Date: Wed, 9 Apr 2014 09:21:22 +0100 (BST) From: Anton Shterenlikht <mexas@bris.ac.uk> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl Message-ID: <201404090821.s398LMg7020616@mech-cluster241.men.bris.ac.uk> In-Reply-To: <201404082334.s38NYDxr098590@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>From owner-freebsd-security-notifications@freebsd.org Wed Apr 9 00:37:34 2014 > >IV. Workaround > >No workaround is available, but systems that do not use OpenSSL to implement >the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) >protocols implementation and do not use the ECDSA implementation from OpenSSL >are not vulnerable. Please help me find out if my systems are vulnerable. I use authenticated sendmail with security/cyrus-sasl2: # grep SENDMAIL /etc/make.conf SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl2 # I also use ssh-keygen(1). Am I affected? Is it possible to list a few sample base OS programs or libraries which are affected? Apologies if I completely misunderstood the advisory. Thanks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404090821.s398LMg7020616>