[olug] OpenSSL .97c on FreeBSD
Sean Kelly
smkelly at zombie.org
Fri Oct 3 19:05:20 UTC 2003
On Thu, Oct 02, 2003 at 04:36:59PM -0500, neal rauhauser wrote:
> I see that the ports version of OpenSSL is updated to .97c but the
> vunerable .97a continues to appear in /usr/src.
>
> I have a real horror of patching up the .97a stuff with a port - I
> really prefer everything in the base system to work. Anyone got a fix
> for this? Am I just missing something obvious?
This was sent to freebsd-security@ yesterday:
FreeBSD-SA-03:18.openssl
The issue reported at
<URL: http://www.openssl.org/news/secadv_20030930.txt >
affects the version of OpenSSL included with previous versions
of FreeBSD. The impact is limited to denial-of-service. Because
of the relative severity of the above issues, this openssl issue
will likely not be completely dealt with until tomorrow or even
Saturday. The official fixed version, OpenSSL 0.9.7c, was
imported into -CURRENT yesterday, and will be MFC'd to -STABLE
today, but it will be a bit longer to backport fixes for the
security branches.
AFAIK, it is not announced yet. I just checked, and it has been MFC'd to
RELENG_4. If you are running RELENG_4, just cvsup and do the normal
buildworld/installworld. It doesn't look like it is in the security
branches yet (i.e. RELENG_4_8, RELENG_4_7).
Hope that helps.
--
Sean Kelly | PGP KeyID: D2E5E296
smkelly at zombie.org | http://www.zombie.org
More information about the OLUG
mailing list