Date: Sat, 26 Apr 2014 12:24:51 +0200 From: Dimitry Andric <dim@FreeBSD.org> To: Joe Parsons <jp4314@outlook.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: am I NOT hacked? Message-ID: <039246EB-21D1-48C1-9D59-F3C9F8D8C74D@FreeBSD.org> In-Reply-To: <BAY180-W44C86C61CA8027AC418DD8C4450@phx.gbl> References: <BAY180-W44C86C61CA8027AC418DD8C4450@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_4312382A-7049-4883-A9E6-5BEAC11EBEFC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 26 Apr 2014, at 11:55, Joe Parsons <jp4314@outlook.com> wrote: > I was slow to patch my multiple vms after that heartbleed disclosure. = I just managed to upgrade these systems to 9.2, and installed the = patched openssl, FreeBSD 9.x was never vulnerable to Heartbleed, as you can read in the security advisory (FreeBSD-SA-14:06.openssl). This is because it still has OpenSSL 0.9.8, and the feature that contains the Heartbleed problem was only implemented after OpenSSL 1.0. That said, the advisory also contained another OpenSSL security problem, CVE-2014-0076, but that was apparently found less earth-shattering than Heartbleed. So it is still a good idea to patch up your server(s) and check for irregularities. -Dimitry --Apple-Mail=_4312382A-7049-4883-A9E6-5BEAC11EBEFC Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlNbiYAACgkQsF6jCi4glqM5dACeIwuJ3dwz70PMnyjIO+tNhQyh AGQAn1wbsmgtJlPrgkrriTzhsCcb3sUE =EAmz -----END PGP SIGNATURE----- --Apple-Mail=_4312382A-7049-4883-A9E6-5BEAC11EBEFC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?039246EB-21D1-48C1-9D59-F3C9F8D8C74D>