[FUG-BR] RES: RES: Fwd: [FreeBSD-Announce] HEADSUP! OpenSSL "Heartbleed" bug
Helio Loureiro
helio em loureiro.eng.br
Quarta Abril 9 09:00:28 BRT 2014
Nos Linux faz:
$ ldd /usr/bin/ssh
linux-vdso.so.1 => (0x00007fff3c9fe000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1
(0x00007f31aa54a000)
libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
(0x00007f31aa16f000) <== esse aqui
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f31a9f6a000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f31a9d53000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2
(0x00007f31a9b37000)
libgssapi_krb5.so.2 =>
/usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 (0x00007f31a98f8000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f31a9538000)
/lib64/ld-linux-x86-64.so.2 (0x00007f31aaa0d000)
libkrb5.so.3 => /usr/lib/x86_64-linux-gnu/libkrb5.so.3
(0x00007f31a926a000)
libk5crypto.so.3 => /usr/lib/x86_64-linux-gnu/libk5crypto.so.3
(0x00007f31a9041000)
libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2
(0x00007f31a8e3d000)
libkrb5support.so.0 =>
/usr/lib/x86_64-linux-gnu/libkrb5support.so.0 (0x00007f31a8c35000)
libkeyutils.so.1 => /lib/x86_64-linux-gnu/libkeyutils.so.1
(0x00007f31a8a30000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x00007f31a8813000)
$ dpkg -S /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
libssl1.0.0: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
Package: libssl1.0.0
Architecture: amd64
Source: openssl
Version: 1.0.1-4ubuntu3
Depends: libc6 (>= 2.14), zlib1g (>= 1:1.1.4), debconf (>= 0.5) |
debconf-2.0
Filename: pool/main/o/openssl/libssl1.0.0_1.0.1-4ubuntu3_amd64.deb
Description: SSL shared libraries
Abs,
Helio Loureiro
http://helio.loureiro.eng.br
http://br.linkedin.com/in/helioloureiro
http://twitter.com/helioloureiro
http://gplus.to/helioloureiro
2014-04-09 10:08 GMT+02:00 Marcelo Gondim <gondim em bsdinfo.com.br>:
> Em 09/04/14 04:44, Helio Loureiro escreveu:
> > E a gritaria foi por conta de sites openssl.
> >
> > Mas afeta ssh também, openvpn, etc.
> Pois é. A libcrypt não faz parte do openssl ou estou enganado?
>
> # ldd /usr/local/sbin/httpd
> /usr/local/sbin/httpd:
> libm.so.5 => /lib/libm.so.5 (0x80087e000)
> libpcre.so.3 => /usr/local/lib/libpcre.so.3 (0x800aa4000)
> libaprutil-1.so.5 => /usr/local/lib/libaprutil-1.so.5 (0x800d0d000)
> libdb-4.8.so.0 => /usr/local/lib/libdb-4.8.so.0 (0x800f32000)
> libgdbm.so.4 => /usr/local/lib/libgdbm.so.4 (0x801287000)
> libintl.so.9 => /usr/local/lib/libintl.so.9 (0x801491000)
> libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x80169a000)
> libapr-1.so.5 => /usr/local/lib/libapr-1.so.5 (0x8018c0000)
> libcrypt.so.5 => /lib/libcrypt.so.5 (0x801af0000) <=========
> libthr.so.3 => /lib/libthr.so.3 (0x801d10000)
> libc.so.7 => /lib/libc.so.7 (0x801f35000)
>
> # ldd /usr/sbin/sshd
> /usr/sbin/sshd:
> libssh.so.5 => /usr/lib/private/libssh.so.5 (0x800862000)
> libutil.so.9 => /lib/libutil.so.9 (0x800aef000)
> libwrap.so.6 => /usr/lib/libwrap.so.6 (0x800d01000)
> libpam.so.5 => /usr/lib/libpam.so.5 (0x800f0a000)
> libbsm.so.3 => /usr/lib/libbsm.so.3 (0x801116000)
> libgssapi_krb5.so.10 => /usr/lib/libgssapi_krb5.so.10 (0x801330000)
> libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x80154e000)
> libkrb5.so.11 => /usr/lib/libkrb5.so.11 (0x801757000)
> libhx509.so.11 => /usr/lib/libhx509.so.11 (0x8019cf000)
> libasn1.so.11 => /usr/lib/libasn1.so.11 (0x801c19000)
> libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x801eb6000)
> libroken.so.11 => /usr/lib/libroken.so.11 (0x8020b8000)
> libwind.so.11 => /usr/lib/libwind.so.11 (0x8022ca000)
> libheimbase.so.11 => /usr/lib/libheimbase.so.11 (0x8024f2000)
> libheimipcc.so.11 => /usr/lib/private/libheimipcc.so.11 (0x8026f6000)
> libcrypt.so.5 => /lib/libcrypt.so.5 (0x8028f8000) <=================
> libcrypto.so.7 => /lib/libcrypto.so.7 (0x802b18000)
> libz.so.6 => /lib/libz.so.6 (0x802f0b000)
> libc.so.7 => /lib/libc.so.7 (0x803121000)
> libldns.so.5 => /usr/lib/private/libldns.so.5 (0x8034c6000)
> libmd.so.6 => /lib/libmd.so.6 (0x80371b000)
> libthr.so.3 => /lib/libthr.so.3 (0x80392b000)
>
> > Abs,
> > Helio Loureiro
> > http://helio.loureiro.eng.br
> > http://br.linkedin.com/in/helioloureiro
> > http://twitter.com/helioloureiro
> > http://gplus.to/helioloureiro
> >
> >
> > 2014-04-09 9:44 GMT+02:00 Helio Loureiro <helio em loureiro.eng.br>:
> >
> >> Oi,
> >>
> >> Pra quem usa essa versão de openssl afetada (10.0), e tem um site com
> >> grande audiência/risco de segurança, estão recomendando regovar as
> chaves e
> >> gerar novas.
> >>
> >> Abs,
> >> Helio Loureiro
> >> http://helio.loureiro.eng.br
> >> http://br.linkedin.com/in/helioloureiro
> >> http://twitter.com/helioloureiro
> >> http://gplus.to/helioloureiro
> >>
> >>
> >> 2014-04-09 4:04 GMT+02:00 Wendell Candido de Almeida <
> >> wendell em pontualcargas.com.br>:
> >>
> >> Link saiu quebrado.. agora correto...
> >>>
> >>>
> http://info.abril.com.br/noticias/seguranca/2014/04/falha-grave-no-openssl-d
> >>> eixa-dados-sigilosos-vulneraveis-em-servidores-pela-web.shtml<
> http://info.abril.com.br/noticias/seguranca/2014/04/falha-grave-no-openssl-deixa-dados-sigilosos-vulneraveis-em-servidores-pela-web.shtml
> >
> >>>
> >>> Em uma linguagem mais didática...
> >>>
> >>>
> >>>
> http://info.abril.com.br/noticias/seguranca/2014/04/falha-grave-no-openssl-d
> >>> eixa-dados-sigilosos-vulneraveis-em-servidores-pela-web.shtml<
> http://info.abril.com.br/noticias/seguranca/2014/04/falha-grave-no-openssl-deixa-dados-sigilosos-vulneraveis-em-servidores-pela-web.shtml
> >
> >>>
> >>>
> >>> Wendell
> >>>
> >>>
> >>> -----Mensagem original-----
> >>> De: freebsd-bounces em fug.com.br [mailto:freebsd-bounces em fug.com.br] Em
> >>> nome
> >>> de Marcelo Gondim Enviada em: terça-feira, 8 de abril de 2014 18:48
> >>> Para: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)"
> >>> Assunto: [FUG-BR] Fwd: [FreeBSD-Announce] HEADSUP! OpenSSL "Heartbleed"
> >>> bug
> >>>
> >>> A coisa parece que foi séria dessa vez.
> >>>
> >>>
> >>> -------- Mensagem original --------
> >>> Assunto: [FreeBSD-Announce] HEADSUP! OpenSSL "Heartbleed" bug
> >>> Data: Tue, 8 Apr 2014 20:42:29 GMT
> >>> De: FreeBSD Security Officer <security-officer em freebsd.org>
> >>> Responder a: freebsd-security em freebsd.org
> >>> Para: FreeBSD Security Advisories <security-advisories em freebsd.org>
> >>>
> >>>
> >>>
> >>> -----BEGIN PGP SIGNED MESSAGE-----
> >>> Hash: SHA512
> >>>
> >>> Hi,
> >>>
> >>> This is a heads-up for the OpenSSL "Heartbleed" bug.
> >>>
> >>> FreeBSD port security/openssl have been patched on 2014-04-07 21:46:40
> UTC
> >>> (head, r350548) and 2014-04-07 21:48:07 UTC (branches/2014Q2, r350549).
> >>>
> >>> FreeBSD base system have been patched on 2014-04-08 18:27:32 UTC (head,
> >>> r264265), 2014-04-08 18:27:39 UTC (stable/10, r264266), 2014-04-08
> >>> 18:27:46 UTC (releng/10.0, r264267). The update is available with
> >>> freebsd-update. All other supported FreeBSD branches are not affected
> by
> >>> this issue.
> >>>
> >>> Users who use TLS client and/or server are strongly advised to apply
> >>> updates
> >>> immediately.
> >>>
> >>> Because of the nature of this issue, it's also recommended for system
> >>> administrators to consider revoking all of server certificate, client
> >>> certificate and keys that is used with these systems and invalidate
> active
> >>> authentication credentials with a forced passphrase change.
> >>>
> >>> Formal security advisories would be announced later today.
> >>> -----BEGIN PGP SIGNATURE-----
> >>> Version: GnuPG v2.0.22 (FreeBSD)
> >>>
> >>> iQIcBAEBCgAGBQJTRF6nAAoJEO1n7NZdz2rnA7AP/jG89g90O5ULI3aXZOeeYH6U
> >>> /l3Cb5/vUgEQWiG5HO50lID3fJOktTWvwMBs+q7E7vaGJ4icL5kl816Zucj3cI8j
> >>> H4JZZVYWbY1cBET2sNAxz5+XqGvERL8LUj8+hvVxo5L071plAbiucnvisx4K9Vyd
> >>> IQryUOvRwxUUbmOXIVbfPLoY4VJFT+fDMxEXjeOh3vFWXftg5v4KaB9jYCRKBiAo
> >>> BTEKlU1/bVjkJ4sU5ApavMOuyeqqOPTxLpqs6+9bsPUsBoiMR1LyxrWW9tWPb/x+
> >>> LKoLwwkHwjHmrCx9ob/L5jNtOiLeFAsN/Rvox8eLLCb2VRe90dkMKazAJCGT/Shf
> >>> DKRo4jlRCVqmHofc96+bWBGDGHvTT7xY3MZQYU9IEHIXSzAgxykXmyYSdIDm6bxk
> >>> tsladfGEpKNzpwQXbuzLFXjl0nd87P1ZcPh+cDprP4+b68knfAXDIF/ca7mVD00B
> >>> PTIUmXOSuvmYfhQyY4lurB3vjbWoJv06JkYJRe4luPyZiEulw7PNNPqR0BqR4vPX
> >>> R9VhOhDhXn1AJcF8urTMIwZ3tGyhwWbOjqOgAdI9jW4gTTtXqwwesWhjX0ZghzRf
> >>> Pqs9T7IrZ4pNvfHBETSc7JN/9kpspTEm/a2tUalEIKIErSxmaOAWUTethrjf3lyd
> >>> kNC30mma046jR7E4/ccB
> >>> =J3Tm
> >>> -----END PGP SIGNATURE-----
> >>> _______________________________________________
> >>> freebsd-announce em freebsd.org mailing list
> >>> http://lists.freebsd.org/mailman/listinfo/freebsd-announce
> >>> To unsubscribe, send any mail to "
> >>> freebsd-announce-unsubscribe em freebsd.org"
> >>>
>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
Mais detalhes sobre a lista de discussão freebsd