看板 FB_security 關於我們 聯絡資訊
發信人delphij@delphij.net (Xin Li),
看板FB_security
標 題Re: http://heartbleed.com/
發信站The FreeBSD Project (Tue Apr 8 03:29:18 2014)
轉信站ptt!csnews.cs.nctu!news.cednctu!FreeBSD.cs.nctu!.POSTED!freebsd.org!ow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 4/7/14, 7:27 PM, Mike Tancsa wrote: > On 4/7/2014 5:02 PM, Xin Li wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 >> >> Hi, Thomas, >> >> On 04/07/14 13:49, Thomas Steen Rasmussen wrote: >>> Hello, >>> >>> http://heartbleed.com/ describes an openssl vulnerability >>> published today. We are going to need an advisory for the >>> openssl in base in FreeBSD 10 and we are also going to need an >>> updated port. >>> >>> The implications of this vulnerability are pretty massive, >>> certificates will need to be replaced and so on. I don't want >>> to repeat the page, so go read that. >> >> We are already working on this but building, reviewing, etc. >> would take some time. >> > > Hi, The webpage lists > > FreeBSD 8.4 (OpenSSL 1.0.1e) and 9.1 (OpenSSL 1.0.1c) > > I take it this is only if you installed from the ports no ? That's correct. OpenSSL shipped with the base system in these two releases are not vulnerable because they don't support the extension. Cheers, -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTQ179AAoJEJW2GBstM+nsIa4P/RAXDidWzc01T2ghX4uNFtod C2Wd2k2B6i24LcV3PPub6dQjRI9sMxh9Q/7bIqXctThJ41U9s44P7Zvf6T7Xh/LY YM4FBAFKNiMC+WZsS78pGW6pYIULml66El7sb/G6DNOzjezWlD3MwnPo2S0nibQJ BDJ0pU3BH0A2rvyDWmF7aAveJtEuFPCCovytadStHiFZk3nKMwdN0ariLVq8JFlU s5uqf0rWRXuYIIJ2/Fv9XxUHWi0RrvyXojfdPVNIhEppmdswCzxyb+PLOBbWuZZp 9ma/ELuo8VJmmsP2A0zX2PriejfFtTR7vXP8V3VwP8RvS2YRFH44Bmyllxn2eYYI HbemABH2A5rCiMbEu32AGX7i1HikWScwKNIEJbK35BEIb9g3UGRFuxeRw9J6mTyd 44hMRO1YeyHv/nuSQ+g+d+nzB1dBYSq7YbG5UAPs0v+5fbnoPTU/28olKx1br83H BZdO+y8VUppNnRWL2wvnsbd1M8/nGABNBD9tco9ftlN0jUpFtSXkPEt20JWwZS/l HiD328EnTJKgB5nllizsCDIgaTDUYMeH6Bf8QJ54t+Cfu6sS1YYCv2/ycu5tKfqv yRU6ypV82kye/fRBkFj4JwCOXcPozm+9uPAG9bk1355w+EyKmMrba79BvwtQ+uUj PXJpfmZifPnNDBTXrg2d =FDDO -----END PGP SIGNATURE----- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"