OpenSSL 0.9.8k -> 0.9.8l

Eirik Øverby ltning at anduin.net
Wed Apr 21 05:55:17 UTC 2010


On Apr 21, 2010, at 7:23 AM, Tim Gustafson wrote:

>> RELENG_8_0 is 8.0 + critical bug fixes.
> 
>> From what I gather, the exploits in 0.9.8k are pretty serious.  :\
> 
>> If you're not too pressed for time, 8.1 is "only" a couple of
>> months away and will hopefully ship with 0.9.8n which is what
>> we currently have in head.
> 
> Well, we may have to wait, or maybe update to RELENG_8 and cross our fingers.  :)

It is a misconseption to think that one _has to_ run the latest version (as suggested by dumb network scans) in order to remain compliant (PCI DSS or otherwise). What is needed is that the issues found are either patched or documented to be not applicable.

All current OpenSSL issues in the versions shipping with RELENG_8_0 have, to my knowledge, been fixed by the secteam or do not apply to FreeBSD.

/Eirik

> Tim Gustafson
> Baskin School of Engineering
> UC Santa Cruz
> tjg at soe.ucsc.edu
> 831-459-5354
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
> 



More information about the freebsd-security mailing list