OpenSSL on 8.3 (pfsense appliance)
Hello,
Per the heartbleed vulnerability, I'm looking at a vulneranle pfsense
firewall appliance:
# /usr/bin/openssl version
OpenSSL 0.9.8y 5 Feb 2013
# /usr/local/bin/openssl version
OpenSSL 1.0.1e 11 Feb 2013
# ldd /usr/local/sbin/openvpn | grep libssl
libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8007e9000)
Per Brian Drewery, the port has been fixed, but this appliance does not
have ports installed.
I see an openssl package here:
ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/Latest/openssl.tbz
At this moment, the timestamp is January. Can one reasonably expect that
there is a process building updated packages for this branch? Can anyone
advise how long before a new openssl package is published here? Or should
I spin up an 8.3 box to build a package?
Has anyone else here patched a pfsense appliance yet? Last I saw their fix
ETA is Thursday.
Thanks,
-danny
--
http://dannyman.toldme.com
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)