Re: OpenSSL Security Advisory (fwd)
- In reply to: Wall, Stephen: "RE: OpenSSL Security Advisory (fwd)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 04 Sep 2024 13:31:21 UTC
On 9/4/2024 9:27 AM, Wall, Stephen wrote: >>> Possible denial of service in X.509 name checks (CVE-2024-6119) >> Is this something we need to concern ourselves with? > Since no one else is chiming in, I'll provide my feeble thoughts. As I read it, it primarily affects outgoing TLS connections. I.e., curl, wget, et al, and possibly (and more importantly IMO) apache/nginx proxying to another server. Speculating here: this could affect high volume web services where security is enough of a concern that the operators have enabled certificate name checks. > > As a commercial user of FreeBSD with security conscious customers, I would certainly like to see it fixed in a FreeBSD patch release, but in all honesty we could easily enough apply the openssl patches to our FreeBSD source tree ourselves. It seems to be worked on. The fix is already in the tree as of yesterday. https://cgit.freebsd.org/src/commit/?id=fbd465f263400d3bc6c1a5c30857a76738c64396 I imagine there will be a SA in the near future. ---Mike