CVE-2014-0160?
Kimmo Paasiala
kpaasial at icloud.com
Fri Apr 11 13:13:02 UTC 2014
On 11.4.2014, at 15.53, sbremal at hotmail.com wrote:
> ext 65281 (renegotiation info, length=1)
> ext 00011 (EC point formats, length=4)
> ext 00035 (session ticket, length=0)
> ext 00015 (heartbeat, length=1) <-- Your server supports heartbeat. Bug is possible when linking against OpenSSL 1.0.1f or older. Let me check.
> Actively checking if CVE-2014-0160 works: Your server appears to be patched against this bug.
>
> Kösz! ;-)
>
> Is there any reason why nightly security patches are not enabled by default in FreeBSD?
>
>
> Cheers
> B.
>
Why do you make such claim? The security patches are very much “enabled” (by using your words) in FreeBSD by default. This assuming that you are in fact aware of the update methods that are available and how they work. And for the update methods and how they work there’s a tremendous amount of information out there, even translated to your native language in some cases if the language barrier is a problem for you.
-Kimmo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140411/c1947494/attachment.sig>
More information about the freebsd-security
mailing list