From owner-freebsd-security@FreeBSD.ORG Sun Jun 14 14:35:40 2015 Return-Path: Delivered-To: freebsd-security@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 10150556 for ; Sun, 14 Jun 2015 14:35:40 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A768D7C9 for ; Sun, 14 Jun 2015 14:35:39 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local ([199.119.128.114]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.15.1/8.15.1) with ESMTPSA id t5EEZVxw057057 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Sun, 14 Jun 2015 15:35:33 +0100 (BST) (envelope-from matthew@FreeBSD.org) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org DKIM-Filter: OpenDKIM Filter v2.9.2 smtp.infracaninophile.co.uk t5EEZVxw057057 Authentication-Results: smtp.infracaninophile.co.uk/t5EEZVxw057057; dkim=none reason="no signature"; dkim-adsp=none; dkim-atps=neutral X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host [199.119.128.114] claimed to be liminal.local Message-ID: <557D911C.8060101@FreeBSD.org> Date: Sun, 14 Jun 2015 10:35:08 -0400 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:10.openssl References: <201506120743.t5C7hUdu035884@freefall.freebsd.org> <557ce708.2119ec0a.12bc.7872@mx.google.com> In-Reply-To: <557ce708.2119ec0a.12bc.7872@mx.google.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="m34R7us1Njelx4bRBJPNUuu1Dwfbw68Dx" X-Virus-Scanned: clamav-milter 0.98.7 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-3.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on lucid-nonsense.infracaninophile.co.uk X-Mailman-Approved-At: Sun, 14 Jun 2015 14:56:30 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 14:35:40 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --m34R7us1Njelx4bRBJPNUuu1Dwfbw68Dx Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 13/06/2015 22:28, rollingbits (Lucas) wrote: > On Fri, Jun 12, 2015 at 07:43:30AM +0000, FreeBSD Security Advisories w= rote: >> 1) Upgrade your vulnerable system to a supported FreeBSD stable or >> release / security branch (releng) dated after the correction date. >=20 > Do I need rebuild my packages too? You need to rebuild and re-install the ports version of OpenSSL, if you're using it. You need to rebuild and re-install anything that is statically linked against OpenSSL libraries (either ports or base). This is trickier than it sounds, because you need to either look at the source code / Makefiles for the software, or use nm(1), objdump(1) or similar to check for symbols from OpenSSL libraries in your statically linked binaries. Fortunately, static linking against OpenSSL is a pretty unusual thing to = do. Having done the above, you need to restart anything that loads OpenSSL shared libraries. That tends to be most network-aware software, so in many cases it might be easier to just reboot. Cheers, Matthew --m34R7us1Njelx4bRBJPNUuu1Dwfbw68Dx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iQJ8BAEBCgBmBQJVfZEjXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATKd4QAJfjYyMBH+td3I+SIJCzQjQY 8eUZZ2b6mqwyjTkPXDs+qZFgWrctg05XY8TKGVJDx/crOdZmDyQL37875QKb7Ge2 M3z/ZW49qHwGYnQmFj6yfpQRuPGyP2kKW/lHb8vu85ijs2zoDuGGebVIzBfyfJVR nevuG3zqZC28KPwAMXkTA7pLnI41wW2qeK8fDgwSUyM/SDbdfwaQISAwMucdfNh5 7GEmmpslz33EUStAvSlbN8vUJSzyYKOUqidk+oIKLtBKPM2rE+llS3LNH9iIZR2p bfchvqfjRnZfRqqJRAzUC5A2LElOe4dI6yE/hoFu/+uk27OmmSI3VNwIF20s6KDU o7x2xwPoThoxNKMAKxxxW/Tfz/wVMHEoASLajtRylJSgLqJ/96JyPXwARAxMz4gM z/2/MVgPesVlpTbEagoxKYaZ5ThtC7ncOaIKCuKiPZzIJIV5/YFHA9neEp7HcKuL gKLolYY0LrHIL+uPKdsWIiV/zYwSdlaKCGxzx92InU2i9VJQSQTzmAR3wOasDLBg tIgtDKJ+aba7PRmX6szTulZI6e1/Ln36xutH8Cg+U2U4zcF2g2PT7qZqyaJ8JRPy KIv1hIdqsshT8lUEOLIjNr53q/jecOr60mx2T8O/PcLsjziHgqjEZu7/Dee/qO4d gTnU9ukf5ri14FRaJv3R =Ixx+ -----END PGP SIGNATURE----- --m34R7us1Njelx4bRBJPNUuu1Dwfbw68Dx--