OpenSSL warning from dns/bind95 build...?
Chuck Swiger
cswiger at mac.com
Fri Jul 11 20:29:16 UTC 2008
Hi, all--
Apropos of this security issue with BIND, I just tried updating a
FreeBSD-6.3-STABLE system with dns/bind95, and it loudly complains
about the OpenSSL version which comes with the system:
> [ ... ]
> config.status: creating include/isc/platform.h
> config.status: creating config.h
> WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
> WARNING WARNING
> WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
> WARNING WARNING
> WARNING
>
> WARNING
> WARNING Your OpenSSL crypto library may be vulnerable
> to WARNING
> WARNING one or more of the the following known
> security WARNING
> WARNING
> flaws: WARNING
> WARNING
>
> WARNING
> WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937
> and WARNING
> WARNING
> CVE-2006-2940. WARNING
> WARNING
>
> WARNING
> WARNING It is recommended that you upgrade to
> OpenSSL WARNING
> WARNING version 0.9.8d/0.9.7l (or
> greater). WARNING
> WARNING
>
> WARNING
> WARNING You can disable this warning by
> specifying: WARNING
> WARNING
>
> WARNING
> WARNING --disable-openssl-version-check
> WARNING
> WARNING
>
> WARNING
> WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
> WARNING WARNING
> WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
> WARNING WARNING
> ===> Building for bind95-base-9.5.0.1
Is the version of OpenSSL now included with RELENG_6 (OpenSSL 0.9.7e-
p1) OK, or is it at risk as reported?
Regards,
--
-Chuck
More information about the freebsd-security
mailing list