From owner-freebsd-security@FreeBSD.ORG Wed Apr 9 22:16:31 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 77DD9E11 for ; Wed, 9 Apr 2014 22:16:31 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5E6801A4D for ; Wed, 9 Apr 2014 22:16:31 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [69.198.165.132]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 2DE841396B; Wed, 9 Apr 2014 15:16:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1397081789; bh=LlJBeSq8nmEQLUQHGIrvdb3pDGcij0Ybb12fgXuG6cc=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To; b=lBawHO8k0cIUfqbQkG44DZeBITcqx30shpTRFPAcT7Jdo+u19e7DBxaFKkNnXzpx5 Ei90us5AueNbde8CHg/wh0LAYVoohRTtlcyGKohkBA0N42aR9OCx6IQ/sFsUB21q4z IDrCX3ynlPGAeNEPMGyI5IqfT3moVKTfl+yZepmk= Message-ID: <5345C699.8050909@delphij.net> Date: Wed, 09 Apr 2014 15:15:53 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: "Ronald F. Guilmette" , freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl References: <39145.1397081511@server1.tristatelogic.com> In-Reply-To: <39145.1397081511@server1.tristatelogic.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Apr 2014 22:16:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 04/09/14 15:11, Ronald F. Guilmette wrote: > > In message <20140409084809.GA2661@lena.kiev>, Lena@lena.kiev.ua > wrote: > >> Port mail/sendmail-sasl (sendmail+tls+sasl2-8.14.8) depends on >> the openssl port. You need to upgrade the security/openssl port >> to openssl-1.0.1_10 and restart sendmail. > > I am running 9.1-RELEASE and Apache _without_ any support for > https. > > I am however also running Postfix as my mail server. > > Am I affected? If no security/openssl installed -- you are not. If security/openssl is installed and is older than 1.0.1_10, and postfix is configured to use SSL/TLS, and linked against the port OpenSSL (if they are built after OpenSSL port is installed, consider this as a "Yes", confirm with ldd /usr/local/libexec/postfix/smtpd and see if there is /usr/local/lib/libcrypto.so.8), then you are affected. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTRcaZAAoJEJW2GBstM+nsPGAP+gJeyMYNKpZznlotKdh1Mxp3 nMYSDToOMZU09qURjL93ox94CP5dGpMtl9phYhOdmjyux+7d5GvlbuWgi2ZZnI7L YDWaQObTdsDLOQ1Szhm+drf+p7eYZ3Bs1fFBD0unUW9yI1kAtk3L4ry6+jgjIJnd ZEMfK2R+fNA/L6srKdIBYUt8rLcitUGHgqT1yN1ULckVv2os86FIGfd41BQiFBMR +4yc4m5TkrF/9FsWfR9+b2LwgqkuGzQdIgSmDNaLz0Owt3YMaApc0TpryZEhNDjW f94RzxKqyzHtr7OI2EQd+5d0CyzZAOch7b/NshOwTQGFkQU8u6AUld0nUyubGWWG fIUMOB7unDe04BKk5Ic8O+U57v9NOqastjekzzjDgEOqIYk/2W3lvnFuEbJnfTyI yvBcagDjTMWZKeSjWZne1ZcShc+pu3IP00b+SXj8DbLWSb49aKpcm/wTeI80OrLM l1k7nqufQZEGqqQslsZq/YpMw1p2wlCDEGL7culk+qnN1JebFjUn2kWrkBnPwF86 hcQ0oZdy0WPkQkb6s+hra4wEU2wx6/NtUwmjdji3FHEMBCzNUXvwkgVJMuToTmzG QrmmMthXge//aPPxWNC5slz/7558kewi9BmSRIT5pYIqArMe59ZgTxAcm614HSaG KjmrsuxwQ4codXgbthfe =z2Rc -----END PGP SIGNATURE-----