Date: Fri, 11 Jul 2008 13:14:09 -0700 From: Chuck Swiger <cswiger@mac.com> To: freebsd-security@freebsd.org Cc: Doug Barton <dougb@FreeBSD.org> Subject: OpenSSL warning from dns/bind95 build...? Message-ID: <DEB25E89-7447-4EA0-8800-23897C593756@mac.com>
next in thread | raw e-mail | index | archive | help
Hi, all-- Apropos of this security issue with BIND, I just tried updating a FreeBSD-6.3-STABLE system with dns/bind95, and it loudly complains about the OpenSSL version which comes with the system: > [ ... ] > config.status: creating include/isc/platform.h > config.status: creating config.h > WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING > WARNING WARNING > WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING > WARNING WARNING > WARNING > > WARNING > WARNING Your OpenSSL crypto library may be vulnerable > to WARNING > WARNING one or more of the the following known > security WARNING > WARNING > flaws: WARNING > WARNING > > WARNING > WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 > and WARNING > WARNING > CVE-2006-2940. WARNING > WARNING > > WARNING > WARNING It is recommended that you upgrade to > OpenSSL WARNING > WARNING version 0.9.8d/0.9.7l (or > greater). WARNING > WARNING > > WARNING > WARNING You can disable this warning by > specifying: WARNING > WARNING > > WARNING > WARNING --disable-openssl-version-check > WARNING > WARNING > > WARNING > WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING > WARNING WARNING > WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING > WARNING WARNING > ===> Building for bind95-base-9.5.0.1 Is the version of OpenSSL now included with RELENG_6 (OpenSSL 0.9.7e- p1) OK, or is it at risk as reported? Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DEB25E89-7447-4EA0-8800-23897C593756>