search for: secadv_20030930

We have OpenSSH built against a static version of the OpenSSL library. Do the recent OpenSSL vulnerabilities necessitate a rebuild of OpenSSH? http://www.openssl.org/news/secadv_20030930.txt >From the description of the four bugs, I'm inclined to think not. -- albert chin (china at thewrittenword.com)

Hello Everyone, You may have seen the recent announcement regarding new OpenSSL vulnerabilities. <URL: http://www.openssl.org/news/secadv_20030930.txt > Just thought I'd drop a line to head off the usual questions. :-) Don't panic. The vulnerability is denial-of-service. OpenSSL 0.9.7c will be imported into -CURRENT and -STABLE over the next couple of days, and included in 4.9-RELEASE. Fixes for the security branches w...

...anic. Fixes for this issue are in -CURRENT and -STABLE. The security branches will be addressed during the rest of the day. <URL: http://www.pine.nl/press/pine-cert-20030902.txt > FreeBSD-SA-03:18.openssl The issue reported at <URL: http://www.openssl.org/news/secadv_20030930.txt > affects the version of OpenSSL included with previous versions of FreeBSD. The impact is limited to denial-of-service. Because of the relative severity of the above issues, this openssl issue will likely not be completely dealt with until tomorrow or even Saturda...

...1.1.1.1.2.2.8.3 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.3.6.4 src/sys/conf/newvers.sh 1.44.2.23.2.43 - ------------------------------------------------------------------------- VII. References <URL: http://www.openssl.org/news/secadv_20030930.txt > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545 > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544 > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD4DB...

...1.1.1.1.2.2.8.3 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.3.6.4 src/sys/conf/newvers.sh 1.44.2.23.2.43 - ------------------------------------------------------------------------- VII. References <URL: http://www.openssl.org/news/secadv_20030930.txt > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545 > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544 > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD4DB...