From owner-freebsd-security@FreeBSD.ORG Wed Mar 17 16:45:00 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C24A116A4CE for ; Wed, 17 Mar 2004 16:45:00 -0800 (PST) Received: from web14811.mail.yahoo.com (web14811.mail.yahoo.com [66.163.172.95]) by mx1.FreeBSD.org (Postfix) with SMTP id B631C43D1F for ; Wed, 17 Mar 2004 16:45:00 -0800 (PST) (envelope-from rosti_bsd@yahoo.com) Message-ID: <20040318004500.39746.qmail@web14811.mail.yahoo.com> Received: from [192.117.108.59] by web14811.mail.yahoo.com via HTTP; Wed, 17 Mar 2004 16:45:00 PST Date: Wed, 17 Mar 2004 16:45:00 -0800 (PST) From: Rostislav Krasny To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: FreeBSD-SA-04:05.openssl question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 00:45:00 -0000 Hello there. The FreeBSD-SA-04:05.openssl Security Advisory announced a "null-pointer assignment during SSL handshake" DoS vulnerability. However, the OpenSSH Security Advisory of 17 March 2004 announced the same vulnerability with one more vulnerability. Look at http://www.openssl.org/news/secadv_20040317.txt Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects Kerberos ciphersuites" security problem? Thanks __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com