=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata45.html,v retrieving revision 1.4 retrieving revision 1.5 diff -c -r1.4 -r1.5 *** www/errata45.html 2009/04/11 23:46:45 1.4 --- www/errata45.html 2009/04/13 01:24:38 1.5 *************** *** 91,97 **** When pf attempts to perform translation on a specially crafted IP datagram, a null pointer dereference will occur, resulting in a kernel panic. In certain configurations this may be triggered by a remote attacker. !
Restricting translation rules to protocols that are specific to the IP version
in use, is an effective workaround until the patch can be installed. As an
example, for IPv4 nat/binat/rdr rules you can use:
--- 91,97 ----
When pf attempts to perform translation on a specially crafted IP datagram,
a null pointer dereference will occur, resulting in a kernel panic.
In certain configurations this may be triggered by a remote attacker.
!
Restricting translation rules to protocols that are specific to the IP version
in use, is an effective workaround until the patch can be installed. As an
example, for IPv4 nat/binat/rdr rules you can use:
***************
*** 160,166 ****