Date: Sun, 5 Oct 2003 09:50:28 +0200 From: lupe@lupe-christoph.de (Lupe Christoph) To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl Message-ID: <20031005075028.GA12353@lupe-christoph.de> In-Reply-To: <5.0.2.1.1.20031004022801.03018158@popserver.sfu.ca> References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <200310032249.h93MnXS8047857@freefall.freebsd.org> <5.0.2.1.1.20031004022801.03018158@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday, 2003-10-04 at 02:33:31 +0100, Colin Percival wrote: > At 00:06 04/10/2003 +0000, Bjoern A. Zeeb wrote: > >On Fri, 3 Oct 2003, FreeBSD Security Advisories wrote: > >> c) Recompile the operating system as described in > >> <URL: > >http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >. > >wouldn't it be > >possible to recompile libssl/libcrypto and install only them instead of > >rebuilding the complete base system as suggested > Just to confirm the contents of my earlier email: The only binaries > affected by this in RELENG_4_7 are /usr/lib/lib(ssl|crypto)(.a|.so.2|_p.a) > -- so rebuilding those two libraries (and any statically linked ports > software) should be enough. I see that the advisory is still not linked from the website. Given the hassle involve with building and installing world, wouldn't it be a good isdea to cut down on the installation and advise to rebuild the libraries, possibly any ports statically linking them, and restart either all affected processes or the system? Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031005075028.GA12353>