From owner-freebsd-questions@freebsd.org Mon Mar 22 13:36:09 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 65B2B5AF13A for ; Mon, 22 Mar 2021 13:36:09 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F3wWF26shz3QST for ; Mon, 22 Mar 2021 13:36:09 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "R3" (verified OK)) (Authenticated sender: matthew/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 1DFB6A58E for ; Mon, 22 Mar 2021 13:36:09 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from PD0786.local (130.31-255-62.static.virginmediabusiness.co.uk [62.255.31.130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id BDC86117DC for ; Mon, 22 Mar 2021 13:36:04 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/BDC86117DC; dkim=none; dkim-atps=neutral Subject: Re: [matt@openssl.org: Forthcoming OpenSSL release] To: freebsd-questions@freebsd.org References: From: Matthew Seaman Message-ID: <35d8065d-d2ac-4ef9-a89a-3aa28fdcdcf0@FreeBSD.org> Date: Mon, 22 Mar 2021 13:36:02 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2021 13:36:09 -0000 On 22/03/2021 12:14, The Doctor via freebsd-questions wrote: > ----- Forwarded message from Matt Caswell ----- > > Date: Mon, 22 Mar 2021 09:18:12 +0000 > From: Matt Caswell > To: "openssl-project@openssl.org" , > openssl-announce@openssl.org, "openssl-users@openssl.org" > > Subject: Forthcoming OpenSSL release > User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 > Thunderbird/78.7.1 > > The OpenSSL project team would like to announce the forthcoming > release of OpenSSL version 1.1.1k. > > This release will be made available on Thursday 25th March 2021 > between 1300-1700 UTC. > > OpenSSL 1.1.1k is a security-fix release. The highest severity issue > fixed in this release is HIGH: > https://www.openssl.org/policies/secpolicy.html#high > > Yours > > The OpenSSL Project Team > > ----- End forwarded message ----- > > Just got this. > > Does this means FReeBSD 11,12,13 and 14 are affected? > Very likely. The FreeBSD security team will have seen the same announcement from OpenSSL, quite possibly somewhat earlier than you did (under embargo though: not publicizing open security holes before everyone has had a chance to fix them is quite important) and given they agree that this is a high severity issue, will have been working up system patches and advisories for release at around the same time. Typically there will be a more-or-less coordinated release of OS security advisories and patches across all affected operating systems and distributions. So, expect to be applying some patches later this week, whatever OS you're running. Cheers, Matthew