[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED]

Mike Tancsa mike at sentex.net
Wed Apr 9 19:14:37 UTC 2014

On 4/9/2014 2:45 PM, Per olof Ljungmark wrote:
> Can someone please shed a little light why this advisory says STABLE/9
> is affected, but
> https://heartbleed.com/
> says it is not?

There are 2 different issues [CVE-2014-0160] and [CVE-2014-0076] in the 
FreeBSD advisory.

"OpenSSL multiple vulnerabilities"

The one that impacts 8 and 9 is

A local attacker might be able to snoop a signing process and might recover
the signing key from it.  [CVE-2014-0076]


Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/

More information about the freebsd-questions mailing list