From owner-freebsd-security@FreeBSD.ORG Sun Oct 5 00:50:37 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B02C16A4B3 for ; Sun, 5 Oct 2003 00:50:37 -0700 (PDT) Received: from buexe.b-5.de (buexe.b-5.de [80.148.32.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87FDC43F75 for ; Sun, 5 Oct 2003 00:50:35 -0700 (PDT) (envelope-from lupe@lupe-christoph.de) Received: from antalya.lupe-christoph.de ([172.17.0.9])h957oXJ08027 for ; Sun, 5 Oct 2003 09:50:34 +0200 Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 52962470; Sun, 5 Oct 2003 09:50:28 +0200 (CEST) Date: Sun, 5 Oct 2003 09:50:28 +0200 To: freebsd-security@freebsd.org Message-ID: <20031005075028.GA12353@lupe-christoph.de> References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <200310032249.h93MnXS8047857@freefall.freebsd.org> <5.0.2.1.1.20031004022801.03018158@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.0.2.1.1.20031004022801.03018158@popserver.sfu.ca> User-Agent: Mutt/1.5.4i From: lupe@lupe-christoph.de (Lupe Christoph) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2003 07:50:37 -0000 On Saturday, 2003-10-04 at 02:33:31 +0100, Colin Percival wrote: > At 00:06 04/10/2003 +0000, Bjoern A. Zeeb wrote: > >On Fri, 3 Oct 2003, FreeBSD Security Advisories wrote: > >> c) Recompile the operating system as described in > >> >http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >. > >wouldn't it be > >possible to recompile libssl/libcrypto and install only them instead of > >rebuilding the complete base system as suggested > Just to confirm the contents of my earlier email: The only binaries > affected by this in RELENG_4_7 are /usr/lib/lib(ssl|crypto)(.a|.so.2|_p.a) > -- so rebuilding those two libraries (and any statically linked ports > software) should be enough. I see that the advisory is still not linked from the website. Given the hassle involve with building and installing world, wouldn't it be a good isdea to cut down on the installation and advise to rebuild the libraries, possibly any ports statically linking them, and restart either all affected processes or the system? Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett |