FreeBSD Security Advisory FreeBSD-SA-06:20.bind
Colin Percival
cperciva at freebsd.org
Wed Sep 6 16:48:23 PDT 2006
Peter Thoenen wrote:
> Just to verify as not mentioned in the security advisory, if you are
> using both the BIND and OPENSSL ports with the REPLACE_BASE directive,
> these don't apply correct?
I don't know enough of what the ports do to be certain about the answer
to that question, but here are the files in the FreeBSD 6.x base system
which are affected by these security advisories:
/lib/libcrypto.so.4
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/bin/openssl
/usr/lib/libcrypto.a
/usr/lib/libssl.so.4
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-signzone
/usr/sbin/lwresd
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named
/usr/sbin/rndc-confgen
/usr/lib/libcrypto_p.a
If the ports replace all of those files, you should be safe (at least
on FreeBSD 6.x -- I can give you a list of files modified on FreeBSD
5.x and 4.11 once those FreeBSD Update builds finish).
Colin Percival
More information about the freebsd-security
mailing list