[matt at openssl.org: Forthcoming OpenSSL release]

Matthew Seaman matthew at FreeBSD.org
Mon Mar 22 13:36:09 UTC 2021

On 22/03/2021 12:14, The Doctor via freebsd-questions wrote:
> ----- Forwarded message from Matt Caswell <matt at openssl.org> -----
> Date: Mon, 22 Mar 2021 09:18:12 +0000
> From: Matt Caswell <matt at openssl.org>
> To: "openssl-project at openssl.org" <openssl-project at openssl.org>,
> 	openssl-announce at openssl.org, "openssl-users at openssl.org"
> 	<openssl-users at openssl.org>
> Subject: Forthcoming OpenSSL release
> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
> 	Thunderbird/78.7.1
> The OpenSSL project team would like to announce the forthcoming
> release of OpenSSL version 1.1.1k.
> This release will be made available on Thursday 25th March 2021
> between 1300-1700 UTC.
> OpenSSL 1.1.1k is a security-fix release. The highest severity issue
> fixed in this release is HIGH:
> https://www.openssl.org/policies/secpolicy.html#high
> Yours
> The OpenSSL Project Team
> ----- End forwarded message -----
> Just got this.
> Does this means FReeBSD 11,12,13 and 14 are affected?

Very likely.  The FreeBSD security team will have seen the same 
announcement from OpenSSL, quite possibly somewhat earlier than you did 
(under embargo though: not publicizing open security holes before 
everyone has had a chance to fix them is quite important) and given they 
agree that this is a high severity issue, will have been working up 
system patches and advisories for release at around the same time.

Typically there will be a more-or-less coordinated release of OS 
security advisories and patches across all affected operating systems 
and distributions.  So, expect to be applying some patches later this 
week, whatever OS you're running.



More information about the freebsd-questions mailing list