From owner-freebsd-security@FreeBSD.ORG Tue Apr 8 20:22:07 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6B86ACC3 for ; Tue, 8 Apr 2014 20:22:07 +0000 (UTC) Received: from mail.carlostrub.ch (319.ch [88.198.108.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2A5FF1FE3 for ; Tue, 8 Apr 2014 20:22:06 +0000 (UTC) Received: from c-st.net (localhost [127.0.0.1]) (Authenticated sender: cs@carlostrub.ch) by mail.carlostrub.ch (Postfix) with ESMTPA id 0A64718CC2B; Tue, 8 Apr 2014 22:21:53 +0200 (CEST) Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: OpenSSL on 8.3 (pfsense appliance) X-Powered-BY: OTRS - Open Ticket Request System (http://otrs.org/) X-Mailer: OTRS Mail Service (3.3.5) Date: Tue, 8 Apr 2014 22:21:53 +0200 Message-ID: <1396988513.858894.14605605.113546.2@c-st.net> To: dannyman@toldme.com Organization: Carlo Strub From: Carlo Strub In-Reply-To: References: Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 20:22:07 -0000 08/04/2014 21:44 - Daniel Howard wrote: > Hello, >=20 > Per the heartbleed vulnerability, I'm looking at a vulneranle pfsense > firewall appliance: >=20 > # /usr/bin/openssl version > OpenSSL 0.9.8y 5 Feb 2013 > # /usr/local/bin/openssl version > OpenSSL 1.0.1e 11 Feb 2013 > # ldd /usr/local/sbin/openvpn | grep libssl > libssl.so.8 =3D> /usr/local/lib/libssl.so.8 (0x8007e9000) >=20 > Per Brian Drewery, the port has been fixed, but this appliance does not > have ports installed. >=20 > I see an openssl package here: > ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/Latest/op= enssl.tbz >=20 > At this moment, the timestamp is January. Can one reasonably expect that > there is a process building updated packages for this branch? Can anyone > advise how long before a new openssl package is published here? Or should > I spin up an 8.3 box to build a package? >=20 > Has anyone else here patched a pfsense appliance yet? Last I saw their f= ix > ETA is Thursday. >=20 >=20 > Thanks, > -danny >=20 > --=20 > http://dannyman.toldme.com > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" >=20 For pfsense, you should definitely ask this question in the pfsense forum (= http://forum.pfsense.org/). Pfsense is essentially a fork of FreeBSD and th= ey have their own type of package system. They just released version 2.1.1 = a few days ago, but I doubt it includes the latest patches of openssl. -- Carlo Strub Ports committer=