addressing the openssl problem

I've got a good number of BSD servers scattered about the network, all of which need to be patched for the March OpenSSL vulnerability.

looks like freebsd-update is not going to address this problem due to the versions I am currently running, so I have tried the manual patch process - my question is - is a reboot necessary? After the make portion of the patch process openssl version still indicates openssl not being up to date.

If this fails, looks like cvsup might be the answer...
 
I did - verbatim - the advisory does not say whether a reboot is necessary or not. following the make session though openssl version appears unchanged.
 
Does it state anywhere that the patch actually increases the version?
 
I was going by the openssl advisory:
http://www.openssl.org/news/secadv_20090325.txt

that states that the corrected version is 0.9.8k - none of my BSD boxes are showing that version whether I've done the patch or used cvsup to bring base up to latest RELENG

It would be nice if I could tell whether or not my openSSL is vulnerable without digging into the revision numbers in the source.

I've followed one of the two methods in http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc depending on the system, so now I just hope that does the trick.
 
FreeBSD's base system openssl is at 0.98e, I believe. The ports tree version of openssl is at 0.98k. I'm sure the patches in 0.98k have been backported to 0.98e, so you should be fine.
 
Back
Top