OpenSSL CVE-2017-3736
Mel Pilgrim
list_freebsd at bluerosetech.com
Mon Nov 13 17:40:47 UTC 2017
On 11/13/2017 08:17, Andrea Venturoli wrote:
> Hello.
>
> A little bit out of curiosity and a little bit to plan my work...
>
> I thought any version of FreeBSD would be affected by this
> vulnerability, but heard nothing on the list.
>
> Am I wrong? Are we safe?
> Is a SA coming?
OpenSSL in 11.1 is 1.0.2k, so no, no, and yes (hopefully).
>
> I see devel/openssl was upgraded to 1.0.2m. Are we expected to go the
> port way?
That's not possible in all cases, but if you can, building with ports
openssl is a good idea. Also, you'll need to use head, because
security/openssl in 2017Q4 is still 1.0.2l.
More information about the freebsd-questions
mailing list