Time to upgrade, Unix-like OS-havers
Sysadmins need to upgrade networking kit and web servers following the discovery of a critical bug in FreeBSD.
FreeBSD is widely used in embedded networking and storage devices as well as some websites.
An integer signedness error was found in the kernel code on the 10.2 amd64 version of the OS.
The problem resulted in a heap overflow in the kernel – thus creating a means for local unprivileged attackers to crash the system.
The bug was discovered by security researchers at Core Security, who alerted the FreeBSD team on 2 March.
The FreeBSD 10.2 amd64 package is vulnerable, but a fix has been developed. Users can protect themselves from this vulnerability by upgrading to FreeBSD 10.2-RELENG.
Technical descriptions of the flaw and proof-of-concept code can be found in an advisory from Core Security here. ®
Sponsored: DevOps: hidden risks and how to achieve results