Date: Wed, 9 Apr 2014 15:47:25 +0100 From: "Steven Hartland" <killing@multiplay.co.uk> To: "Karl Denninger" <karl@denninger.net>, <freebsd-security@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl Message-ID: <8A7E8A9A8B034A3498601347FFFF088C@multiplay.co.uk> References: <mailman.384.1397005594.1401.freebsd-security@freebsd.org> <20140409142136.GA871@faust.sbb.rs> <53455877.5020006@denninger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Karl Denninger" <karl@denninger.net> On 4/9/2014 9:21 AM, Zoran Kolic wrote: >> Advisory claims 10.0 only to be affected. Patches to >> branch 9 are not of importance on the same level? >> >> > 9 (and before) were only impacted if you loaded the newer OpenSSL from > ports. A fair number of people did, however, as a means of preventing > BEAST attack vectors. > > If you did, then you need to update that and have all your private keys > re-issued. If you did not then you never had the buggy code in the > first place. Actually they are vulnerable without any ports install just not to CVE-2014-0160 only CVE-2014-0076, both of which where fixed by SA-14:06.openssl Regards Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8A7E8A9A8B034A3498601347FFFF088C>