Heartbleed bug - does it affect pfs 2.1?

dmad

I did a look around the interface and I don't see any references to package versions or anything like that.. i'm sure this would have come up if it was but I might as well ask.

http://heartbleed.com/

OpenVPN uses openSSL as far as I know, so.. affected or not?

cmb

Yes. An update is coming soon.

dmad

@cmb:

Yes. An update is coming soon.

In the form of a firmware update or..? what version will be the patched version?

cmb

update here. https://forum.pfsense.org/index.php?topic=74796.msg408899#msg408899

sheepthief

Just a reference for anyone searching the forums, the official reference for the bug is CVE-2014-0160

ncolunga

If pfsense 2.1 uses openssl-1.0.0_10 it shouldn't be affected by this bug. Isn't it?

cmb

@ncolunga:

If pfsense 2.1 uses openssl-1.0.0_10 it shouldn't be affected by this bug. Isn't it?

2.1 and 2.1.1 have vulnerable openssl versions.
https://pfsense.org/security/advisories/pfSense-SA-14_04.openssl.asc