FreeBSD Security Advisory FreeBSD-SA-09:02.openssl
Doug Barton
dougb at FreeBSD.org
Thu Jan 8 07:47:57 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
matt donovan wrote:
> On Wed, Jan 7, 2009 at 5:49 PM, Matthew Seaman <
> m.seaman at infracaninophile.co.uk> wrote:
>> The oCert advisory at http://ocert.org/advisories/ocert-2008-016.html
>> lists BIND and NTP as affected packages. Don't the base system versions
>> of those apps also need patching?
> I was told they don't but I believe they do since it's the code inside of
> ntp and bind don't check the return code correctly from what I can tell for
> the OpenSSL EVP API
Please see: https://www.isc.org/node/373
Unless you are using DNSSEC to verify signatures you're not vulnerable
at all.
As usual for non-critical upgrades I will upgrade the ports first so
that those that need the new version(s) can easily get to them in a
hurry, then upgrade the base(s) over the next day or two.
hth,
Doug
- --
This .signature sanitized for your protection
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
iEYEAREDAAYFAkllqWoACgkQyIakK9Wy8PsIgACg1+vOtfCdZcw2Wirybm4lLpWD
VUEAnisZEkFBM4I3+8YmLp97Y/z/i8OG
=Uelm
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list