Four New Security Advisories Released for NetBSD

Four New Security Advisories Released for NetBSD 18

Posted by michael on Thursday March 27, 2003 @10:33AM from the patches-for-everyone dept.

Dan writes "The NetBSD security team has issued Four NetBSD Security Advisories. (1) Format string vulnerability in zlib gzprintf(): a buffer overflow can result in arbitrary code execution. (2) RSA timing attack in OpenSSL code can enable remote recovery of private keys, from a host with low-latency access to the server - such as the local host, or a host on the LAN. (3) Encryption weakness in OpenSSL code enables an attacker to perform crypto operations using server's private keys. Finally (4), faulty length checks in xdrmem_getbytes (within libc) are susceptible to integer overflows that affect memory allocation in their local buffers."

Four New Security Advisories Released for NetBSD

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 18 Comments Log In/Create an Account

Comments Filter:

why link to freebsdforums? (Score:3, Informative)

by kenfrid ( 244776 ) writes: on Thursday March 27, 2003 @12:12PM (#5607621)

Why link to freebsdforums when you can get the original announcement here [netbsd.org]?

- Re:why link to freebsdforums? (Score:2)
  
  by josepha48 ( 13953 ) writes:
  
  Yeah, and you can get it a day earlier...
  time to update the system again...
  Its times like this that I wish BSD's package management system allowed one to upgrade only part of the system without getting the source or doing an upgrade.... That is one thing I do like about linux's rpm. Its easeier to upgrade IMHO.
  Oh well this way I get the latest build, who knows maybe they'll have wsmoused in it....
  - Re:why link to freebsdforums? (Score:3, Interesting)
    
    by flynn_nrg ( 266463 ) writes:
    
    Some people are already working on that in the -CURRENT tree. It's called syspkg. See the original post here [netbsd.org]
  - Re:why link to freebsdforums? (Score:4, Informative)
    
    by jschauma ( 90259 ) writes: on Thursday March 27, 2003 @05:34PM (#5610391) Homepage
    
    Hmm, while you _do_ have to get the source (as if that was a bad thing!), it's certainly very simple to update only the relevant parts. As the SA states, you do not need to update the entire system but can simply do:
    
    # cd src
    
    # cvs update -d -P -r netbsd-1-6 lib/libz/gzio.c
    
    # cd lib/libz
    
    # make USETOOLS=no cleandir dependall
    
    # make USETOOLS=no install
    
    (Similarly for the other advisories.)
    This is not really very difficult.
    
    - Re:why link to freebsdforums? (Score:1)
      
      by vesamies ( 240247 ) writes:
      
      This very surely is very difficult!
    - Re:why link to freebsdforums? (Score:2)
      
      by josepha48 ( 13953 ) writes:
      
      not an option when you have a system with a small drive...

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Four New Security Advisories Released for NetBSD 18

Four New Security Advisories Released for NetBSD More Login

Four New Security Advisories Released for NetBSD

why link to freebsdforums? (Score:3, Informative)

Re:why link to freebsdforums? (Score:2)

Re:why link to freebsdforums? (Score:3, Interesting)

Re:why link to freebsdforums? (Score:4, Informative)

Re:why link to freebsdforums? (Score:1)

Re:why link to freebsdforums? (Score:2)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot