Date: Wed, 9 Apr 2014 11:48:09 +0300 From: Lena@lena.kiev.ua To: Anton Shterenlikht <mexas@bris.ac.uk> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl Message-ID: <20140409084809.GA2661@lena.kiev> In-Reply-To: <201404090821.s398LMg7020616@mech-cluster241.men.bris.ac.uk> References: <201404082334.s38NYDxr098590@freefall.freebsd.org> <201404090821.s398LMg7020616@mech-cluster241.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> >systems that do not use OpenSSL to implement > >the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) > >protocols implementation and do not use the ECDSA implementation from OpenSSL > >are not vulnerable. > > Please help me find out if my systems are vulnerable. > > I use authenticated sendmail with security/cyrus-sasl2: > > # grep SENDMAIL /etc/make.conf > SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 > SENDMAIL_LDFLAGS+= -L/usr/local/lib > SENDMAIL_LDADD+= -lsasl2 > # > > I also use ssh-keygen(1). > > Am I affected? Port mail/sendmail-sasl (sendmail+tls+sasl2-8.14.8) depends on the openssl port. You need to upgrade the security/openssl port to openssl-1.0.1_10 and restart sendmail. SSH is not affected. > Is it possible to list a few sample base OS > programs or libraries which are affected? Besides ports, only FreeBSD 10 base is affected. The recipe was posted here: ldd /usr/bin/* /usr/sbin/* /bin/* 2>/dev/null | less /ssl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140409084809.GA2661>