NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Verifying updates to source



Derrick Lobo wrote:
How do I verify if BIND and ssh have been upgraded after NetBSD Security
Advisory 2008-009 and 008. I updated the files from source and completed the
build, however the banner for ssh still shows OpenSSH_4.4
NetBSD_Secure_Shell-20061114, OpenSSL 0.9.8e 23 Feb 2007 does it mean that
the updates did not go through or do the banner not get updated for an
emergency fix. The date on the src files listed in the advisory have been
updated..


Regards

Derrick



Hi,

You don't state what release you're on at the moment so I'm going to assume netbsd-4. For 2008-009 the version of BIND was actually upgraded. So if you run '/usr/sbin/named -v' it should report back that you're running 'BIND 9.4.2-P1'. If it reports 'BIND 9.4.1-P1' then something is rotten.

2008-008 is a little more tricky as we didn't upgrade the OpenSSL version for that advisory, it was just a patch to the existing sources. Once more only the libcrypto libraries were updated. I'd check if the source files have been updated (specifically crypto/dist/openssl/crypto/bn/bn_mont.c as stated in the advisory) and the date and time stamps have changed on the /usr/lib/libcrypto* files.

adrian.


Home | Main Index | Thread Index | Old Index