Date: Fri, 10 Dec 1999 18:28:19 -0700 From: Brett Glass <brett@lariat.org> To: Kris Kennaway <kris@hub.freebsd.org>, spork <spork@super-g.com> Cc: Todd Backman <todd@flyingcroc.net>, security@FreeBSD.ORG Subject: Re: Security Advisory: Buffer overflow in RSAREF2 (fwd) Message-ID: <4.2.0.58.19991210182710.03d98d80@localhost> In-Reply-To: <Pine.BSF.4.21.9912101650450.35020-100000@hub.freebsd.org> References: <Pine.BSF.4.00.9912101932300.21197-100000@super-g.inch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Has the RSAREF port for 2.2.8 been updated? --Brett At 05:52 PM 12/10/1999 , Kris Kennaway wrote: >On Fri, 10 Dec 1999, spork wrote: > > > root@ass[/usr/ports/security/rsaref]# ldd /usr/local/bin/ssh > > /usr/local/bin/ssh: > > libgmp.so.3 => /usr/lib/libgmp.so.3 (0x2806d000) > > libz.so.2 => /usr/lib/libz.so.2 (0x28083000) > > librsaref.so.2 => /usr/local/lib/librsaref.so.2 (0x28090000) > > libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x28099000) > > libutil.so.2 => /usr/lib/libutil.so.2 (0x280ae000) > > libc.so.3 => /usr/lib/libc.so.3 (0x280b6000) > > > > does this mean that simply patching, recompiling, and installing librsaref > > will fix ssh (for this vuln, not the last)? I'm not a genius with all > > this shared lib stuff, but I think I'm reading this right... > >Yes. None of the librsaref code is included in the ssh binary itself, >which would be the case if it was linked against the static librsaref.a >(which you wouldn't see in ldd anyway). > >Kris > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19991210182710.03d98d80>