OpenSSL warning from dns/bind95 build...?
    Simon L. Nielsen 
    simon at FreeBSD.org
       
    Sun Jul 13 22:39:35 UTC 2008
    
    
  
On 2008.07.11 13:14:09 -0700, Chuck Swiger wrote:
[quote edited to contain important part]
>> WARNING         Your OpenSSL crypto library may be vulnerable to
>> WARNING         one or more of the the following known security
>> WARNING         flaws:
>> WARNING
>> WARNING         CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and
>> WARNING         CVE-2006-2940.
>> WARNING
[...]
> Is the version of OpenSSL now included with RELENG_6 (OpenSSL 0.9.7e-p1)
> OK, or is it at risk as reported?
Just so there is no doubt - the base system OpenSSL isn't actually
vulnerable to those issues.  They were fixed in SA-02:33.openssl,
FreeBSD-SA-06:19.openssl, and FreeBSD-SA-06:23.openssl.
The BIND build system just has no way to see this since they were
patched instead of upgraded.
--
Simon L. Nielsen
Hats: Base system OpenSSL janitor and FreeBSD Security Team
    
    
More information about the freebsd-security
mailing list