Date: Thu, 10 Apr 2014 09:24:53 +0800 From: Ke-li Dong <dong.keli@gmail.com> To: freebsd-security@freebsd.org Subject: Re: freebsd-security Digest, Vol 482, Issue 3 Message-ID: <CAE17K-x%2B3NMmRsNX9FPnGoQUkDpq5R9dtLC7g2X5tHhw8H5BhA@mail.gmail.com> In-Reply-To: <mailman.91.1397044802.82446.freebsd-security@freebsd.org> References: <mailman.91.1397044802.82446.freebsd-security@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
help 2014-04-09 20:00 GMT+08:00 <freebsd-security-request@freebsd.org>: > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > freebsd-security-request@freebsd.org > > You can reach the person managing the list at > freebsd-security-owner@freebsd.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of freebsd-security digest..." > > > Today's Topics: > > 1. Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl > (Anton Shterenlikht) > 2. Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl > (Lena@lena.kiev.ua) > 3. Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl > (Anton Shterenlikht) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 9 Apr 2014 09:21:22 +0100 (BST) > From: Anton Shterenlikht <mexas@bris.ac.uk> > To: freebsd-security@freebsd.org > Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl > Message-ID: > <201404090821.s398LMg7020616@mech-cluster241.men.bris.ac.uk> > > >From owner-freebsd-security-notifications@freebsd.org Wed Apr 9 > 00:37:34 2014 > > > >IV. Workaround > > > >No workaround is available, but systems that do not use OpenSSL to > implement > >the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) > >protocols implementation and do not use the ECDSA implementation from > OpenSSL > >are not vulnerable. > > Please help me find out if my systems are vulnerable. > > I use authenticated sendmail with security/cyrus-sasl2: > > # grep SENDMAIL /etc/make.conf > SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 > SENDMAIL_LDFLAGS+= -L/usr/local/lib > SENDMAIL_LDADD+= -lsasl2 > # > > I also use ssh-keygen(1). > > Am I affected? > > Is it possible to list a few sample base OS > programs or libraries which are affected? > > Apologies if I completely misunderstood the advisory. > > Thanks > > > > ------------------------------ > > Message: 2 > Date: Wed, 9 Apr 2014 11:48:09 +0300 > From: Lena@lena.kiev.ua > To: Anton Shterenlikht <mexas@bris.ac.uk> > Cc: freebsd-security@freebsd.org > Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl > Message-ID: <20140409084809.GA2661@lena.kiev> > Content-Type: text/plain; charset=us-ascii > > > >systems that do not use OpenSSL to implement > > >the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS > v1) > > >protocols implementation and do not use the ECDSA implementation from > OpenSSL > > >are not vulnerable. > > > > Please help me find out if my systems are vulnerable. > > > > I use authenticated sendmail with security/cyrus-sasl2: > > > > # grep SENDMAIL /etc/make.conf > > SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 > > SENDMAIL_LDFLAGS+= -L/usr/local/lib > > SENDMAIL_LDADD+= -lsasl2 > > # > > > > I also use ssh-keygen(1). > > > > Am I affected? > > Port mail/sendmail-sasl (sendmail+tls+sasl2-8.14.8) depends on the > openssl port. You need to upgrade the security/openssl port to > openssl-1.0.1_10 and restart sendmail. > > SSH is not affected. > > > Is it possible to list a few sample base OS > > programs or libraries which are affected? > > Besides ports, only FreeBSD 10 base is affected. The recipe was posted > here: > ldd /usr/bin/* /usr/sbin/* /bin/* 2>/dev/null | less > /ssl > > > ------------------------------ > > Message: 3 > Date: Wed, 9 Apr 2014 11:17:45 +0100 (BST) > From: Anton Shterenlikht <mexas@bris.ac.uk> > To: Lena@lena.kiev.ua, mexas@bris.ac.uk > Cc: freebsd-security@freebsd.org > Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl > Message-ID: > <201404091017.s39AHjhO024515@mech-cluster241.men.bris.ac.uk> > > >From Lena@lena.kiev.ua Wed Apr 9 10:43:40 2014 > > > >Port mail/sendmail-sasl (sendmail+tls+sasl2-8.14.8) depends on the > >openssl port. You need to upgrade the security/openssl port to > >openssl-1.0.1_10 and restart sendmail. > > I didn't know about this route of having authenticated > sendmail. It's not mentioned in the handbook: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/SMTP-Auth.html > > Are you saying mail/sendmail-sasl implements > exactly the same functionality as rebuilding > the base OS sendmail, as mentioned in the handbook? > > Thanks > > Anton > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > > ------------------------------ > > End of freebsd-security Digest, Vol 482, Issue 3 > ************************************************ >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE17K-x%2B3NMmRsNX9FPnGoQUkDpq5R9dtLC7g2X5tHhw8H5BhA>