From owner-freebsd-security@FreeBSD.ORG Sun Jun 14 23:36:36 2015 Return-Path: Delivered-To: freebsd-security@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B0801B00 for ; Sun, 14 Jun 2015 23:36:36 +0000 (UTC) (envelope-from rollingbits@gmail.com) Received: from mail-yk0-x230.google.com (mail-yk0-x230.google.com [IPv6:2607:f8b0:4002:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 63F02231 for ; Sun, 14 Jun 2015 23:36:36 +0000 (UTC) (envelope-from rollingbits@gmail.com) Received: by ykar6 with SMTP id r6so17800541yka.2 for ; Sun, 14 Jun 2015 16:36:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:to:subject:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=FleD0YnpZAiGzUGrXj+IjCm2w49JH8keAgl3TPlAId0=; b=AlBXgsZbhr/YYeeqO1u9q4gbTDfDL0IUwvUsZFPRRALNEyH9WpowD10Do6SJtd0Dih mkSk4aIo8qj5uKflwiC0bkLjYgbH5k0Fai6PkxtpuD15KhioHChXypCb8PBEshGsns4S 7Yzp0vLhNb6IsyPnynmu6uMOBclB45j4Dc0yC7ED7VSGlZ2RyqtaF+3cGdEskaMMz1lM R8FmMIHEJ5w3JIjg8tVQKhBCVc2mjtSAM6ka2YEVgQ3PqBJgEpx+aUW3iRTyvQRu89XC B3amexiJnr292pj1TTD9UM16lBccpuG3PVwfl90JFDjXK0b3gDc2Dcd4qMnXPXdjvcH6 rpsQ== X-Received: by 10.129.130.196 with SMTP id s187mr30530401ywf.150.1434324995517; Sun, 14 Jun 2015 16:36:35 -0700 (PDT) Received: from clonix.invalid. ([201.82.172.224]) by mx.google.com with ESMTPSA id w6sm4790985ywf.31.2015.06.14.16.36.34 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Sun, 14 Jun 2015 16:36:34 -0700 (PDT) Message-ID: <557e1002.0686810a.1490.6642@mx.google.com> X-Google-Original-Message-ID: <20150614233630.GA1333@clonix.invalid.> Received: from clonix.invalid. (localhost [127.0.0.1]) by clonix.invalid. (8.14.9/8.14.9) with ESMTP id t5ENaVB0001551 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 14 Jun 2015 20:36:31 -0300 (BRT) (envelope-from rollingbits@clonix.invalid) Received: (from rollingbits@localhost) by clonix.invalid. (8.14.9/8.14.9/Submit) id t5ENaVnJ001550 for freebsd-security@freebsd.org; Sun, 14 Jun 2015 20:36:31 -0300 (BRT) (envelope-from rollingbits) Date: Sun, 14 Jun 2015 20:36:31 -0300 From: "rollingbits (Lucas)" To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:10.openssl Mail-Followup-To: freebsd-security@freebsd.org References: <201506120743.t5C7hUdu035884@freefall.freebsd.org> <557ce708.2119ec0a.12bc.7872@mx.google.com> <557D911C.8060101@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VbJkn9YxBvnuCH5J" Content-Disposition: inline In-Reply-To: <557D911C.8060101@FreeBSD.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 23:36:36 -0000 --VbJkn9YxBvnuCH5J Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jun 14, 2015 at 10:35:08AM -0400, Matthew Seaman wrote: > On 13/06/2015 22:28, rollingbits (Lucas) wrote: > > On Fri, Jun 12, 2015 at 07:43:30AM +0000, FreeBSD Security Advisories w= rote: > >> 1) Upgrade your vulnerable system to a supported FreeBSD stable > >> or release / security branch (releng) dated after the correction > >> date. > >=20 > > Do I need rebuild my packages too? >=20 > You need to rebuild and re-install the ports version of OpenSSL, if > you're using it. >=20 > You need to rebuild and re-install anything that is statically > linked against OpenSSL libraries (either ports or base). This is > trickier than it sounds, because you need to either look at the > source code / Makefiles for the software, or use nm(1), objdump(1) > or similar to check for symbols from OpenSSL libraries in your > statically linked binaries. Fortunately, static linking against > OpenSSL is a pretty unusual thing to do. >=20 > Having done the above, you need to restart anything that loads > OpenSSL shared libraries. That tends to be most network-aware > software, so in many cases it might be easier to just reboot. Ok, thank you. --=20 rollingbits -- rollingbits@gmail.com, rollingbits@terra.com.br lucasnm@ig.com.br, rollingbits@yahoo.com, rollingbits@globo.com Get my public GPG key in http://rollingbits.tripod.com/mykey.html --VbJkn9YxBvnuCH5J Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlV+D/EACgkQH56BwuUGQbVwegCgpTt4Y8yHIUpAEHRTDYs0+pUl eYgAoN/1YkFHCE+BIasEWGqRS2CvjI0k =zAIh -----END PGP SIGNATURE----- --VbJkn9YxBvnuCH5J--