Re: What is affected by FreeBSD-SA-07:08.openssl ?
On Thu, Oct 04, 2007 at 10:32:20AM -0400, Duane Winner wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Alexandre Biancalana wrote: > > Hi list, > > > > A quick: > > > > $ grep -lr SSL_get_shared_ciphers /usr/src 2> /dev/null > > /usr/src/crypto/openssl/apps/s_client.c > > /usr/src/crypto/openssl/apps/s_server.c > > /usr/src/crypto/openssl/doc/ssleay.txt > > /usr/src/crypto/openssl/doc/ssl/ssl.pod > > /usr/src/crypto/openssl/ssl/ssl.h > > /usr/src/crypto/openssl/ssl/ssl_lib.c > > /usr/src/crypto/openssl/util/ssleay.num > > /usr/src/secure/lib/libssl/man/ssl.3 > > > > Doesn't revel much about what is affected by this bug Have someone made > > some deeper analysis about what is affected ? > > Related question: > > Would any ports which may have been built based on openssl libraries > (apache, stunnel, etc.) need to be rebuilt after this openssl patch? I would think it would be sufficient just to restart any such ports, rather than completely rebuild them, to ensure that the updated version of the OpenSSL libs are loaded, and not the old broken ones. However, it can't do any harm to rebuild, if you're that worried about it. I'm sure someone will put me right if that's not the case, though. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpOhzBckvOyD.pgp Description: PGP signature
Re: What is affected by FreeBSD-SA-07:08.openssl ?
Alexandre Biancalana wrote: > $ grep -lr SSL_get_shared_ciphers /usr/src 2> /dev/null > /usr/src/crypto/openssl/apps/s_client.c > /usr/src/crypto/openssl/apps/s_server.c > /usr/src/crypto/openssl/doc/ssleay.txt > /usr/src/crypto/openssl/doc/ssl/ssl.pod > /usr/src/crypto/openssl/ssl/ssl.h > /usr/src/crypto/openssl/ssl/ssl_lib.c > /usr/src/crypto/openssl/util/ssleay.num > /usr/src/secure/lib/libssl/man/ssl.3 > > Doesn't revel much about what is affected by this bug Have someone made > some deeper analysis about what is affected ? It doesn't look like anything in the base system uses this function, but I just zgrepped my /usr/ports/distfiles and found that mysql uses this if it is compiled with DBUG_OFF not defined. Assuming that you keep all of your ports distfiles, you can run $ zgrep -R SSL_get_shared_ciphers /usr/ports/distfiles and any applications which use said function will probably show up. But as for a deep analysis -- not that I'm aware of. We fixed this because there might be an application which used this function in a way which made this buffer overflow exploitable, not because we knew that such an application existed. Colin Percival FreeBSD Security Officer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: What is affected by FreeBSD-SA-07:08.openssl ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexandre Biancalana wrote: > Hi list, > > A quick: > > $ grep -lr SSL_get_shared_ciphers /usr/src 2> /dev/null > /usr/src/crypto/openssl/apps/s_client.c > /usr/src/crypto/openssl/apps/s_server.c > /usr/src/crypto/openssl/doc/ssleay.txt > /usr/src/crypto/openssl/doc/ssl/ssl.pod > /usr/src/crypto/openssl/ssl/ssl.h > /usr/src/crypto/openssl/ssl/ssl_lib.c > /usr/src/crypto/openssl/util/ssleay.num > /usr/src/secure/lib/libssl/man/ssl.3 > > Doesn't revel much about what is affected by this bug Have someone made > some deeper analysis about what is affected ? Related question: Would any ports which may have been built based on openssl libraries (apache, stunnel, etc.) need to be rebuilt after this openssl patch? - -DW > > Best Regards, > > Alexandre Biancalana > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHBPl0AQOPf2yoJj8RArAcAJ9utZf/7AE/0NZMY5lCc0iJQvZ+LACdGQjO 4BDswoNLJtezAUOjJIhhenA= =5Mtv -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: What is affected by FreeBSD-SA-07:08.openssl ?
Am Donnerstag 04 Oktober 2007 15:53:28 schrieb Alexandre Biancalana: > > Doesn't revel much about what is affected by this bug Have someone made > some deeper analysis about what is affected ? Apache (i.e. mod_ssl) is affected by this. That's what makes the patch important. -- Heiko Wundram Product & Application Development ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
What is affected by FreeBSD-SA-07:08.openssl ?
Hi list, A quick: $ grep -lr SSL_get_shared_ciphers /usr/src 2> /dev/null /usr/src/crypto/openssl/apps/s_client.c /usr/src/crypto/openssl/apps/s_server.c /usr/src/crypto/openssl/doc/ssleay.txt /usr/src/crypto/openssl/doc/ssl/ssl.pod /usr/src/crypto/openssl/ssl/ssl.h /usr/src/crypto/openssl/ssl/ssl_lib.c /usr/src/crypto/openssl/util/ssleay.num /usr/src/secure/lib/libssl/man/ssl.3 Doesn't revel much about what is affected by this bug Have someone made some deeper analysis about what is affected ? Best Regards, Alexandre Biancalana ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"