FreeBSD Security Officer
2014-Apr-08 20:42 UTC
[FreeBSD-Announce] HEADSUP! OpenSSL "Heartbleed" bug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, This is a heads-up for the OpenSSL "Heartbleed" bug. FreeBSD port security/openssl have been patched on 2014-04-07 21:46:40 UTC (head, r350548) and 2014-04-07 21:48:07 UTC (branches/2014Q2, r350549). FreeBSD base system have been patched on 2014-04-08 18:27:32 UTC (head, r264265), 2014-04-08 18:27:39 UTC (stable/10, r264266), 2014-04-08 18:27:46 UTC (releng/10.0, r264267). The update is available with freebsd-update. All other supported FreeBSD branches are not affected by this issue. Users who use TLS client and/or server are strongly advised to apply updates immediately. Because of the nature of this issue, it's also recommended for system administrators to consider revoking all of server certificate, client certificate and keys that is used with these systems and invalidate active authentication credentials with a forced passphrase change. Formal security advisories would be announced later today. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTRF6nAAoJEO1n7NZdz2rnA7AP/jG89g90O5ULI3aXZOeeYH6U /l3Cb5/vUgEQWiG5HO50lID3fJOktTWvwMBs+q7E7vaGJ4icL5kl816Zucj3cI8j H4JZZVYWbY1cBET2sNAxz5+XqGvERL8LUj8+hvVxo5L071plAbiucnvisx4K9Vyd IQryUOvRwxUUbmOXIVbfPLoY4VJFT+fDMxEXjeOh3vFWXftg5v4KaB9jYCRKBiAo BTEKlU1/bVjkJ4sU5ApavMOuyeqqOPTxLpqs6+9bsPUsBoiMR1LyxrWW9tWPb/x+ LKoLwwkHwjHmrCx9ob/L5jNtOiLeFAsN/Rvox8eLLCb2VRe90dkMKazAJCGT/Shf DKRo4jlRCVqmHofc96+bWBGDGHvTT7xY3MZQYU9IEHIXSzAgxykXmyYSdIDm6bxk tsladfGEpKNzpwQXbuzLFXjl0nd87P1ZcPh+cDprP4+b68knfAXDIF/ca7mVD00B PTIUmXOSuvmYfhQyY4lurB3vjbWoJv06JkYJRe4luPyZiEulw7PNNPqR0BqR4vPX R9VhOhDhXn1AJcF8urTMIwZ3tGyhwWbOjqOgAdI9jW4gTTtXqwwesWhjX0ZghzRf Pqs9T7IrZ4pNvfHBETSc7JN/9kpspTEm/a2tUalEIKIErSxmaOAWUTethrjf3lyd kNC30mma046jR7E4/ccB =J3Tm -----END PGP SIGNATURE-----