Date: Wed, 09 Apr 2014 15:14:33 -0400 From: Mike Tancsa <mike@sentex.net> To: Per olof Ljungmark <peo@intersonic.se>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED] Message-ID: <53459C19.8030000@sentex.net> In-Reply-To: <5345955D.5080209@intersonic.se> References: <201404090106.s3916VRm035425@freefall.freebsd.org> <5345955D.5080209@intersonic.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/9/2014 2:45 PM, Per olof Ljungmark wrote: > Can someone please shed a little light why this advisory says STABLE/9 > is affected, but > https://heartbleed.com/ > says it is not? There are 2 different issues [CVE-2014-0160] and [CVE-2014-0076] in the FreeBSD advisory. "OpenSSL multiple vulnerabilities" ^^^^^^^^ The one that impacts 8 and 9 is A local attacker might be able to snoop a signing process and might recover the signing key from it. [CVE-2014-0076] ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53459C19.8030000>