On 26 Apr 2014, at 11:55, Joe Parsons <[email protected]> wrote: > I was slow to patch my multiple vms after that heartbleed disclosure. I just > managed to upgrade these systems to 9.2, and installed the patched openssl,
FreeBSD 9.x was never vulnerable to Heartbleed, as you can read in the security advisory (FreeBSD-SA-14:06.openssl). This is because it still has OpenSSL 0.9.8, and the feature that contains the Heartbleed problem was only implemented after OpenSSL 1.0. That said, the advisory also contained another OpenSSL security problem, CVE-2014-0076, but that was apparently found less earth-shattering than Heartbleed. So it is still a good idea to patch up your server(s) and check for irregularities. -Dimitry
signature.asc
Description: Message signed with OpenPGP using GPGMail
