Four New Security Advisories Released for NetBSD 18
Dan writes "The NetBSD security team has issued Four NetBSD Security Advisories. (1) Format string vulnerability in zlib gzprintf(): a buffer overflow can result in arbitrary code execution. (2) RSA timing attack in OpenSSL code can enable remote recovery of private keys, from a host with low-latency access to the server - such as the local host, or a host on the LAN. (3) Encryption weakness in OpenSSL code enables an attacker to perform crypto operations using server's private keys. Finally (4), faulty length checks in xdrmem_getbytes (within libc) are susceptible to integer overflows that affect memory allocation in their local buffers."
why link to freebsdforums? (Score:3, Informative)
Re:why link to freebsdforums? (Score:2)
time to update the system again...
Its times like this that I wish BSD's package management system allowed one to upgrade only part of the system without getting the source or doing an upgrade.... That is one thing I do like about linux's rpm. Its easeier to upgrade IMHO.
Oh well this way I get the latest build, who knows maybe they'll have wsmoused in it....
Re:why link to freebsdforums? (Score:3, Interesting)
Re:why link to freebsdforums? (Score:4, Informative)
# cd src
# cvs update -d -P -r netbsd-1-6 lib/libz/gzio.c
# cd lib/libz
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
(Similarly for the other advisories.)
This is not really very difficult.
Re:why link to freebsdforums? (Score:1)
Re:why link to freebsdforums? (Score:2)