Re: [pfSense] The Heartbleed Bug, CVE-2014-0160

Tue, 08 Apr 2014 13:23:37 -0700 

On Apr 8, 2014, at 12:34 PM, Paul Heinlein <[email protected]> wrote:

> On Tue, 8 Apr 2014, [email protected] wrote:
> 
>> This might not be enough as there are two versions of openssl installed… One 
>> in /usr/bin/openssl and one in /usr/local/bin/openssl
>> 
>> Both should be ok.
> 
> Not on 2.1:
> 
> [2.1-RELEASE]/root(9): /usr/local/bin/openssl version
> OpenSSL 1.0.1e 11 Feb 2013
> 
> Worse, that's the version used by OpenVPN and lighttpd:

Your use of “worse” here merely pours gasoline on an already burning fire.

> [2.1-RELEASE]/root(8): ldd /usr/local/sbin/openvpn
> /usr/local/sbin/openvpn:
>       libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8007e9000)
>       libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x80094f000)
> 
> [2.1-RELEASE]/root(14): ldd /usr/local/sbin/lighttpd
> /usr/local/sbin/lighttpd:
>       libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8007d3000)
>       libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800939000)

The situation is no different with pfSense version 2.1.1, even though the ports 
version of openssl is 1.0.1f.  (1.0.1g is required to be clear of the 
Heartbleed issue.)

[2.1.1-RELEASE][[email protected]]/root(3): /usr/local/bin/openssl 
version
OpenSSL 1.0.1f 6 Jan 2014
[2.1.1-RELEASE][[email protected]]/root(4): /usr/bin/openssl version
OpenSSL 0.9.8y 5 Feb 2013
[2.1.1-RELEASE][[email protected]]/root(5): 

[2.1.1-RELEASE][[email protected]]/root(15): ldd /usr/local/sbin/openvpn
/usr/local/sbin/openvpn:
        liblzo2.so.2 => /usr/local/lib/liblzo2.so.2 (0x8006ca000)
        libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8007e9000)
        libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x80094f000)
        libc.so.7 => /lib/libc.so.7 (0x800c22000)
        libthr.so.3 => /lib/libthr.so.3 (0x800e4f000)
[2.1.1-RELEASE][[email protected]]/root(22): ldd /usr/local/sbin/lighttpd
/usr/local/sbin/lighttpd:
        libpcre.so.3 => /usr/local/lib/libpcre.so.3 (0x800670000)
        libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8007d3000)
        libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800939000)
        libthr.so.3 => /lib/libthr.so.3 (0x800c0c000)
        libc.so.7 => /lib/libc.so.7 (0x800d25000)

As previously mentioned, we’re working on a new release.

jim

_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list

Reply via email to