[FUG-BR] [Fwd: [FreeBSD-Announce] HEADSUP! OpenSSL "Heartbleed" bug]
Renato Botelho
rbgarga em gmail.com
Quarta Abril 9 12:16:54 BRT 2014
On Qua, 2014-04-09 at 09:04 -0300, Welkson Renny de Medeiros wrote:
> 2014-04-08 18:24 GMT-03:00 Renato Botelho <rbgarga at gmail.com>:
>
> > -------- Forwarded Message --------
> > From: FreeBSD Security Officer <security-officer at freebsd.org>
> > Reply-to: freebsd-security at freebsd.org
> > To: FreeBSD Security Advisories <security-advisories at freebsd.org>
> > Subject: [FreeBSD-Announce] HEADSUP! OpenSSL "Heartbleed" bug
> > Date: Tue, 8 Apr 2014 20:42:29 GMT
> >
> > Hi,
> >
> > This is a heads-up for the OpenSSL "Heartbleed" bug.
> >
> > FreeBSD port security/openssl have been patched on 2014-04-07 21:46:40
> > UTC (head, r350548) and 2014-04-07 21:48:07 UTC (branches/2014Q2, r350549).
> >
> > FreeBSD base system have been patched on 2014-04-08 18:27:32 UTC (head,
> > r264265), 2014-04-08 18:27:39 UTC (stable/10, r264266), 2014-04-08
> > 18:27:46 UTC (releng/10.0, r264267). The update is available with
> > freebsd-update. All other supported FreeBSD branches are not affected
> > by this issue.
> >
>
>
> Quando vi o anúncio dessa falha não dei a devida importância, mas ontem já
> deu para perceber o tamanho do estrago. Conseguiram capturar diversas
> senhas de usuários do Yahoo, etc.
>
> Estava conferindo a versão do OpenSSL no meu sistema:
>
> % openssl version -v
>
> OpenSSL 0.9.8x 10 May 2012
Só confere se vc não tem outro openssl instalado via ports
no /usr/local, se tiver, basta atualizar ele pra 1.0.1.g e re-gerar
possiveis certificados gerados com ele.
--
Renato Botelho
Mais detalhes sobre a lista de discussão freebsd