On 2015/10/16 18:34, Артур Истомин wrote: > On Thu, Oct 15, 2015 at 08:29:25PM -0400, Ted Unangst wrote: > > The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun > > and memory leak, as reported by Qualys Security. This can be abused by an > > attacker to cause a denial of service in some cases. > > > > Patches are now available for OpenBSD as well as new releases of LibreSSL > > portable. 5.6, 5.7, and 5.8 are affected, as well as all releases of > > LibreSSL. > > > > Note that in addition to the instructions to rebuild libcrypto in the patch, > > some binaries may link statically with libcrypto (isakmpd, iked, ...) and > > need > > rebuilding as well. And services restarted. > > Ted, what exactly binaries need to be rebuilded? isakmpd, iked, ftp(?) > something else?
exactly those three. (ftp is now dynamically linked in -current, but it was static in release, so yes it does need rebuilding there).
