[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED]
Mike Tancsa
mike at sentex.net
Wed Apr 9 19:14:37 UTC 2014
On 4/9/2014 2:45 PM, Per olof Ljungmark wrote:
> Can someone please shed a little light why this advisory says STABLE/9
> is affected, but
> https://heartbleed.com/
> says it is not?
There are 2 different issues [CVE-2014-0160] and [CVE-2014-0076] in the
FreeBSD advisory.
"OpenSSL multiple vulnerabilities"
^^^^^^^^
The one that impacts 8 and 9 is
A local attacker might be able to snoop a signing process and might recover
the signing key from it. [CVE-2014-0076]
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the freebsd-questions
mailing list