Date: Wed, 09 Apr 2014 22:43:09 +0200 From: Per olof Ljungmark <peo@intersonic.se> To: Mike Tancsa <mike@sentex.net>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED] Message-ID: <5345B0DD.8060807@intersonic.se> In-Reply-To: <53459C19.8030000@sentex.net> References: <201404090106.s3916VRm035425@freefall.freebsd.org> <5345955D.5080209@intersonic.se> <53459C19.8030000@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2014-04-09 21:14, Mike Tancsa wrote: > On 4/9/2014 2:45 PM, Per olof Ljungmark wrote: >> Can someone please shed a little light why this advisory says STABLE/9 >> is affected, but >> https://heartbleed.com/ >> says it is not? > > There are 2 different issues [CVE-2014-0160] and [CVE-2014-0076] in the > FreeBSD advisory. > > "OpenSSL multiple vulnerabilities" > ^^^^^^^^ > > The one that impacts 8 and 9 is > > A local attacker might be able to snoop a signing process and might recover > the signing key from it. [CVE-2014-0076] Yes, thanks, I was too quick there - out of nervousness I suppose. //per
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5345B0DD.8060807>