From owner-freebsd-security@FreeBSD.ORG Wed Sep 6 23:48:23 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 675E316A4DE for ; Wed, 6 Sep 2006 23:48:23 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd3mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0468743D49 for ; Wed, 6 Sep 2006 23:48:22 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd4mr2so.prod.shaw.ca (pd4mr2so-qfe3.prod.shaw.ca [10.0.141.213]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J570078K3FNB770@l-daemon> for freebsd-security@freebsd.org; Wed, 06 Sep 2006 17:47:47 -0600 (MDT) Received: from pn2ml10so.prod.shaw.ca ([10.0.121.80]) by pd4mr2so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J5700KHN3FNKD50@pd4mr2so.prod.shaw.ca> for freebsd-security@freebsd.org; Wed, 06 Sep 2006 17:47:47 -0600 (MDT) Received: from hexahedron.daemonology.net ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0J57003MV3FNH7X0@l-daemon> for freebsd-security@freebsd.org; Wed, 06 Sep 2006 17:47:47 -0600 (MDT) Received: (qmail 87122 invoked from network); Wed, 06 Sep 2006 23:47:44 +0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by localhost with SMTP; Wed, 06 Sep 2006 23:47:44 +0000 Date: Wed, 06 Sep 2006 16:47:43 -0700 From: Colin Percival In-reply-to: <20060906230642.39757.qmail@web51909.mail.yahoo.com> To: eol1@yahoo.com Message-id: <44FF5E1F.2080607@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.94.0.0 References: <20060906230642.39757.qmail@web51909.mail.yahoo.com> User-Agent: Thunderbird 1.5 (X11/20060416) Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:20.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2006 23:48:23 -0000 Peter Thoenen wrote: > Just to verify as not mentioned in the security advisory, if you are > using both the BIND and OPENSSL ports with the REPLACE_BASE directive, > these don't apply correct? I don't know enough of what the ports do to be certain about the answer to that question, but here are the files in the FreeBSD 6.x base system which are affected by these security advisories: /lib/libcrypto.so.4 /usr/bin/dig /usr/bin/host /usr/bin/nslookup /usr/bin/nsupdate /usr/bin/openssl /usr/lib/libcrypto.a /usr/lib/libssl.so.4 /usr/sbin/dnssec-keygen /usr/sbin/dnssec-signzone /usr/sbin/lwresd /usr/sbin/named-checkconf /usr/sbin/named-checkzone /usr/sbin/named /usr/sbin/rndc-confgen /usr/lib/libcrypto_p.a If the ports replace all of those files, you should be safe (at least on FreeBSD 6.x -- I can give you a list of files modified on FreeBSD 5.x and 4.11 once those FreeBSD Update builds finish). Colin Percival