help 2014-04-09 20:00 GMT+08:00 <[email protected]>: > Send freebsd-security mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of freebsd-security digest..." > > > Today's Topics: > > 1. Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl > (Anton Shterenlikht) > 2. Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl > ([email protected]) > 3. Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl > (Anton Shterenlikht) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 9 Apr 2014 09:21:22 +0100 (BST) > From: Anton Shterenlikht <[email protected]> > To: [email protected] > Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl > Message-ID: > <[email protected]> > > >From [email protected] Wed Apr 9 > 00:37:34 2014 > > > >IV. Workaround > > > >No workaround is available, but systems that do not use OpenSSL to > implement > >the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) > >protocols implementation and do not use the ECDSA implementation from > OpenSSL > >are not vulnerable. > > Please help me find out if my systems are vulnerable. > > I use authenticated sendmail with security/cyrus-sasl2: > > # grep SENDMAIL /etc/make.conf > SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 > SENDMAIL_LDFLAGS+= -L/usr/local/lib > SENDMAIL_LDADD+= -lsasl2 > # > > I also use ssh-keygen(1). > > Am I affected? > > Is it possible to list a few sample base OS > programs or libraries which are affected? > > Apologies if I completely misunderstood the advisory. > > Thanks > > > > ------------------------------ > > Message: 2 > Date: Wed, 9 Apr 2014 11:48:09 +0300 > From: [email protected] > To: Anton Shterenlikht <[email protected]> > Cc: [email protected] > Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > > >systems that do not use OpenSSL to implement > > >the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS > v1) > > >protocols implementation and do not use the ECDSA implementation from > OpenSSL > > >are not vulnerable. > > > > Please help me find out if my systems are vulnerable. > > > > I use authenticated sendmail with security/cyrus-sasl2: > > > > # grep SENDMAIL /etc/make.conf > > SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 > > SENDMAIL_LDFLAGS+= -L/usr/local/lib > > SENDMAIL_LDADD+= -lsasl2 > > # > > > > I also use ssh-keygen(1). > > > > Am I affected? > > Port mail/sendmail-sasl (sendmail+tls+sasl2-8.14.8) depends on the > openssl port. You need to upgrade the security/openssl port to > openssl-1.0.1_10 and restart sendmail. > > SSH is not affected. > > > Is it possible to list a few sample base OS > > programs or libraries which are affected? > > Besides ports, only FreeBSD 10 base is affected. The recipe was posted > here: > ldd /usr/bin/* /usr/sbin/* /bin/* 2>/dev/null | less > /ssl > > > ------------------------------ > > Message: 3 > Date: Wed, 9 Apr 2014 11:17:45 +0100 (BST) > From: Anton Shterenlikht <[email protected]> > To: [email protected], [email protected] > Cc: [email protected] > Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl > Message-ID: > <[email protected]> > > >From [email protected] Wed Apr 9 10:43:40 2014 > > > >Port mail/sendmail-sasl (sendmail+tls+sasl2-8.14.8) depends on the > >openssl port. You need to upgrade the security/openssl port to > >openssl-1.0.1_10 and restart sendmail. > > I didn't know about this route of having authenticated > sendmail. It's not mentioned in the handbook: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/SMTP-Auth.html > > Are you saying mail/sendmail-sasl implements > exactly the same functionality as rebuilding > the base OS sendmail, as mentioned in the handbook? > > Thanks > > Anton > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "[email protected] > " > > ------------------------------ > > End of freebsd-security Digest, Vol 482, Issue 3 > ************************************************ > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"