[PC-BSD Testing] Serious safety bug GnuTLS-bug; is pcbsd effected by this ?
kris at pcbsd.org
Thu Mar 6 06:31:49 PST 2014
On 03/06/2014 03:18, Hans Ruhe wrote:
> Hello Kris and team,
> I read this for Linux, but since BSD is using some elements of Linux,
> I wondered if this bug is also the BSD distrobutions.
> GNU TLS is a library which is taking care of SSL and TLS traffic and
> abusing the bug makes it possible to tap off internettraffic and reroute.
> The bug is taking (or rather not taking care) of that certain
> verification checks are not taking place and that not valid
> certifications are being validated as safe.
> Can you investigate this ? Fortunately the moment I read this, there
> is a fix available, speaking of timing. But this bug seems to be
> around for quite some time.
> It is being advised to upgrade to version 3.2.12.
> Best regards,
> Testing mailing list
> Testing at lists.pcbsd.org
While it doesn't touch the FreeBSD base system, it can touch any
packages which use it. I'm updating our packages with the fix now.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Testing