headers
comfooc | 21 Apr 2008 23:17
Picon

openssl speed part 2

Hello, I've updated system to the NetBSD-current (with opencrypto improvement).
I didn't notice significant performance improvement as a matter of
fact OpenSSL with perl is still two times better than one without. So
ssh transfer rates are still low.

Cheers...

With  perl:

OpenSSL 0.9.8g 19 Oct 2007
built on: Wed Apr  9 19:09:48 CEST 2008
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long)
aes(partial) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -pthread
-D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O2 -mmmx -msse
-mtune=pentium3 -march=pentium3 -pipe -O2 -DL_ENDIAN -DTERMIOS -O3
-fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS
-DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
available timing options: USE_TOD HZ=100 [sysconf value]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md2                434.55k      938.39k     1322.92k     1474.75k     1525.56k
mdc2                 0.00         0.00         0.00         0.00         0.00
md4               2936.95k    10678.82k    33880.37k    73907.26k   112942.80k
md5               2446.63k     8884.57k    27089.53k    54867.74k    77392.82k
hmac(md5)         4300.14k    14269.69k    37790.81k    64430.43k    78934.13k
sha1              2330.37k     7787.09k    20313.70k    33964.94k    42288.17k
rmd160            2176.58k     6816.74k    16250.08k    24889.27k    29489.08k
rc4              54190.07k    59411.69k    64501.92k    65627.58k    65356.25k
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security-Officer | 22 Apr 2008 00:30
Picon

NetBSD Security Advisory 2008-004: bzip2(1) Multiple issues


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Advisory 2008-004
		 =================================

Topic:		bzip2(1) Multiple issues

Version:	NetBSD-current:		affected
		NetBSD 4.0:		affected
		NetBSD 3.1.*:		affected
		NetBSD 3.1:		affected
		NetBSD 3.0:		affected
		NetBSD 3.0.*:		affected

Severity:	Denial of Service and Race Condition

Fixed:		NetBSD-current:		March 18, 2008
		NetBSD-4 branch:	March 24, 2008
			(4.1 will include the fix)
		NetBSD-4-0 branch:	March 24, 2008
			(4.0.1 will include the fix)
		NetBSD-3-1 branch:	March 26, 2008
			(3.1.2 will include the fix)
		NetBSD-3-0 branch:	March 26, 2008
			(3.0.4 will include the fix)
		NetBSD-3 branch:	March 26, 2008
			(3.2 will include the fix)
		pkgsrc:			bzip2-1.0.5 corrects the issue
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security-Officer | 22 Apr 2008 00:30
Picon

NetBSD Security Advisory 2008-005: OpenSSH Multiple issues


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Advisory 2008-005
		 =================================

Topic:		OpenSSH Multiple issues

Version:	NetBSD-current:		affected
		NetBSD 4.0:		affected
		NetBSD 3.1.*:		affected
		NetBSD 3.1:		affected
		NetBSD 3.0:		affected
		NetBSD 3.0.*:		affected

Severity:	ForceCommand bypass and X11 session hijacking

Fixed:		NetBSD-current:		April 05, 2008
		NetBSD-4 branch:	April 07, 2008
			(4.1 will include the fix)
		NetBSD-4-0 branch:	April 07, 2008
			(4.0.1 will include the fix)
		NetBSD-3-1 branch:	April 08, 2008
			(3.1.2 will include the fix)
		NetBSD-3-0 branch:	April 08, 2008
			(3.0.4 will include the fix)
		NetBSD-3 branch:	April 08, 2008
			(3.2 will include the fix)
		pkgsrc:			openssh-4.7.1nb3 corrects the issue
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security-Officer | 22 Apr 2008 00:31
Picon

NetBSD Security Advisory 2008-006: Integer overflow in strfmon(3) function


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Advisory 2008-006
		 =================================

Topic:		Integer overflow in strfmon(3) function

Version:	NetBSD-current:		affected
		NetBSD 4.0:		affected
		NetBSD 3.1.*:		unaffected
		NetBSD 3.1:		unaffected
		NetBSD 3.0:		unaffected
		NetBSD 3.0.*:		unaffected

Severity:	Local user may be able to execute arbitrary code

Fixed:		NetBSD-current:		March 18, 2008
		NetBSD-4 branch:	March 19, 2008
			(4.1 will include the fix)
		NetBSD-4-0 branch:	March 19, 2008
			(4.0.1 will include the fix)

Abstract
========

The strfmon() function contains multiple integer overflows which can be
exploited by a local attacker to cause a crash or potentially execute
arbitrary code.
(Continue reading)

Permalink | Reply | 0 comments |
headers
史斌 | 28 Apr 2008 11:23
Picon

about the NetBSD-SA2008-003

As the announcement on 
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-003.txt.asc and
http://www.netbsd.org/support/security/patches-3.1.1.html

1. This security problem affected NetBSD-3.1 release and did not affect
   NetBSD-3.1.1 release.

2. NetBSD-3.1.2 which will be released in the future contains
   the fixed.

3. It can be fixed by fixing sys/netinet6/ipcomp_input.c

   However, I found the source file sys/netinet6/ipcomp_input.c in
NetBSD-3.1.1 release is same to the file in the NetBSD-3.1 release, 
and is different from the file in the source tree of NetBSD-3-1 branch.

   Does it mean that the file in NetBSD-3.1 is not fixed and the 
file in the source tree of NetBSD-3-1 branch is fixed?

   If it is true, why NetBSD-3.1 release is affected but NetBSD-3.1.1
release is not?

   Thank you.
Permalink | Reply | 1 comment |
headers
Adrian Portelli | 28 Apr 2008 13:46
Picon

Re: about the NetBSD-SA2008-003

史斌 wrote:
> As the announcement on 
> ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-003.txt.asc and
> http://www.netbsd.org/support/security/patches-3.1.1.html
> 
> 1. This security problem affected NetBSD-3.1 release and did not affect
>    NetBSD-3.1.1 release.
> 
> 2. NetBSD-3.1.2 which will be released in the future contains
>    the fixed.
> 
> 3. It can be fixed by fixing sys/netinet6/ipcomp_input.c
> 
>    However, I found the source file sys/netinet6/ipcomp_input.c in
> NetBSD-3.1.1 release is same to the file in the NetBSD-3.1 release, 
> and is different from the file in the source tree of NetBSD-3-1 branch.
> 
>    Does it mean that the file in NetBSD-3.1 is not fixed and the 
> file in the source tree of NetBSD-3-1 branch is fixed?
> 
>    If it is true, why NetBSD-3.1 release is affected but NetBSD-3.1.1
> release is not?
> 
>    Thank you.

Hi,

This is a problem with the advisory.  In the 'Version' section it should 
  also state that the NetBSD 3.1.* releases are affected.  I'll update 
this later today and re-issue the advisory.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane