am I NOT hacked?
Dimitry Andric
dim at FreeBSD.org
Sat Apr 26 10:25:13 UTC 2014
On 26 Apr 2014, at 11:55, Joe Parsons <jp4314 at outlook.com> wrote:
> I was slow to patch my multiple vms after that heartbleed disclosure. I just managed to upgrade these systems to 9.2, and installed the patched openssl,
FreeBSD 9.x was never vulnerable to Heartbleed, as you can read in the
security advisory (FreeBSD-SA-14:06.openssl). This is because it still
has OpenSSL 0.9.8, and the feature that contains the Heartbleed problem
was only implemented after OpenSSL 1.0.
That said, the advisory also contained another OpenSSL security problem,
CVE-2014-0076, but that was apparently found less earth-shattering than
Heartbleed. So it is still a good idea to patch up your server(s) and
check for irregularities.
-Dimitry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140426/7288f046/attachment.sig>
More information about the freebsd-security
mailing list