On Mon, Jan 20, 2014 at 3:27 PM, Moshe Katz <[email protected]> wrote:
> 2014-01-14 > FreeBSD-SA-14:03.openssl<http://security.FreeBSD.org/advisories/FreeBSD-SA-14:03.openssl.asc> >> > > pfSense 2.1 release is running OpenSSL 0.9.8y (at least on my machine), > which is not reported <http://www.openssl.org/news/vulnerabilities.html>to be > vulnerable. > Pfsense 2.1 actually has that and the newer version: /usr/bin/openssl is OpenSSL 0.9.8y 5 Feb 2013 /usr/local/bin/openssl is OpenSSL 1.0.1e 11 Feb 2013 All the pfSense specific stuff (such as lighttpd) is linked against 1.0.1. The base system utilities (notably sshd) is against the base system openssl. So yes, it is affected by this advisory. It is a historical artifact that the default PATH has the older openssl before the newer one, and that is unlikely to change based on my interactions with the support team.
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
