From owner-freebsd-questions@FreeBSD.ORG Tue Apr 8 14:23:45 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 99400BF5 for ; Tue, 8 Apr 2014 14:23:45 +0000 (UTC) Received: from blue.qeng-ho.org (blue.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1751E1756 for ; Tue, 8 Apr 2014 14:23:44 +0000 (UTC) Received: from fileserver.home.qeng-ho.org (localhost [127.0.0.1]) by fileserver.home.qeng-ho.org (8.14.7/8.14.5) with ESMTP id s38ENZOB037995; Tue, 8 Apr 2014 15:23:35 +0100 (BST) (envelope-from freebsd@qeng-ho.org) Message-ID: <53440667.8060203@qeng-ho.org> Date: Tue, 08 Apr 2014 15:23:35 +0100 From: Arthur Chance User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Matthias Petermann , freebsd-questions@freebsd.org Subject: Re: OpenSSL TLS Heartbeat Security Issue References: <20140408134425.Horde.azH0NUU2X8TUmV9kVtS2MA2@d2ux.org> In-Reply-To: <20140408134425.Horde.azH0NUU2X8TUmV9kVtS2MA2@d2ux.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 14:23:45 -0000 On 08/04/2014 12:44, Matthias Petermann wrote: > Hello, > > anyone able to comment on the impact of: > > http://heartbleed.com/ > > to recent versions of FreeBSD? There's a thread on freebsd-security@ starting at http://lists.freebsd.org/pipermail/freebsd-security/2014-April/007404.html TL;DR: 8.4 & 9.2 not affected *unless* the port version has been installed, and the latest port (1.0.1_10) has the fix. 10.0-REL is vulnerable, security advisory pending.