FreeBSD Security Advisory FreeBSD-SA-14:06.openssl
Anton Shterenlikht
mexas at bris.ac.uk
Wed Apr 9 08:21:54 UTC 2014
>From owner-freebsd-security-notifications at freebsd.org Wed Apr 9 00:37:34 2014
>
>IV. Workaround
>
>No workaround is available, but systems that do not use OpenSSL to implement
>the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
>protocols implementation and do not use the ECDSA implementation from OpenSSL
>are not vulnerable.
Please help me find out if my systems are vulnerable.
I use authenticated sendmail with security/cyrus-sasl2:
# grep SENDMAIL /etc/make.conf
SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS+= -L/usr/local/lib
SENDMAIL_LDADD+= -lsasl2
#
I also use ssh-keygen(1).
Am I affected?
Is it possible to list a few sample base OS
programs or libraries which are affected?
Apologies if I completely misunderstood the advisory.
Thanks
More information about the freebsd-security
mailing list