Date: Wed, 9 Apr 2014 10:39:40 -0400 From: Gary Palmer <gpalmer@freebsd.org> To: Zoran Kolic <zkolic@sbb.rs> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl Message-ID: <20140409143940.GA15884@in-addr.com> In-Reply-To: <20140409142136.GA871@faust.sbb.rs> References: <mailman.384.1397005594.1401.freebsd-security@freebsd.org> <20140409142136.GA871@faust.sbb.rs>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 09, 2014 at 04:21:36PM +0200, Zoran Kolic wrote: > Advisory claims 10.0 only to be affected. Patches to > branch 9 are not of importance on the same level? The version of OpenSSL shipped in the base FreeBSD code prior to 10.0 is not vulnerable to the Heartbeat attack, however there is a different vulnerability which *is* in 8.x and 9.x and was documented in the advisory as [CVE-2014-0076] You should update 8.x and 9.x systems also, even though the vulnerability there is probably not as easy to exploit as the Heartbeat attack. Regards, Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140409143940.GA15884>