> >systems that do not use OpenSSL to implement > >the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) > >protocols implementation and do not use the ECDSA implementation from OpenSSL > >are not vulnerable. > > Please help me find out if my systems are vulnerable. > > I use authenticated sendmail with security/cyrus-sasl2: > > # grep SENDMAIL /etc/make.conf > SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 > SENDMAIL_LDFLAGS+= -L/usr/local/lib > SENDMAIL_LDADD+= -lsasl2 > # > > I also use ssh-keygen(1). > > Am I affected?
Port mail/sendmail-sasl (sendmail+tls+sasl2-8.14.8) depends on the openssl port. You need to upgrade the security/openssl port to openssl-1.0.1_10 and restart sendmail. SSH is not affected. > Is it possible to list a few sample base OS > programs or libraries which are affected? Besides ports, only FreeBSD 10 base is affected. The recipe was posted here: ldd /usr/bin/* /usr/sbin/* /bin/* 2>/dev/null | less /ssl _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
