version 1.205, 1999/11/17 15:08:39 |
version 1.206, 1999/12/03 00:34:25 |
|
|
<a name=all></a> |
<a name=all></a> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<ul> |
<ul> |
|
<a name=sslUSA></a> |
|
<li><font color=#009000><strong>SECURITY FIX: Dec 2, 1999</strong></font><br> |
|
A buffer overflow in the RSAREF code included in the |
|
USA version of the libssl package (called <strong>sslUSA</strong>, is |
|
possibly exploitable in httpd, ssh, or isakmpd, if SSL/RSA features |
|
are enabled or used.<br> |
|
<strong>NOTE: International users using the ssl26 package are not affected.</strong> |
|
<p> |
|
To check what package you are using, use |
|
<pre> |
|
<b>#</b> pkg_info sslUSA26 |
|
</pre> |
|
The patched library says:<br> |
|
"ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA" |
|
<p> |
|
Non-commercial USA users who installed the ssl package before December 2 |
|
should upgrade their <strong>sslUSA26</strong> package using:<br> |
|
<pre> |
|
<b>#</b> pkg_delete sslUSA26 |
|
<b>#</b> pkg_add -v sslUSA26.tar.gz |
|
</pre> |
|
Using the new <strong>sslUSA26.tar.gz</strong> files which have been placed |
|
on the FTP mirrors.<br> |
|
<a href=advisories/sslUSA>For more information, see the advisory</a>. |
|
<p> |
<a name=fortran></a> |
<a name=fortran></a> |
<li><font color=#009000><strong>FUNCTIONALITY ADDITION: Nov 14, 1999</strong></font><br> |
<li><font color=#009000><strong>FUNCTIONALITY ADDITION: Nov 14, 1999</strong></font><br> |
Fortran doesn't work right. The file /usr/include/g2c.h is missing in the |
Fortran doesn't work right. The file /usr/include/g2c.h is missing in the |