[Fwd: Security fix for openssl] Hvad med F&N bsd

From: Brian Josefsen (none@bj--cold.dk.lh.bsd-dk.dk)
Date: Fri 12 Oct 2007 - 15:05:56 CEST

Next message: Brian Josefsen: "Re: [Fwd: Security fix for openssl] Hvad med F&N bsd"
Previous message: Lars Bonnesen: "Re: EXPI9402PT på OpenBSD 4.1?"
Next in thread: Brian Josefsen: "Re: [Fwd: Security fix for openssl] Hvad med F&N bsd"
Reply: Brian Josefsen: "Re: [Fwd: Security fix for openssl] Hvad med F&N bsd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Date: Fri, 12 Oct 2007 15:05:56 +0200
From: Brian Josefsen <none@bj--cold.dk.lh.bsd-dk.dk>
To:  bsd-dk@bsd-dk.dk
Subject: [Fwd: Security fix for openssl] Hvad med F&N bsd

Hej

Modtog netop vedhæftede advisory for OpenBSD, men umiddelbart skulle man
tro at der ville være samme problem med Free og NetBSD. Men har lige
suget src ned for 6-stable, der er ikke noget nyt openssl. Jeg troede
generelt at man fulgtes ad, så man først offentliggjorde fix når man
havde et fix eller en workaround for alle distributørerne?
Håber nogle kan oplyse mig lidt bedre.

-- Mvh Brian Josefsen

attached mail follows:

Date: Fri, 12 Oct 2007 11:39:30 +0200
From: Moritz Jodeit <none@moritz--openbsd.org.lh.bsd-dk.dk>
To: security-announce@openbsd.org
Subject: Security fix for openssl

Summary: The SSL_get_shared_ciphers() function in OpenSSL contains an off-by-one overflow.

Impact: A client can send a specially prepared list of ciphers to an application using the SSL_get_shared_ciphers() function from the OpenSSL library, potentially resulting in remote code execution.

Fix: A fix has been committed to OpenBSD-current. Patches are available for OpenBSD 4.2, 4.1 and 4.0.

ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/002_openssl.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.1/common/011_openssl.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/017_openssl.patch

Credits: The bug was found and fixed by Moritz Jodeit (moritz@). Original Adivsory: <http://www.securityfocus.com/archive/1/480855/30/0/threaded>

Next message: Brian Josefsen: "Re: [Fwd: Security fix for openssl] Hvad med F&N bsd"
Previous message: Lars Bonnesen: "Re: EXPI9402PT på OpenBSD 4.1?"
Next in thread: Brian Josefsen: "Re: [Fwd: Security fix for openssl] Hvad med F&N bsd"
Reply: Brian Josefsen: "Re: [Fwd: Security fix for openssl] Hvad med F&N bsd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b30 : Wed 31 Oct 2007 - 23:00:02 CET