NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

can't update OpenSSL



i'm trying to patch my system for the "NetBSD Security Advisory
2015-006: OpenSSL and SSLv3 vulnerabilities" but unable to update
OpenSSL.  I have NetBSD v6.1.5 sparc64 port and i thought i could just
execute "cd /usr/pkgsrc && cvs update -dP" and then "cd
/usr/pkgsrc/security/openssl && make update" but when i do that i get
this output:
# make update
===> Checking for vulnerabilities in openssl-1.0.1i
Package openssl-1.0.1i has a multiple-vulnerabilities vulnerability, see
https://www.openssl.org/news/secadv_20141015.txt
Package openssl-1.0.1i has a multiple-vulnerabilities vulnerability, see
http://www.openssl.org/news/secadv_20150108.txt
Package openssl-1.0.1i has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
Package openssl-1.0.1i has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
Package openssl-1.0.1i has a multiple-vulnerabilities vulnerability, see
https://www.openssl.org/news/secadv_20150319.txt
ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URL in
pkg_install.conf(5) if this package is absolutely essential.
*** Error code 1

Stop.
make: stopped in /usr/pkgsrc/security/openssl
*** Error code 1

Stop.
make: stopped in /usr/pkgsrc/security/openssl
#

so it seems like there's no update available yet because in the security
advisory it says the latest version is 1.0.1k.  current version
installed on the system is "OpenSSL 1.0.1i 6 Aug 2014" too.



Home | Main Index | Thread Index | Old Index