Date: Tue, 8 Apr 2014 12:42:08 -0700 From: Daniel Howard <dannyman@toldme.com> To: freebsd-security@freebsd.org Subject: OpenSSL on 8.3 (pfsense appliance) Message-ID: <CAKU=tE902JL99A3rUwPL5pN%2B4DLNrVpXFAB640UhTMJYx51LMQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello,
Per the heartbleed vulnerability, I'm looking at a vulneranle pfsense
firewall appliance:
# /usr/bin/openssl version
OpenSSL 0.9.8y 5 Feb 2013
# /usr/local/bin/openssl version
OpenSSL 1.0.1e 11 Feb 2013
# ldd /usr/local/sbin/openvpn | grep libssl
libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8007e9000)
Per Brian Drewery, the port has been fixed, but this appliance does not
have ports installed.
I see an openssl package here:
ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/Latest/openssl.tbz
At this moment, the timestamp is January. Can one reasonably expect that
there is a process building updated packages for this branch? Can anyone
advise how long before a new openssl package is published here? Or should
I spin up an 8.3 box to build a package?
Has anyone else here patched a pfsense appliance yet? Last I saw their fix
ETA is Thursday.
Thanks,
-danny
--
http://dannyman.toldme.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKU=tE902JL99A3rUwPL5pN%2B4DLNrVpXFAB640UhTMJYx51LMQ>