| version 1.205, 1999/11/17 15:08:39 |
version 1.206, 1999/12/03 00:34:25 |
|
|
| <a name=all></a> |
<a name=all></a> |
| <li><h3><font color=#e00000>All architectures</font></h3> |
<li><h3><font color=#e00000>All architectures</font></h3> |
| <ul> |
<ul> |
| |
<a name=sslUSA></a> |
| |
<li><font color=#009000><strong>SECURITY FIX: Dec 2, 1999</strong></font><br> |
| |
A buffer overflow in the RSAREF code included in the |
| |
USA version of the libssl package (called <strong>sslUSA</strong>, is |
| |
possibly exploitable in httpd, ssh, or isakmpd, if SSL/RSA features |
| |
are enabled or used.<br> |
| |
<strong>NOTE: International users using the ssl26 package are not affected.</strong> |
| |
<p> |
| |
To check what package you are using, use |
| |
<pre> |
| |
<b>#</b> pkg_info sslUSA26 |
| |
</pre> |
| |
The patched library says:<br> |
| |
"ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA" |
| |
<p> |
| |
Non-commercial USA users who installed the ssl package before December 2 |
| |
should upgrade their <strong>sslUSA26</strong> package using:<br> |
| |
<pre> |
| |
<b>#</b> pkg_delete sslUSA26 |
| |
<b>#</b> pkg_add -v sslUSA26.tar.gz |
| |
</pre> |
| |
Using the new <strong>sslUSA26.tar.gz</strong> files which have been placed |
| |
on the FTP mirrors.<br> |
| |
<a href=advisories/sslUSA>For more information, see the advisory</a>. |
| |
<p> |
| <a name=fortran></a> |
<a name=fortran></a> |
| <li><font color=#009000><strong>FUNCTIONALITY ADDITION: Nov 14, 1999</strong></font><br> |
<li><font color=#009000><strong>FUNCTIONALITY ADDITION: Nov 14, 1999</strong></font><br> |
| Fortran doesn't work right. The file /usr/include/g2c.h is missing in the |
Fortran doesn't work right. The file /usr/include/g2c.h is missing in the |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www