HEADS UP: new openssl

Aggelos Economopoulos aoiko at cc.ece.ntua.gr
Sun Nov 8 14:00:29 PST 2009


Our openssl has been updated to version 0.9.8l which works around
CVE-2009-3555 (see for instance http://extendedsubset.com/ or
http://www.securityfocus.com/bid/36935). The vulnerability allows data
injection by man-in-the-middle attackers, so you are advised to upgrade
to the latest version by installing a current world and rebuilding any
binaries that are linked statically against openssl. SSH is not affected.

The new openssl has also been merged into the 2.4 release branch. If you
are running 2.4 or 2.4.1, you can

git clone $mirror
git checkout origin/DragonFly_RELEASE_2_4
make buildworld
make buildkernel
make installkernel
make installworld
make upgrade

and restart all daemons that rely on openssl (you can do that by
rebooting the machine if you are not sure which those are).

Aggelos






More information about the Users mailing list