Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 8 Apr 2014 22:21:53 +0200
From:      Carlo Strub <cs@FreeBSD.org>
To:        dannyman@toldme.com
Cc:        freebsd-security@freebsd.org
Subject:   Re: OpenSSL on 8.3 (pfsense appliance)
Message-ID:  <1396988513.858894.14605605.113546.2@c-st.net>
In-Reply-To: <CAKU=tE902JL99A3rUwPL5pN%2B4DLNrVpXFAB640UhTMJYx51LMQ@mail.gmail.com>
References:  <CAKU=tE902JL99A3rUwPL5pN%2B4DLNrVpXFAB640UhTMJYx51LMQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

08/04/2014 21:44 - Daniel Howard wrote:

> Hello,
> 
> Per the heartbleed vulnerability, I'm looking at a vulneranle pfsense
> firewall appliance:
> 
> # /usr/bin/openssl version
> OpenSSL 0.9.8y 5 Feb 2013
> # /usr/local/bin/openssl version
> OpenSSL 1.0.1e 11 Feb 2013
> # ldd /usr/local/sbin/openvpn | grep libssl
>         libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8007e9000)
> 
> Per Brian Drewery, the port has been fixed, but this appliance does not
> have ports installed.
> 
> I see an openssl package here:
> ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/Latest/openssl.tbz
> 
> At this moment, the timestamp is January.  Can one reasonably expect that
> there is a process building updated packages for this branch?  Can anyone
> advise how long before a new openssl package is published here?  Or should
> I spin up an 8.3 box to build a package?
> 
> Has anyone else here patched a pfsense appliance yet?  Last I saw their fix
> ETA is Thursday.
> 
> 
> Thanks,
> -danny
> 
> -- 
> http://dannyman.toldme.com
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
> 



For pfsense, you should definitely ask this question in the pfsense forum (http://forum.pfsense.org/). Pfsense is essentially a fork of FreeBSD and they have their own type of package system. They just released version 2.1.1 a few days ago, but I doubt it includes the latest patches of openssl.



--
Carlo Strub
Ports committer

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1396988513.858894.14605605.113546.2>