old perl vulnerabilitiy
moto kawasaki
moto at kawasaki3.org
Fri Mar 15 14:02:10 UTC 2013
Hi,
Did you try "portaudit -Fda", which downloads the newest portaudit
database.
portaudit downloads it once a couple of days by default, if my memory
is still working.
So, it could be your first node happens to download database today,
but not the other node.
Thank you!
--
moto kawasaki <moto at kawasaki3.org>
From: freebsd at tern.ru
To: freebsd-security at freebsd.org
Subject: old perl vulnerabilitiy
Date:Fri, 15 Mar 2013 17:30:20 +0400
Message-ID: <1472823038.20130315173020 at tern.ru>
freebsd> Hello Freebsd-security,
freebsd>
freebsd> I've got portaudit alarm on perl-5.8.9_7 with regard to
freebsd>
freebsd> perl -- denial of service via algorithmic complexity attack on hashing routines.
freebsd> Reference: http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html
freebsd>
freebsd> But on the other server I have perl-threaded-5.8.9_7
freebsd> and portaudit thinks that it is OK (no problem)
freebsd>
freebsd> Is it correct?
freebsd> It seems to me that threaded perl also should have the same problem.
freebsd>
freebsd> Please advise.
freebsd>
freebsd> PS. I know that it is old and "unsupported" but I don't want to
freebsd> upgrade without serious reason. And, any way, the "behavior" of
freebsd> portaudit seems to me not correct.
freebsd>
freebsd>
freebsd> With best regards,
freebsd> Alexandre Krasnov.
freebsd>
freebsd>
freebsd> _______________________________________________
freebsd> freebsd-security at freebsd.org mailing list
freebsd> http://lists.freebsd.org/mailman/listinfo/freebsd-security
freebsd> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list