Date: Fri, 11 Apr 2014 15:10:39 +0200 (CEST) From: Mohacsi Janos <mohacsi@niif.hu> To: sbremal@hotmail.com Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: RE: CVE-2014-0160? Message-ID: <alpine.DEB.2.00.1404111502160.13520@strudel.ki.iif.hu> In-Reply-To: <DUB126-W864CD6C2BD872D72C58222A9540@phx.gbl> References: <DUB126-W5BC501CB4B718B4504D74A9540@phx.gbl>, <alpine.DEB.2.00.1404111341450.13520@strudel.ki.iif.hu> <DUB126-W864CD6C2BD872D72C58222A9540@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Apr 2014, sbremal@hotmail.com wrote: > ext 65281 (renegotiation info, length=1) > ext 00011 (EC point formats, length=4) > ext 00035 (session ticket, length=0) > ext 00015 (heartbeat, length=1) <-- Your server supports heartbeat. Bug is possible when linking against OpenSSL 1.0.1f or older. Let me check. > Actively checking if CVE-2014-0160 works: Your server appears to be patched against this bug. > > Kösz! ;-) > > Is there any reason why nightly security patches are not enabled by default in FreeBSD? Very easy to configure download and notification if you use freebsd-update: Add to /etc/crontab: @daily root /usr/sbin/freebsd-update cron In your daily e-mail log you can see, if any changes happened in the freebsd-update reposity. Then you can decide when to up-date. Regards, Janos Mohacsi From owner-freebsd-security@FreeBSD.ORG Fri Apr 11 13:13:02 2014 Return-Path: <owner-freebsd-security@FreeBSD.ORG> Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 068AA83F for <freebsd-security@freebsd.org>; Fri, 11 Apr 2014 13:13:02 +0000 (UTC) Received: from st11p09mm-asmtp001.mac.com (st11p09mm-asmtp001.mac.com [17.164.24.96]) by mx1.freebsd.org (Postfix) with ESMTP id C22E017B4 for <freebsd-security@freebsd.org>; Fri, 11 Apr 2014 13:13:01 +0000 (UTC) MIME-version: 1.0 Received: from [10.71.14.16] (dsl-hkibrasgw1-58c380-33.dhcp.inet.fi [88.195.128.33]) by st11p09mm-asmtp001.mac.com (Oracle Communications Messaging Server 7u4-27.08(7.0.4.27.7) 64bit (built Aug 22 2013)) with ESMTPSA id <0N3V001AUBD5D560@st11p09mm-asmtp001.mac.com> for freebsd-security@freebsd.org; Fri, 11 Apr 2014 13:12:44 +0000 (GMT) Content-type: multipart/signed; boundary="Apple-Mail=_6788341D-62A9-4D63-9D50-95C54FD54F1F"; protocol="application/pgp-signature"; micalg=pgp-sha512 Subject: Re: CVE-2014-0160? From: Kimmo Paasiala <kpaasial@icloud.com> In-reply-to: <DUB126-W864CD6C2BD872D72C58222A9540@phx.gbl> Date: Fri, 11 Apr 2014 16:12:36 +0300 Message-id: <D0491050-C6C0-4124-966C-3153FB618532@icloud.com> References: <DUB126-W5BC501CB4B718B4504D74A9540@phx.gbl> <alpine.DEB.2.00.1404111341450.13520@strudel.ki.iif.hu> <DUB126-W864CD6C2BD872D72C58222A9540@phx.gbl> To: sbremal@hotmail.com X-Mailer: Apple Mail (2.1874) x-icloud-spam-score: 34444444 f=icloud.com; e=icloud.com; is=no; ir=yes; pp=ham; spf=n/a; dkim=n/a; dmarc=n/a; wl=n/a; pwl=n/a; clxs=n/a; clxl=n/a X-MANTSH: 1TEIXWV4bG1oaGkdHB0lGUkdDRl5PWBoaGxEKTEMXGx0EGx0YBBIZBBscEBseGh8 aEQpYTRdLEQptfhcaEQpMWRcbGhsbEQpZSRcRClleF2hjeREKQ04XSxsbGmJCH2lpG2scGXhzB xloGxkbGEMfEQpYXBcZBBoEHQdNSx0SSEkcTAUbHQQbHRgEEhkEGxwQGx4aHxsRCl5ZF2FMcx1 EEQpMRhdsa2sRCkNaFxISBBsTHwQbGBIEGRkRCkRYFxgRCkRJFxgRCkJFF2Z9fxNNb1xgZRoSE QpCThdrRRpSUB5DXFlcaBEKQkwXbk0deVljZGh+GEYRCkJsF2FAfFNsSx8YZHt+EQpCQBdlGBl Ea1tzYHlPYhEKcGgXblhDZUBLT2BEYW4RCnBoF2BkXnJBGhJ6TRt8EQpwaBd6bWkbenBMXllrH REKcGgXaHJMXVJCRX15WFgRCnBoF2NiXVABTkBjSU54EQpwaxdif0lbTER9ZRgbBREKcEsXYml yE1hdXGdtU3MRCnBrF2hafhpSeVtyHVJnEQpwbBdtZ24FH2FOYRxbGxE= X-CLX-Spam: false X-CLX-Score: 1011 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.96,1.0.14,0.0.0000 definitions=2014-04-11_04:2014-04-11,2014-04-11,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=5 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1404110214 Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" <freebsd-security.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>; List-Post: <mailto:freebsd-security@freebsd.org> List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=subscribe> X-List-Received-Date: Fri, 11 Apr 2014 13:13:02 -0000 --Apple-Mail=_6788341D-62A9-4D63-9D50-95C54FD54F1F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 11.4.2014, at 15.53, sbremal@hotmail.com wrote: > ext 65281 (renegotiation info, length=3D1) > ext 00011 (EC point formats, length=3D4) > ext 00035 (session ticket, length=3D0) > ext 00015 (heartbeat, length=3D1) <-- Your server supports heartbeat. = Bug is possible when linking against OpenSSL 1.0.1f or older. Let me = check. > Actively checking if CVE-2014-0160 works: Your server appears to be = patched against this bug. >=20 > K=F6sz! ;-) >=20 > Is there any reason why nightly security patches are not enabled by = default in FreeBSD? >=20 >=20 > Cheers > B. >=20 Why do you make such claim? The security patches are very much = =93enabled=94 (by using your words) in FreeBSD by default. This assuming = that you are in fact aware of the update methods that are available and = how they work. And for the update methods and how they work there=92s a = tremendous amount of information out there, even translated to your = native language in some cases if the language barrier is a problem for = you. -Kimmo --Apple-Mail=_6788341D-62A9-4D63-9D50-95C54FD54F1F Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJTR+pHAAoJEFvLZC0FWRVpeC8H/2TqUD9sGJSnOITspPYASBJZ 6mqH7sTNNZG0GoeYAaIyg5SAhG2pWRBSRrnT7wmWwWbbGDf20rTfyEkfIxwclkbB fRdfMVFKFDNYx2GmZWgAi7XZaZskMRxMIwlgOXGUc2EtluLJdTnHvbqThHgn3xB9 QarWxr61yqfArPkq5by0RvWIXoFMRE3bWevtkrdIwwIfQAVKaNFbhkvE+k6T7K5n lLDnEucvkADuUWUr9t2MKQ7Xd6/lLi2sdjnT24i6TxiQATJiquy/sIsq6unFmgMT rqWME4xJP3nG7Qb4lYSNxiYILbVGT1onxZ0zhvwyBY9OFlQDAL3Dw9c/7fDFngQ= =lXK5 -----END PGP SIGNATURE----- --Apple-Mail=_6788341D-62A9-4D63-9D50-95C54FD54F1F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.DEB.2.00.1404111502160.13520>