Subject: Re: Security Issues
To: None <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 08/01/2002 08:02:57
In message <20020801081449.30DB54B22@coconut.itojun.org>, firstname.lastname@example.org wri
>>I've seen last days three security advisories from FreeBSD (problems with
>>OpenSSL, pppd and rpc) but none from NetBSD. Is NetBSD unaffected by these
>>three bugs ?
> yes for all, and advisories are under preparation.
It would be a good idea, I think, to try to get out very early warning
notices in such cases. The NetBSD community should know of possible
vulnerabilities that appear to apply, even before fixes are ready.
That way, people can turn off services, block ports, etc., as
necessary. (As an example -- I just saw a pointer to
(though I know nothing more about it). From a quick 'find' on my
system, updated yesterday to 1-6beta6, I don't *think* NetBSD is
currently affected -- but I needed to know about that in order to do
A more complete advisory, when the fix is ready (or found not to be
needed) is still necessary, of course.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)