Welcome to ftp.nluug.nl Current directory: /ftp/pub/NetBSD/misc/heartbleed/ |
|
Contents of README:Binary patches for the "Heartbleed" OpenSSL vulnerability. 9 April 2014 ========================================================== Background ---------- On 7 April 2014, a serious vulnerability in OpenSSL was announced. It's being called the "Heartbleed" bug, and has identifier CVE-2014-1060. See <http://heartbleed.com>. OpenSSL versions from 1.0.1 to 1.0.1f are vulberable, and version 1.0.1g is fixed. Affected versions of NetBSD --------------------------- NetBSD-5.0 and older: Not affected, because these versions of NetBSD contain older versions of OpenSSL. NetBSD-6.0 branch: Versions from 6.0 to 6.0.4 are affected. The files in this directory apply to these versions. NetBSD 6.0.5 will contain OpenSSL version 1.0.1g, which is fixed. NetBSD-6.1 branch: Versions from 6.1 to 6.1.3 are affected. The files in this directory apply to these versions. NetBSD 6.1.4 will contain OpenSSL version 1.0.1g, which is fixed. NetBSD-current: NetBSD-current versions from June 2011 until 8 April 2014 contain vulnerable versions of OpenSSL 1.0.1. Users of NetBSD-current should update their systems from source. Pkgsrc: Pkgsrc versions of OpenSSL from openssl-1.0.1 to openssl-1.0.1fnb1 are vulnerable. Pkgsrc openssl-1.0.1g is fixed. Regardless of what version of NetBSD you use, if you are using a version of OpenSSL from pkgsrc, then you should update to pkgsrc openssl-1.0.1g or later. These files ----------- The files in this directory apply to NetBSD versions from 6.0 to 6.0.4, and 6.1 to 6.1.3, as well as any systems built from a netbsd-6* branch before 8 April 2014. These files contain libcrypto.8.2 and libssl.10.3 for NetBSD 6.X systems, which should patch the "heartbleed" OpenSSL vulnerability. SHA512 and MD5 checksums are included - please verify them before installing. PLEASE make sure to grab the right one for your architecture, which in most cases is indicated by the output of "uname -m". To apply, untar as root as follows: # cd / # tar xpzf /path/to/file.tgz ...and then verify that "openssl version" shows the new libs in use: # openssl version WARNING: can't open config file: /etc/openssl/openssl.cnf OpenSSL 1.0.1c 10 May 2012 (Library: OpenSSL 1.0.1g 7 Apr 2014) # You will then need to restart any webservers or anything else using OpenSSL. NOTE: it is recommended to upgrade to NetBSD 6.0.5, or 6.1.4, or 6.2, when they become available. |
Name Last modified Size
Parent Directory - MD5 09-Apr-2014 00:06 4.2K MD5.asc 09-Apr-2014 22:43 819 README 09-Apr-2014 16:17 2.3K SHA512 09-Apr-2014 00:06 9.8K SHA512.asc 09-Apr-2014 22:43 819 netbsd6-acorn26-heartbleedfix.tgz 08-Apr-2014 23:56 4.1M netbsd6-acorn32-heartbleedfix.tgz 08-Apr-2014 23:57 4.1M netbsd6-algor-heartbleedfix.tgz 08-Apr-2014 23:57 3.7M netbsd6-alpha-heartbleedfix.tgz 08-Apr-2014 23:57 6.1M netbsd6-amd64-heartbleedfix.tgz 08-Apr-2014 23:57 4.5M netbsd6-amiga-heartbleedfix.tgz 08-Apr-2014 23:57 3.7M netbsd6-amigappc-heartbleedfix.tgz 08-Apr-2014 23:57 4.8M netbsd6-arc-heartbleedfix.tgz 08-Apr-2014 23:57 3.7M netbsd6-atari-heartbleedfix.tgz 08-Apr-2014 23:57 3.7M netbsd6-bebox-heartbleedfix.tgz 08-Apr-2014 23:57 4.8M netbsd6-cats-heartbleedfix.tgz 08-Apr-2014 23:58 4.1M netbsd6-cesfic-heartbleedfix.tgz 08-Apr-2014 23:58 3.7M netbsd6-cobalt-heartbleedfix.tgz 08-Apr-2014 23:58 3.7M netbsd6-dreamcast-heartbleedfix.tgz 08-Apr-2014 23:58 4.2M netbsd6-emips-heartbleedfix.tgz 08-Apr-2014 23:58 3.8M netbsd6-evbarm-heartbleedfix.tgz 08-Apr-2014 23:58 4.1M netbsd6-evbmips-mips64eb-heartbleedfix.tgz 08-Apr-2014 23:58 3.7M netbsd6-evbmips-mips64el-heartbleedfix.tgz 08-Apr-2014 23:59 3.7M netbsd6-evbmips-mipsel-heartbleedfix.tgz 08-Apr-2014 23:59 3.7M netbsd6-evbppc-heartbleedfix.tgz 08-Apr-2014 23:59 4.8M netbsd6-evbsh3-sh3eb-heartbleedfix.tgz 08-Apr-2014 23:59 4.3M netbsd6-evbsh3-sh3el-heartbleedfix.tgz 08-Apr-2014 23:59 4.2M netbsd6-ews4800mips-heartbleedfix.tgz 08-Apr-2014 23:59 3.8M netbsd6-hp300-heartbleedfix.tgz 08-Apr-2014 23:59 3.7M netbsd6-hp700-heartbleedfix.tgz 08-Apr-2014 23:59 5.0M netbsd6-hpcarm-heartbleedfix.tgz 09-Apr-2014 00:00 4.1M netbsd6-hpcmips-heartbleedfix.tgz 09-Apr-2014 00:00 3.7M netbsd6-hpcsh-heartbleedfix.tgz 09-Apr-2014 00:00 4.2M netbsd6-i386-heartbleedfix.tgz 09-Apr-2014 00:00 3.9M netbsd6-ibmnws-heartbleedfix.tgz 09-Apr-2014 00:00 4.8M netbsd6-iyonix-heartbleedfix.tgz 09-Apr-2014 00:00 4.1M netbsd6-landisk-heartbleedfix.tgz 09-Apr-2014 00:01 4.2M netbsd6-luna68k-heartbleedfix.tgz 09-Apr-2014 00:01 3.7M netbsd6-mac68k-heartbleedfix.tgz 09-Apr-2014 00:01 3.7M netbsd6-macppc-heartbleedfix.tgz 09-Apr-2014 00:01 4.8M netbsd6-mipsco-heartbleedfix.tgz 09-Apr-2014 00:01 3.8M netbsd6-mmeye-heartbleedfix.tgz 09-Apr-2014 00:01 4.3M netbsd6-mvme68k-heartbleedfix.tgz 09-Apr-2014 00:01 3.7M netbsd6-mvmeppc-heartbleedfix.tgz 09-Apr-2014 00:01 4.8M netbsd6-netwinder-heartbleedfix.tgz 09-Apr-2014 00:02 4.1M netbsd6-news68k-heartbleedfix.tgz 09-Apr-2014 00:02 3.7M netbsd6-newsmips-heartbleedfix.tgz 09-Apr-2014 00:02 3.8M netbsd6-next68k-heartbleedfix.tgz 09-Apr-2014 00:02 3.7M netbsd6-ofppc-heartbleedfix.tgz 09-Apr-2014 00:02 4.8M netbsd6-pmax-heartbleedfix.tgz 09-Apr-2014 00:02 3.7M netbsd6-prep-heartbleedfix.tgz 09-Apr-2014 00:02 4.8M netbsd6-rs6000-heartbleedfix.tgz 09-Apr-2014 00:03 4.8M netbsd6-sandpoint-heartbleedfix.tgz 09-Apr-2014 00:03 4.8M netbsd6-sbmips-mipseb-heartbleedfix.tgz 09-Apr-2014 00:03 3.8M netbsd6-sbmips-mipsel-heartbleedfix.tgz 09-Apr-2014 00:03 3.7M netbsd6-sgimips-heartbleedfix.tgz 09-Apr-2014 00:03 3.8M netbsd6-shark-heartbleedfix.tgz 09-Apr-2014 00:03 4.1M netbsd6-sparc-heartbleedfix.tgz 09-Apr-2014 00:03 4.3M netbsd6-sparc64-heartbleedfix.tgz 09-Apr-2014 00:04 4.7M netbsd6-sun3-heartbleedfix.tgz 09-Apr-2014 00:04 3.7M netbsd6-vax-heartbleedfix.tgz 09-Apr-2014 00:04 2.7M netbsd6-x68k-heartbleedfix.tgz 09-Apr-2014 00:04 3.7M netbsd6-zaurus-heartbleedfix.tgz 09-Apr-2014 00:04 4.1M
NLUUG - Open Systems. Open Standards
Become a member
and get discounts on conferences and more, see the NLUUG website!