From owner-freebsd-security  Wed Dec 15  9:24:41 1999
Delivered-To: freebsd-security@freebsd.org
Received: from roble.com (roble.com [206.40.34.50])
	by hub.freebsd.org (Postfix) with ESMTP id 3345D15523
	for <security@FreeBSD.ORG>; Wed, 15 Dec 1999 09:24:36 -0800 (PST)
	(envelope-from sendmail@roble.com)
Received: from roble2.roble.com (roble2.roble.com [206.40.34.52])
	by roble.com (Roble1b) with SMTP id JAA25333
	for <security@FreeBSD.ORG>; Wed, 15 Dec 1999 09:24:36 -0800 (PST)
Date: Wed, 15 Dec 1999 09:24:34 -0800 (PST)
From: Roger Marquis <marquis@roble.com>
To: security@FreeBSD.ORG
Subject: Re: Security Advisory: Buffer overflow in RSAREF2
In-Reply-To: <bulk.27566.19991211131617@hub.freebsd.org>
Message-ID: <Pine.GSO.3.96.991215091819.13345A-100000@roble2.roble.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

spork <spork@super-g.com> wrote:
> does this mean that simply patching, recompiling, and installing librsaref
> will fix ssh (for this vuln, not the last)? 

You could also edit the ssh/Makefile to change CONFIGURE_ARGS:

	CONFIGURE_ARGS+=
	#CONFIGURE_ARGS+= --with-rsaref

and recompile/reinstall.

--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message