From owner-freebsd-security Fri Mar 21 1:43:37 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4647437B401 for ; Fri, 21 Mar 2003 01:43:35 -0800 (PST) Received: from smtpzilla3.xs4all.nl (smtpzilla3.xs4all.nl [194.109.127.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id A325943F85 for ; Fri, 21 Mar 2003 01:43:33 -0800 (PST) (envelope-from rosc@imc.nl) Received: from imc.nl ([212.123.215.10]) by smtpzilla3.xs4all.nl (8.12.0/8.12.0) with ESMTP id h2L9hVNj027714 for ; Fri, 21 Mar 2003 10:43:32 +0100 (CET) Message-ID: <3E7ADFAE.3000509@imc.nl> Date: Fri, 21 Mar 2003 10:47:26 +0100 From: Roelf Schreurs User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Patch for OpenSSL and freebsd 4.4 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi I was wondering if there will be a patch release for the 2 new OpenSSl vulnerabilities found this week? "Researchers have discovered a timing attack on RSA keys to which OpenSSL is vulnerable." "Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0." -- Roelf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message