-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 matt donovan wrote: > On Wed, Jan 7, 2009 at 5:49 PM, Matthew Seaman < > m.sea...@infracaninophile.co.uk> wrote: >> The oCert advisory at http://ocert.org/advisories/ocert-2008-016.html >> lists BIND and NTP as affected packages. Don't the base system versions >> of those apps also need patching? > I was told they don't but I believe they do since it's the code inside of > ntp and bind don't check the return code correctly from what I can tell for > the OpenSSL EVP API
Please see: https://www.isc.org/node/373 Unless you are using DNSSEC to verify signatures you're not vulnerable at all. As usual for non-critical upgrades I will upgrade the ports first so that those that need the new version(s) can easily get to them in a hurry, then upgrade the base(s) over the next day or two. hth, Doug - -- This .signature sanitized for your protection -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEAREDAAYFAkllqWoACgkQyIakK9Wy8PsIgACg1+vOtfCdZcw2Wirybm4lLpWD VUEAnisZEkFBM4I3+8YmLp97Y/z/i8OG =Uelm -----END PGP SIGNATURE----- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
