LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
NetBSD: Multiple Addendums to recent advisories Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
NetBSD Here are three mailings from the NetBSD announce list that discuss various gotchas with the recent advisories.

On Thu, Feb 19, 2004 at 08:36:46AM -0500, NetBSD Security-Officer wrote:


>> * NetBSD 1.6, 1.6.1:
>>


[...]
 

>> 		# cd lib/libcrypto
>> 		# make cleandir dependall
>> 		# make install
>> 		# cd ../../lib/libssl
>> 		# make cleandir dependall
>> 		# make install
>>


Build fails if there is no toolchain installed.

Commands

	make USETOOLS=no cleandir dependall
	make USETOOLS=no install

works better.

Or is there reason that NetBSD's toolchain should be used?

I think same applies also:


>> * NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:


Thanks,

-- Ossi Herrala, OH8HUB PGP key ID: 0x78CD0337 Fingerprint: D343 F9C4 C739 DFFF F619 6170 8D28 8189 78CD 0337 

-=-=-=-=-=-=-=-=-=-=-=-=-

>> I followed the instructions in 'NetBSD Security Advisory 2004-002' and 
>> this is what I got when rebuilding my kernel:
>>
>> /usr/src/sys/arch/i386/compile/FOOBAR/../../../../netinet/ip_input.c:1808: 
>> warning: implicit declaration of function `rt_timer_queue_remove_all'
>> *** Error code 1


You need to also update sys/net/route.c and sys/net/route.h,
apparently.  These belong together, as seen in doc/CHANGES-1.6.2:

sys/net/route.h                                 1.32
sys/net/route.c                                 1.55
sys/netinet/ip_input.c                          1.163 (via patch)

        Remove all entries in rt timer queue on ip_mtudisc change, instead
        of destroying the queue.
        [itojun, ticket #984]

Yes, it appears that the security advisory is not complete as it
stands right now.

Regards,

- HÃ¥vard

-=-=-=-=-=-=-=-=-=-=-=-=-=-
-----BEGIN PGP SIGNED MESSAGE-----


NetBSD Security-Officer recently published 4 Security Advisories.

We have received a number of notes from people that the PGP signatures
on these were bad. This has been corrected, and re-signed copies
published at:
 
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc 
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-002.txt.asc 
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc 
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc

As always, these locations will contain the most up-to-date versions
of the Advisories, if any other changes are required as new
information comes to hand.

The problem has been traced to an error in committing the signed text
into CVS. Normally, this is done so that the original CVS revision
tags are retained after signing, but on this occasion that step was
unfortunately omitted. The Security Advisories recently mailed out had
CVS revisions updated for the commit of the signed content, breaking
the signature.

We apologise for this error, and thank all those who pointed out the
problem.

- --
NetBSD Security-Officer



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iQCVAwUBQDU+Hj5Ru2/4N2IFAQEKZwQAho4sv1ErIbnZTNBo0aPOcAonvH0DY+ec
euP9ptQtdkyoA3pOc+LLfF6QEtLZ4Im+0mp/Q1Ew4mbBa49frRSHHOCDnshw1Has
PkY4f3/LzjVWjB2nFv4njDwbgCbfvrF7IeD+lzFUrnqAzHAu5uw4hpRd9P4KmQdH
ceapPKFYARg=
=Uivf
-----END PGP SIGNATURE-----

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.