[PC-BSD Testing] Serious safety bug GnuTLS-bug; is pcbsd effected by this ?

Hans Ruhe hansruhe1 at gmail.com
Thu Mar 6 11:39:48 PST 2014


Hello Kris,
Thanks ! And I learned a bit more about Freebsd too at the same time :-)

Best regards,
Hans


2014-03-06 15:31 GMT+01:00 Kris Moore <kris at pcbsd.org>:

>  On 03/06/2014 03:18, Hans Ruhe wrote:
>
>    Hello Kris and team,
>
>  I read this for Linux, but since BSD is using some elements of Linux, I
> wondered if this bug is also the BSD distrobutions.
>
>  GNU TLS is a library which is taking care of SSL and TLS traffic and
> abusing the bug makes it possible to tap off internettraffic and reroute.
>  The bug is taking (or rather not taking care) of that certain
> verification checks are not taking place and that not valid certifications
> are being validated as safe.
>
>  Can you investigate this ?  Fortunately the moment I read this, there is
> a fix available, speaking of timing. But this bug seems to be around for
> quite some time.
>
>  It is being advised to upgrade to version 3.2.12.
>
>  Best regards,
> Hans
>
>
>
> _______________________________________________
> Testing mailing listTesting at lists.pcbsd.orghttp://lists.pcbsd.org/mailman/listinfo/testing
>
>
> While it doesn't touch the FreeBSD base system, it can touch any packages
> which use it. I'm updating our packages with the fix now.
>
> --
> Kris Moore
> PC-BSD Software
> iXsystems
>
>
> _______________________________________________
> Testing mailing list
> Testing at lists.pcbsd.org
> http://lists.pcbsd.org/mailman/listinfo/testing
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20140306/4a3471d3/attachment.html>


More information about the Testing mailing list