Date: Wed, 06 Sep 2006 16:47:43 -0700 From: Colin Percival <cperciva@freebsd.org> To: eol1@yahoo.com Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:20.bind Message-ID: <44FF5E1F.2080607@freebsd.org> In-Reply-To: <20060906230642.39757.qmail@web51909.mail.yahoo.com> References: <20060906230642.39757.qmail@web51909.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Thoenen wrote: > Just to verify as not mentioned in the security advisory, if you are > using both the BIND and OPENSSL ports with the REPLACE_BASE directive, > these don't apply correct? I don't know enough of what the ports do to be certain about the answer to that question, but here are the files in the FreeBSD 6.x base system which are affected by these security advisories: /lib/libcrypto.so.4 /usr/bin/dig /usr/bin/host /usr/bin/nslookup /usr/bin/nsupdate /usr/bin/openssl /usr/lib/libcrypto.a /usr/lib/libssl.so.4 /usr/sbin/dnssec-keygen /usr/sbin/dnssec-signzone /usr/sbin/lwresd /usr/sbin/named-checkconf /usr/sbin/named-checkzone /usr/sbin/named /usr/sbin/rndc-confgen /usr/lib/libcrypto_p.a If the ports replace all of those files, you should be safe (at least on FreeBSD 6.x -- I can give you a list of files modified on FreeBSD 5.x and 4.11 once those FreeBSD Update builds finish). Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44FF5E1F.2080607>