[PC-BSD Testing] Serious safety bug GnuTLS-bug; is pcbsd effected by this ?
hansruhe1 at gmail.com
Thu Mar 6 11:39:48 PST 2014
Thanks ! And I learned a bit more about Freebsd too at the same time :-)
2014-03-06 15:31 GMT+01:00 Kris Moore <kris at pcbsd.org>:
> On 03/06/2014 03:18, Hans Ruhe wrote:
> Hello Kris and team,
> I read this for Linux, but since BSD is using some elements of Linux, I
> wondered if this bug is also the BSD distrobutions.
> GNU TLS is a library which is taking care of SSL and TLS traffic and
> abusing the bug makes it possible to tap off internettraffic and reroute.
> The bug is taking (or rather not taking care) of that certain
> verification checks are not taking place and that not valid certifications
> are being validated as safe.
> Can you investigate this ? Fortunately the moment I read this, there is
> a fix available, speaking of timing. But this bug seems to be around for
> quite some time.
> It is being advised to upgrade to version 3.2.12.
> Best regards,
> Testing mailing listTesting at lists.pcbsd.orghttp://lists.pcbsd.org/mailman/listinfo/testing
> While it doesn't touch the FreeBSD base system, it can touch any packages
> which use it. I'm updating our packages with the fix now.
> Kris Moore
> PC-BSD Software
> Testing mailing list
> Testing at lists.pcbsd.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Testing