From owner-freebsd-security@FreeBSD.ORG Mon Jul 26 12:25:09 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 011951065670 for ; Mon, 26 Jul 2010 12:25:09 +0000 (UTC) (envelope-from peterjeremy@acm.org) Received: from fallbackmx10.syd.optusnet.com.au (fallbackmx10.syd.optusnet.com.au [211.29.132.251]) by mx1.freebsd.org (Postfix) with ESMTP id 863998FC15 for ; Mon, 26 Jul 2010 12:25:08 +0000 (UTC) Received: from mail35.syd.optusnet.com.au (mail35.syd.optusnet.com.au [211.29.133.51]) by fallbackmx10.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id o6QAJq0c012763 for ; Mon, 26 Jul 2010 20:19:52 +1000 Received: from server.vk2pj.dyndns.org (c211-30-160-13.belrs4.nsw.optusnet.com.au [211.30.160.13]) by mail35.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id o6QAJn8o024203 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 26 Jul 2010 20:19:50 +1000 X-Bogosity: Ham, spamicity=0.000000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.4/8.14.4) with ESMTP id o6QAJkCF009686; Mon, 26 Jul 2010 20:19:46 +1000 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.4/8.14.4/Submit) id o6QAJk2m009685; Mon, 26 Jul 2010 20:19:46 +1000 (EST) (envelope-from peter) Date: Mon, 26 Jul 2010 20:19:46 +1000 From: Peter Jeremy To: ajtiM Message-ID: <20100726101946.GA8918@server.vk2pj.dyndns.org> References: <201007251306.30579.lumiwa@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bp/iNruPH9dso1Pn" Content-Disposition: inline In-Reply-To: <201007251306.30579.lumiwa@gmail.com> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.20 (2009-06-14) Cc: freebsd-security@freebsd.org Subject: Re: portaudit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2010 12:25:09 -0000 --bp/iNruPH9dso1Pn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2010-Jul-25 13:06:30 -0500, ajtiM wrote: >Hi! > portaudit -a shows: > >Affected package: mDNSResponder-214 >Type of problem: mDNSResponder -- corrupted stack crash when parsing bad= =20 >resolv.conf. >Reference:=20 > =2E.. >3 problem(s) in your installed packages found. > >You are advised to update or deinstall the affected package(s) immediately. > >Do I need to deinstall those ports or is safe anyway? For maximum safety, you should update or uninstall the specified packages. Alternatively, you could follow the reference links and determine whether the particular vulnerabilities apply to your particular situation. This obviously requires a greater level of skill and reviewing if the situation changes. --=20 Peter Jeremy --bp/iNruPH9dso1Pn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (FreeBSD) iEYEARECAAYFAkxNYUIACgkQ/opHv/APuIfBhQCgwerFiIySRoWmoo/5xme7AG8r TTkAn1znQ6Miwz67TzbBR1ZWLYcwy0QB =K8Vx -----END PGP SIGNATURE----- --bp/iNruPH9dso1Pn--