[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED]
Per olof Ljungmark
peo at intersonic.se
Wed Apr 9 20:43:15 UTC 2014
On 2014-04-09 21:14, Mike Tancsa wrote:
> On 4/9/2014 2:45 PM, Per olof Ljungmark wrote:
>> Can someone please shed a little light why this advisory says STABLE/9
>> is affected, but
>> https://heartbleed.com/
>> says it is not?
>
> There are 2 different issues [CVE-2014-0160] and [CVE-2014-0076] in the
> FreeBSD advisory.
>
> "OpenSSL multiple vulnerabilities"
> ^^^^^^^^
>
> The one that impacts 8 and 9 is
>
> A local attacker might be able to snoop a signing process and might recover
> the signing key from it. [CVE-2014-0076]
Yes, thanks, I was too quick there - out of nervousness I suppose.
//per
More information about the freebsd-questions
mailing list