08/04/2014 21:44 - Daniel Howard wrote: > Hello, > > Per the heartbleed vulnerability, I'm looking at a vulneranle pfsense > firewall appliance: > > # /usr/bin/openssl version > OpenSSL 0.9.8y 5 Feb 2013 > # /usr/local/bin/openssl version > OpenSSL 1.0.1e 11 Feb 2013 > # ldd /usr/local/sbin/openvpn | grep libssl > libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8007e9000) > > Per Brian Drewery, the port has been fixed, but this appliance does not > have ports installed. > > I see an openssl package here: > ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/Latest/openssl.tbz > > At this moment, the timestamp is January. Can one reasonably expect that > there is a process building updated packages for this branch? Can anyone > advise how long before a new openssl package is published here? Or should > I spin up an 8.3 box to build a package? > > Has anyone else here patched a pfsense appliance yet? Last I saw their fix > ETA is Thursday. > > > Thanks, > -danny > > -- > http://dannyman.toldme.com > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > For pfsense, you should definitely ask this question in the pfsense forum (http://forum.pfsense.org/). Pfsense is essentially a fork of FreeBSD and they have their own type of package system. They just released version 2.1.1 a few days ago, but I doubt it includes the latest patches of openssl. -- Carlo Strub Ports committer _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"