HEADS UP: new openssl
Aggelos Economopoulos
aoiko at cc.ece.ntua.gr
Sun Nov 8 14:00:29 PST 2009
Our openssl has been updated to version 0.9.8l which works around
CVE-2009-3555 (see for instance http://extendedsubset.com/ or
http://www.securityfocus.com/bid/36935). The vulnerability allows data
injection by man-in-the-middle attackers, so you are advised to upgrade
to the latest version by installing a current world and rebuilding any
binaries that are linked statically against openssl. SSH is not affected.
The new openssl has also been merged into the 2.4 release branch. If you
are running 2.4 or 2.4.1, you can
git clone $mirror
git checkout origin/DragonFly_RELEASE_2_4
make buildworld
make buildkernel
make installkernel
make installworld
make upgrade
and restart all daemons that rely on openssl (you can do that by
rebooting the machine if you are not sure which those are).
Aggelos
More information about the Users
mailing list