Re: FreeBSD Security Advisory FreeBSD-SA-09:02.openssl



-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

matt donovan wrote:
On Wed, Jan 7, 2009 at 5:49 PM, Matthew Seaman <
m.seaman@xxxxxxxxxxxxxxxxxxxxxx> wrote:
The oCert advisory at http://ocert.org/advisories/ocert-2008-016.html
lists BIND and NTP as affected packages. Don't the base system versions
of those apps also need patching?
I was told they don't but I believe they do since it's the code inside of
ntp and bind don't check the return code correctly from what I can tell for
the OpenSSL EVP API

Please see: https://www.isc.org/node/373

Unless you are using DNSSEC to verify signatures you're not vulnerable
at all.

As usual for non-critical upgrades I will upgrade the ports first so
that those that need the new version(s) can easily get to them in a
hurry, then upgrade the base(s) over the next day or two.

hth,

Doug

- --

This .signature sanitized for your protection

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iEYEAREDAAYFAkllqWoACgkQyIakK9Wy8PsIgACg1+vOtfCdZcw2Wirybm4lLpWD
VUEAnisZEkFBM4I3+8YmLp97Y/z/i8OG
=Uelm
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: EyeTV 3 is out....
    ... it's a bit like an Office/Win "upgrade". ... I was discounting the £15 that tvtv would have cost me. ... getting the new schedule or EyeTV not checking with tvtv more than ... I don't have an option for NTP clock setting. ...
    (uk.comp.sys.mac)
  • Re: Ntp in sid doing strange things?
    ... I upgrade every day, and had a fresh reboot 3 days ago. ... Ntp is working fine ... clocks in the machines' CPU, ... "One disk to rule them all, ...
    (Debian-User)
  • Re: ntpd access restrictions: Server allowed works only with ipaddress
    ... not specific to NTP. ... From our own customers I know that many of them keep using e.g. existing/older Linux distros, since basically they work as expected, and they don't always upgrade the whole distro just because a new version is available. ... So I can understand why many people just try to keep working with the latest binary package available for their distro. ...
    (comp.protocols.time.ntp)
  • GCC-4.2.3 Compiler Error in NTP-4.2.2p4
    ... I tried to upgrade my ntp version running on a FreeBSD 6.3-STABLE ... *** Error code 1 ... PGP KeyID = 0x5F22FDC1 ...
    (comp.protocols.time.ntp)