[PC-BSD Testing] Serious safety bug GnuTLS-bug; is pcbsd effected by this ?

Kris Moore kris at pcbsd.org
Thu Mar 6 06:31:49 PST 2014


On 03/06/2014 03:18, Hans Ruhe wrote:
> Hello Kris and team,
>
> I read this for Linux, but since BSD is using some elements of Linux,
> I wondered if this bug is also the BSD distrobutions.
>
> GNU TLS is a library which is taking care of SSL and TLS traffic and
> abusing the bug makes it possible to tap off internettraffic and reroute.
> The bug is taking (or rather not taking care) of that certain
> verification checks are not taking place and that not valid
> certifications are being validated as safe.
>
> Can you investigate this ?  Fortunately the moment I read this, there
> is a fix available, speaking of timing. But this bug seems to be
> around for quite some time.
>
> It is being advised to upgrade to version 3.2.12.
>
> Best regards,
> Hans
>
>
>
> _______________________________________________
> Testing mailing list
> Testing at lists.pcbsd.org
> http://lists.pcbsd.org/mailman/listinfo/testing

While it doesn't touch the FreeBSD base system, it can touch any
packages which use it. I'm updating our packages with the fix now.

-- 
Kris Moore
PC-BSD Software
iXsystems

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20140306/bfeb7ef6/attachment.html>


More information about the Testing mailing list