on 2.4.40

I haven't seen any announcement of this other than on security lists,
but there's an unauthenticated remote DoS bug in 2.4.40:


The actual ITS is a bit confusing, the reporter at one point says he had
the issue with a beta version of 2.4.40 and it didn't work against
release, but debian confirmed it kills their official 2.4.40 package and
it caused a segfault against my gentoo 2.4.40 release, so if you're
running 2.4.40 (older versions not vulnerable), it's probably worth
applying the patch from head:


I rebuilt my 2.4.40 with this and it no longer dies when the PoC query
is issued.