FreeBSD Security Advisory FreeBSD-SA-14:06.openssl
Steven Hartland
killing at multiplay.co.uk
Wed Apr 9 14:47:40 UTC 2014
----- Original Message -----
From: "Karl Denninger" <karl at denninger.net>
On 4/9/2014 9:21 AM, Zoran Kolic wrote:
>> Advisory claims 10.0 only to be affected. Patches to
>> branch 9 are not of importance on the same level?
>>
>>
> 9 (and before) were only impacted if you loaded the newer OpenSSL from
> ports. A fair number of people did, however, as a means of preventing
> BEAST attack vectors.
>
> If you did, then you need to update that and have all your private keys
> re-issued. If you did not then you never had the buggy code in the
> first place.
Actually they are vulnerable without any ports install just not to
CVE-2014-0160 only CVE-2014-0076, both of which where fixed by
SA-14:06.openssl
Regards
Steve
More information about the freebsd-security
mailing list