看板FB_security
标 题Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl
发信站NCTU CS FreeBSD Server (Wed Apr 9 17:50:25 2014)
转信站ptt!csnews.cs.nctu!news.cednctu!FreeBSD.cs.nctu!.POSTED!freebsd.org!ow
This is a cryptographically signed message in MIME format.
--------------ms090108010701060802090401
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: quoted-printable
On 4/9/2014 9:47 AM, Steven Hartland wrote:
> ----- Original Message ----- From: "Karl Denninger" <[email protected]=
>
>
>
>
> On 4/9/2014 9:21 AM, Zoran Kolic wrote:
>>> Advisory claims 10.0 only to be affected. Patches to
>>> branch 9 are not of importance on the same level?
>>>
>>>
>> 9 (and before) were only impacted if you loaded the newer OpenSSL=20
>> from ports. A fair number of people did, however, as a means of=20
>> preventing BEAST attack vectors.
>>
>> If you did, then you need to update that and have all your private=20
>> keys re-issued. If you did not then you never had the buggy code in=20
>> the first place.
>
> Actually they are vulnerable without any ports install just not to
> CVE-2014-0160 only CVE-2014-0076, both of which where fixed by
> SA-14:06.openssl
>
> Regards
> Steve
Good point -- there is that other advisory in there so "base" 8.x and=20
9.x users should update as well.
However, the other problem does not involve the same sort of=20
vulnerability to remote "grabs" of data, including authentication=20
credentials (and worse, private key data.)
--=20
-- Karl
[email protected]
--------------ms090108010701060802090401
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFTzCC
BUswggQzoAMCAQICAQgwDQYJKoZIhvcNAQEFBQAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
EwdGbG9yaWRhMRIwEAYDVQQHEwlOaWNldmlsbGUxGTAXBgNVBAoTEEN1ZGEgU3lzdGVtcyBM
TEMxHDAaBgNVBAMTE0N1ZGEgU3lzdGVtcyBMTEMgQ0ExLzAtBgkqhkiG9w0BCQEWIGN1c3Rv
bWVyLXNlcnZpY2VAY3VkYXN5c3RlbXMubmV0MB4XDTEzMDgyNDE5MDM0NFoXDTE4MDgyMzE5
MDM0NFowWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExFzAVBgNVBAMTDkthcmwg
RGVubmluZ2VyMSEwHwYJKoZIhvcNAQkBFhJrYXJsQGRlbm5pbmdlci5uZXQwggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQC5n2KBrBmG22nVntVdvgKCB9UcnapNThrW1L+dq6th
d9l4mj+qYMUpJ+8I0rTbY1dn21IXQBoBQmy8t1doKwmTdQ59F0FwZEPt/fGbRgBKVt3Quf6W
6n7kRk9MG6gdD7V9vPpFV41e+5MWYtqGWY3ScDP8SyYLjL/Xgr+5KFKkDfuubK8DeNqdLniV
jHo/vqmIgO+6NgzPGPgmbutzFQXlxUqjiNAAKzF2+Tkddi+WKABrcc/EqnBb0X8GdqcIamO5
SyVmuM+7Zdns7D9pcV16zMMQ8LfNFQCDvbCuuQKMDg2F22x5ekYXpwjqTyfjcHBkWC8vFNoY
5aFMdyiN/Kkz0/kduP2ekYOgkRqcShfLEcG9SQ4LQZgqjMpTjSOGzBr3tOvVn5LkSJSHW2Z8
Q0dxSkvFG2/lsOWFbwQeeZSaBi5vRZCYCOf5tRd1+E93FyQfpt4vsrXshIAk7IK7f0qXvxP4
GDli5PKIEubD2Bn+gp3vB/DkfKySh5NBHVB+OPCoXRUWBkQxme65wBO02OZZt0k8Iq0i4Rci
WV6z+lQHqDKtaVGgMsHn6PoeYhjf5Al5SP+U3imTjF2aCca1iDB5JOccX04MNljvifXgcbJN
nkMgrzmm1ZgJ1PLur/ADWPlnz45quOhHg1TfUCLfI/DzgG7Z6u+oy4siQuFr9QT0MQIDAQAB
o4HWMIHTMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMAsGA1UdDwQEAwIF4DAsBglg
hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFHw4
+LnuALyLA5Cgy7T5ZAX1WzKPMB8GA1UdIwQYMBaAFF3U3hpBZq40HB5VM7B44/gmXiI0MDgG
CWCGSAGG+EIBAwQrFilodHRwczovL2N1ZGFzeXN0ZW1zLm5ldDoxMTQ0My9yZXZva2VkLmNy
bDANBgkqhkiG9w0BAQUFAAOCAQEAZ0L4tQbBd0hd4wuw/YVqEBDDXJ54q2AoqQAmsOlnoxLO
31ehM/LvrTIP4yK2u1VmXtUumQ4Ao15JFM+xmwqtEGsh70RRrfVBAGd7KOZ3GB39FP2TgN/c
L5fJKVxOqvEnW6cL9QtvUlcM3hXg8kDv60OB+LIcSE/P3/s+0tEpWPjxm3LHVE7JmPbZIcJ1
YMoZvHh0NSjY5D0HZlwtbDO7pDz9sZf1QEOgjH828fhtborkaHaUI46pmrMjiBnY6ujXMcWD
pxtikki0zY22nrxfTs5xDWGxyrc/cmucjxClJF6+OYVUSaZhiiHfa9Pr+41okLgsRB0AmNwE
f6ItY3TI8DGCBQowggUGAgEBMIGjMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlk
YTESMBAGA1UEBxMJTmljZXZpbGxlMRkwFwYDVQQKExBDdWRhIFN5c3RlbXMgTExDMRwwGgYD
VQQDExNDdWRhIFN5c3RlbXMgTExDIENBMS8wLQYJKoZIhvcNAQkBFiBjdXN0b21lci1zZXJ2
aWNlQGN1ZGFzeXN0ZW1zLm5ldAIBCDAJBgUrDgMCGgUAoIICOzAYBgkqhkiG9w0BCQMxCwYJ
KoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNDA0MDkxNDUwMjVaMCMGCSqGSIb3DQEJBDEW
BBTRi1AH6NVk66/8t3lSJdO8GnofyjBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjAL
BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA
MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIG0BgkrBgEEAYI3EAQxgaYwgaMwgZ0xCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRIwEAYDVQQHEwlOaWNldmlsbGUxGTAXBgNVBAoT
EEN1ZGEgU3lzdGVtcyBMTEMxHDAaBgNVBAMTE0N1ZGEgU3lzdGVtcyBMTEMgQ0ExLzAtBgkq
hkiG9w0BCQEWIGN1c3RvbWVyLXNlcnZpY2VAY3VkYXN5c3RlbXMubmV0AgEIMIG2BgsqhkiG
9w0BCRACCzGBpqCBozCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExEjAQBgNV
BAcTCU5pY2V2aWxsZTEZMBcGA1UEChMQQ3VkYSBTeXN0ZW1zIExMQzEcMBoGA1UEAxMTQ3Vk
YSBTeXN0ZW1zIExMQyBDQTEvMC0GCSqGSIb3DQEJARYgY3VzdG9tZXItc2VydmljZUBjdWRh
c3lzdGVtcy5uZXQCAQgwDQYJKoZIhvcNAQEBBQAEggIASOBI1388yBC9nrgdwhImRfzKSqsN
OSg631O/2TOdH8/fRNqUBAPa5TzUPoTVwI6wIo64MWVagKhIF+WFVwNF76Di2e1/Uaglz6Kw
VdnCX4icye1mT712DRBIuFL7hiRaYS335nJt07HJiwgcfR7nYYiBf4SkJAhLsF5b/hfEOPKE
2PQrcw1o6cX642BnpsdialzF3Imw9FvHJPuJlsSLmBPDn3BYQ4C6PKl0IKMY10iYoBloQ4LK
0hl0n136adEtQW5kf1V7rcq1bbYkVpwjTsfeyGiTd0Et1Bbu3cLbZw3gEjtT5aRNvHZ4+vjK
lp29UTzW7cDm2ujx3fqTNqjAaHxnDbV7twlN+RMrwNtjA+qTUQ94Q34m1BpWoGg6W07onsf0
x//l5FCA38oiV2k20dvP09hBsyWisdFF0sC1DnkH7bgvTY6Iyp4ela9Mm4NECWzQA6aGHXnF
6QZi564QrA98XDs8+o0MHp2d1Ht+rgYR5LveWEMmGT40FfQ9GB1hA1k5tbUym3Qksepj/lry
9EpXgvxhMlk2m5qBo9YpRGfln3Gp0FqMD7jxDs8t7CjKyqj0QotDxWii8rWgA4g9J2+2rThU
btSVDNBvrMbiCdq+EYVEZvM3mF9WUxbYZMncKLTUEDHrvcOYDGv3erYQQoDNu1HtL+WGUkjo
G16hy5IAAAAAAAA=
--------------ms090108010701060802090401--