Date: Fri, 11 Apr 2014 13:26:58 +0000 From: <sbremal@hotmail.com> To: Kimmo Paasiala <kpaasial@icloud.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: RE: CVE-2014-0160? Message-ID: <DUB126-W77A08013F5277DB2C69816A9540@phx.gbl> In-Reply-To: <D0491050-C6C0-4124-966C-3153FB618532@icloud.com> References: <DUB126-W5BC501CB4B718B4504D74A9540@phx.gbl>, <alpine.DEB.2.00.1404111341450.13520@strudel.ki.iif.hu>, <DUB126-W864CD6C2BD872D72C58222A9540@phx.gbl>, <D0491050-C6C0-4124-966C-3153FB618532@icloud.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I receive daily email from the host which normally shows port audits and vu= lnerabilities. However=2C I did not sport anything related to CVE-2014-0160= in this email. I expected the same info comes in this email about the base= system as well.=0A= =0A= How do you normally inform about recent vulnerability in the base system? (= I believe newspaper and TV is not the best way...)=0A= =0A= =0A= Cheers=0A= B.=0A= =0A= ----------------------------------------=0A= > Subject: Re: CVE-2014-0160?=0A= > From: kpaasial@icloud.com=0A= > Date: Fri=2C 11 Apr 2014 16:12:36 +0300=0A= > To: sbremal@hotmail.com=0A= > CC: freebsd-security@freebsd.org=0A= >=0A= >=0A= > On 11.4.2014=2C at 15.53=2C sbremal@hotmail.com wrote:=0A= >=0A= >> ext 65281 (renegotiation info=2C length=3D1)=0A= >> ext 00011 (EC point formats=2C length=3D4)=0A= >> ext 00035 (session ticket=2C length=3D0)=0A= >> ext 00015 (heartbeat=2C length=3D1) <-- Your server supports heartbeat. = Bug is possible when linking against OpenSSL 1.0.1f or older. Let me check.= =0A= >> Actively checking if CVE-2014-0160 works: Your server appears to be patc= hed against this bug.=0A= >>=0A= >> K=F6sz! =3B-)=0A= >>=0A= >> Is there any reason why nightly security patches are not enabled by defa= ult in FreeBSD?=0A= >>=0A= >>=0A= >> Cheers=0A= >> B.=0A= >>=0A= >=0A= > Why do you make such claim? The security patches are very much =93enabled= =94 (by using your words) in FreeBSD by default. This assuming that you are= in fact aware of the update methods that are available and how they work. = And for the update methods and how they work there=92s a tremendous amount = of information out there=2C even translated to your native language in some= cases if the language barrier is a problem for you.=0A= >=0A= > -Kimmo=0A= =
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DUB126-W77A08013F5277DB2C69816A9540>