From owner-freebsd-security Wed Dec 15 10:16:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id E5E2A155A0 for ; Wed, 15 Dec 1999 10:16:05 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id LAA77183; Wed, 15 Dec 1999 11:16:03 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA62258; Wed, 15 Dec 1999 11:16:03 -0700 (MST) Message-Id: <199912151816.LAA62258@harmony.village.org> To: Chris Johnson Subject: Re: CERT released RSAREF bulletin Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Wed, 15 Dec 1999 05:01:49 EST." <19991215050149.A3602@palomine.net> References: <19991215050149.A3602@palomine.net> <4.2.2.19991214112940.01c3d5b8@mail.myable.com> Date: Wed, 15 Dec 1999 11:16:03 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <19991215050149.A3602@palomine.net> Chris Johnson writes: : Of these, I'm using OpenSSH, openssl, and pipsecd. It seems to me that all of : these link rsaref dynamically, and that therefore I should need only to rebuild : rsaref to ensure my safety. Can someone say definitively whether this is the : case? And if so, why do I keep seeing these messages telling me I need to : rebuild anything that depends on the rsaref port? Also, was the fix that was : applied to the ssh port also applied to the OpenSSH port? I listed all the ports that used the rsaref port as ones to rebuild. It is the only way to be sure, even though not all ports that use it are vulnerable. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message