OpenSSL CVE-2017-3736

Mel Pilgrim list_freebsd at
Mon Nov 13 17:40:47 UTC 2017

On 11/13/2017 08:17, Andrea Venturoli wrote:
> Hello.
> A little bit out of curiosity and a little bit to plan my work...
> I thought any version of FreeBSD would be affected by this 
> vulnerability, but heard nothing on the list.
> Am I wrong? Are we safe?
> Is a SA coming?

OpenSSL in 11.1 is 1.0.2k, so no, no, and yes (hopefully).

> I see devel/openssl was upgraded to 1.0.2m. Are we expected to go the 
> port way?

That's not possible in all cases, but if you can, building with ports 
openssl is a good idea. Also, you'll need to use head, because 
security/openssl in 2017Q4 is still 1.0.2l.

More information about the freebsd-questions mailing list