Derrick Lobo wrote:
How do I verify if BIND and ssh have been upgraded after NetBSD Security Advisory 2008-009 and 008. I updated the files from source and completed the build, however the banner for ssh still shows OpenSSH_4.4 NetBSD_Secure_Shell-20061114, OpenSSL 0.9.8e 23 Feb 2007 does it mean that the updates did not go through or do the banner not get updated for an emergency fix. The date on the src files listed in the advisory have been updated.. RegardsDerrick
Hi,You don't state what release you're on at the moment so I'm going to assume netbsd-4. For 2008-009 the version of BIND was actually upgraded. So if you run '/usr/sbin/named -v' it should report back that you're running 'BIND 9.4.2-P1'. If it reports 'BIND 9.4.1-P1' then something is rotten.
2008-008 is a little more tricky as we didn't upgrade the OpenSSL version for that advisory, it was just a patch to the existing sources. Once more only the libcrypto libraries were updated. I'd check if the source files have been updated (specifically crypto/dist/openssl/crypto/bn/bn_mont.c as stated in the advisory) and the date and time stamps have changed on the /usr/lib/libcrypto* files.
adrian.