Date: Fri, 10 Dec 1999 19:36:07 -0500 (EST) From: spork <spork@super-g.com> To: Kris Kennaway <kris@hub.freebsd.org> Cc: Todd Backman <todd@flyingcroc.net>, security@freebsd.org Subject: Re: Security Advisory: Buffer overflow in RSAREF2 (fwd) Message-ID: <Pine.BSF.4.00.9912101932300.21197-100000@super-g.inch.com> In-Reply-To: <Pine.BSF.4.21.9912021536050.6925-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Can someone clarify this for me? If ldd shows output like so:
root@ass[/usr/ports/security/rsaref]# ldd /usr/local/bin/ssh
/usr/local/bin/ssh:
libgmp.so.3 => /usr/lib/libgmp.so.3 (0x2806d000)
libz.so.2 => /usr/lib/libz.so.2 (0x28083000)
librsaref.so.2 => /usr/local/lib/librsaref.so.2 (0x28090000)
libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x28099000)
libutil.so.2 => /usr/lib/libutil.so.2 (0x280ae000)
libc.so.3 => /usr/lib/libc.so.3 (0x280b6000)
does this mean that simply patching, recompiling, and installing librsaref
will fix ssh (for this vuln, not the last)? I'm not a genius with all
this shared lib stuff, but I think I'm reading this right...
Thanks,
charles
On Thu, 2 Dec 1999, Kris Kennaway wrote:
> On Thu, 2 Dec 1999, Kris Kennaway wrote:
>
> > It's been patched: re-cvsup your ports and rebuild rsaref, followed by
> > anything which depends on it (i.e. which statically links to librsaref.a
> > - but easier and safer to just do all of the dependencies).
>
> I forgot to mention the easy way to get this list:
>
> cat /var/db/pkg/rsaref-2.0/+REQUIRED_BY
>
> before you rebuild.
>
> Kris
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.00.9912101932300.21197-100000>