On 08.04.14 15:45, Mike Tancsa wrote:
I am trying to understand the implications of this bug in the
context of a vulnerable client, connecting to a server that does not
have this extension. e.g. a client app linked against 1.xx thats
vulnerable talking to a server that is running
On 4/8/2014 10:09 AM, Merijn Verstraaten wrote:
On Apr 8, 2014, at 15:45 , Mike Tancsa wrote:
Hi,
I am trying to understand the implications of this bug in the context
of a vulnerable client, connecting to a server that does not have this
extension. e.g. a client app linked against
On Apr 8, 2014, at 15:45 , Mike Tancsa wrote:
Hi,
I am trying to understand the implications of this bug in the context
of a vulnerable client, connecting to a server that does not have this
extension. e.g. a client app linked against 1.xx thats vulnerable talking to
a server that
While it may not be quite what you're looking for, ports contains
OpenSSL 1.0.1g.
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
On 4/8/2014 1:42 PM, Chris Nehren wrote:
later, FreeBSD remains unpatched. There are many worried
sysadmins and other users in #freebsd and elsewhere wondering
what's going on and when their systems will be patched. So far
all we have is an unofficial gist on github and some discussion
here
On Tue, 8 Apr 2014 10:46:12 -0700
Mark Boolootian boo...@ucsc.edu wrote:
While it may not be quite what you're looking for, ports contains
OpenSSL 1.0.1g.
And also FreeBSD 8.x/9.x not affected because have 0.9.x OpenSSL in base.
___
Someone please correct me if I'm wrong, but I think simply adding
-DOPENSSL_NO_HEARTBEATS to crypto/openssl/Makefile (and recompiling!) is
sufficient to remove the vulnerability from the base system.
-nd.
___
freebsd-security@freebsd.org mailing list
On 08.04.14 20:05, Nathan Dorfman wrote:
Someone please correct me if I'm wrong, but I think simply adding
-DOPENSSL_NO_HEARTBEATS to crypto/openssl/Makefile (and recompiling!) is
sufficient to remove the vulnerability from the base system.
You forgot to mention installing, but yes.
Unless I misunderstood earlier emails, the heartbeat extension os ALREADY
disabled in base, therefore FreeBSD base isn't vulnerable and the only problem
is people who installed a newer OpenSSL from ports.
Cheers,
Merijn
- Reply message -
From: Nathan Dorfman n...@rtfm.net
To: Mike
On 04/08/14 20:17, Merijn Verstraaten wrote:
Unless I misunderstood earlier emails, the heartbeat extension os ALREADY
disabled in base, therefore FreeBSD base isn't vulnerable and the only problem
is people who installed a newer OpenSSL from ports.
It would be nice, if so@ would send out
Are you sure about that? The only email I saw stated that FreeBSD 8.x
and 9.x weren't vulnerable because they were using an older OpenSSL,
from before the vulnerability was introduced.
FreeBSD 10-STABLE, on the other hand, seems to use the vulnerable
OpenSSL 1.0.1e, and I didn't immediately see
On 8 April 2014 14:45, Nathan Dorfman n...@rtfm.net wrote:
Are you sure about that? The only email I saw stated that FreeBSD 8.x
and 9.x weren't vulnerable because they were using an older OpenSSL,
from before the vulnerability was introduced.
That is correct.
FreeBSD 10-STABLE, on the other
On 8 April 2014 14:53, Ed Maste ema...@freebsd.org wrote:
I see that the fixes were committed a few minutes ago:
Oops, some typos in the revision numbers in my last email (but the
links were fine) -- here are the correct revision numbers:
FreeBSD current: r264265
Plenty of FreeBSD deployments use 1.0.1x due to the lack of TLS 1.2
support in 0.9.x. So thats not an excuse.
On 08.04.2014 19:50, Andrei wrote:
On Tue, 8 Apr 2014 10:46:12 -0700
Mark Boolootian boo...@ucsc.edu wrote:
While it may not be quite what you're looking for, ports contains
OpenSSL
Uh, an excuse for what exactly? You must be talking about installing
1.0.1 from the ports. That was fixed yesterday by updating the version
in ports to 1.0.1g:
http://svnweb.freebsd.org/ports?view=revisionrevision=350548
-nd.
On Tue, Apr 8, 2014 at 2:54 PM, Niklaus Schiess nschi...@adversec.com
On 4/8/2014 2:54 PM, Niklaus Schiess wrote:
Plenty of FreeBSD deployments use 1.0.1x due to the lack of TLS 1.2
support in 0.9.x. So thats not an excuse.
The FreeBSD security team only maintains advisories for the base
distributions. What people install from the ports are not covered by
Florent Peterschmitt wrote this message on Tue, Apr 08, 2014 at 20:39 +0200:
On 08/04/2014 19:46, Mark Boolootian wrote:
While it may not be quite what you're looking for, ports contains
OpenSSL 1.0.1g.
Why not moving critical parts of the basesystem to ports, that will be
installed at
08/04/2014 21:44 - Daniel Howard wrote:
Hello,
Per the heartbleed vulnerability, I'm looking at a vulneranle pfsense
firewall appliance:
# /usr/bin/openssl version
OpenSSL 0.9.8y 5 Feb 2013
# /usr/local/bin/openssl version
OpenSSL 1.0.1e 11 Feb 2013
# ldd /usr/local/sbin/openvpn |
Do we need to fetch them from the Internet?
Local packages can do the job, nope? But it will lead to kind of
bootstrapping… or everything as packages bootstrapped once for all.
And yes, it will not be some pie (a french stock phrase meaning it will
be hard, translated word for word :) ).
On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
(Adding Bryan who asked this and Ben who is the maintainer as they
might have some saying here; moving to public list as there is no
sensitive information in this discussion).
On 04/08/14 14:29, Thierry Thomas wrote:
Hello,
I've just rebuilt a
On Tue, Apr 08, 2014 at 15:47:29 -0700, Xin Li wrote:
What would be the preferable way of representing the patchlevel? We
can do it as part of a EN batch at later time. (Note though, even
without this the user or an application can still use
freebsd-version(1) on FreeBSD 10.0-RELEASE and up
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 04/08/14 15:58, Chris Nehren wrote:
On Tue, Apr 08, 2014 at 15:47:29 -0700, Xin Li wrote:
What would be the preferable way of representing the patchlevel?
We can do it as part of a EN batch at later time. (Note though,
even without this the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-14:05.nfsserver Security Advisory
The FreeBSD Project
Topic:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-14:06.opensslSecurity Advisory
The FreeBSD Project
Topic:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-14:06.opensslSecurity Advisory
The FreeBSD Project
Topic:
25 matches
Mail list logo