Date: Wed, 15 Dec 1999 05:01:49 -0500 From: Chris Johnson <cjohnson@palomine.net> To: freebsd-security@freebsd.org Subject: Re: CERT released RSAREF bulletin Message-ID: <19991215050149.A3602@palomine.net> In-Reply-To: <4.2.2.19991214112940.01c3d5b8@mail.myable.com>; from Marc Bejarano on Tue, Dec 14, 1999 at 11:39:23AM -0800 References: <4.2.2.19991214112940.01c3d5b8@mail.myable.com>
next in thread | previous in thread | raw e-mail | index | archive | help
According to the CERT bulletin:
FreeBSD 3.3R and prior releases contain packages with this problem.
This problem was corrected December 2, 1999 in the ports tree.
Packages built after this date with the rsaref updated should be
unaffected by this vulnerabilities. Some or all of the following ports
may be affected should be rebuilt:
p5-Penguin, p5-Penguin-Easy, jp-pgp, ja-w3m-ssl, ko-pgp, pgpsendmail,
pine4-ssl, premail, ParMetis, SSLtelnet, mpich, pipsecd, tund,
nntpcache, p5-Gateway, p5-News-Article, ru-pgp, bjorb, keynote,
OpenSSH, openssl, p5-PGP, p5-PGP-Sign, pgp, slush, ssh,
sslproxy, stunnel, apache+mod_ssl, apache+ssl, lynx-ssl,
w3m-ssl, zope
Of these, I'm using OpenSSH, openssl, and pipsecd. It seems to me that all of
these link rsaref dynamically, and that therefore I should need only to rebuild
rsaref to ensure my safety. Can someone say definitively whether this is the
case? And if so, why do I keep seeing these messages telling me I need to
rebuild anything that depends on the rsaref port? Also, was the fix that was
applied to the ssh port also applied to the OpenSSH port?
Chris
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991215050149.A3602>