Re: old perl vulnerabilitiy
Hi,
Did you try "portaudit -Fda", which downloads the newest portaudit
database.
portaudit downloads it once a couple of days by default, if my memory
is still working.
So, it could be your first node happens to download database today,
but not the other node.
Thank you!
--
moto kawasaki <moto@kawasaki3.org>
From: freebsd@tern.ru
To: freebsd-security@freebsd.org
Subject: old perl vulnerabilitiy
Date:Fri, 15 Mar 2013 17:30:20 +0400
Message-ID: <1472823038.20130315173020@tern.ru>
freebsd> Hello Freebsd-security,
freebsd>
freebsd> I've got portaudit alarm on perl-5.8.9_7 with regard to
freebsd>
freebsd> perl -- denial of service via algorithmic complexity attack on hashing routines.
freebsd> Reference: http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html
freebsd>
freebsd> But on the other server I have perl-threaded-5.8.9_7
freebsd> and portaudit thinks that it is OK (no problem)
freebsd>
freebsd> Is it correct?
freebsd> It seems to me that threaded perl also should have the same problem.
freebsd>
freebsd> Please advise.
freebsd>
freebsd> PS. I know that it is old and "unsupported" but I don't want to
freebsd> upgrade without serious reason. And, any way, the "behavior" of
freebsd> portaudit seems to me not correct.
freebsd>
freebsd>
freebsd> With best regards,
freebsd> Alexandre Krasnov.
freebsd>
freebsd>
freebsd> _______________________________________________
freebsd> freebsd-security@freebsd.org mailing list
freebsd> http://lists.freebsd.org/mailman/listinfo/freebsd-security
freebsd> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 5 之 5 篇):