Date: Wed, 07 Jan 2009 23:21:14 -0800 From: Doug Barton <dougb@FreeBSD.org> To: matt donovan <kitchetech@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:02.openssl Message-ID: <4965A96A.4020604@FreeBSD.org> In-Reply-To: <28283d910901071730if218355pdde2752cccc79b44@mail.gmail.com> References: <200901072137.n07LbHwD049781@freefall.freebsd.org> <49653163.4070904@infracaninophile.co.uk> <28283d910901071730if218355pdde2752cccc79b44@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 matt donovan wrote: > On Wed, Jan 7, 2009 at 5:49 PM, Matthew Seaman < > m.seaman@infracaninophile.co.uk> wrote: >> The oCert advisory at http://ocert.org/advisories/ocert-2008-016.html >> lists BIND and NTP as affected packages. Don't the base system versions >> of those apps also need patching? > I was told they don't but I believe they do since it's the code inside of > ntp and bind don't check the return code correctly from what I can tell for > the OpenSSL EVP API Please see: https://www.isc.org/node/373 Unless you are using DNSSEC to verify signatures you're not vulnerable at all. As usual for non-critical upgrades I will upgrade the ports first so that those that need the new version(s) can easily get to them in a hurry, then upgrade the base(s) over the next day or two. hth, Doug - -- This .signature sanitized for your protection -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEAREDAAYFAkllqWoACgkQyIakK9Wy8PsIgACg1+vOtfCdZcw2Wirybm4lLpWD VUEAnisZEkFBM4I3+8YmLp97Y/z/i8OG =Uelm -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4965A96A.4020604>