OpenBSD errata, Jan 31, 2017
2 February, 2017 by beck@openbsd.org | openbsd
An issue has been identified whereby httpd(8) could be subject to a denial of service attack. Repeated crafted requests could be made from a client using file-range requests, making the server consume excessive amounts of memory. This issue has been fixed in current. For 5.9 and 6.0 the following errata will disable range header processing in httpd(8) to prevent the problem. Thanks to Pierre Kim <pierre.kim.sec@gmail.com> for reporting the issue. https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/017_httpd.patch.sig https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/034_httpd.patch.sig