FreeBSD Project Discloses Security Breach
-
New from Slashdot about a security breach at FreeBSD.
http://it.slashdot.org/story/12/11/17/143219/freebsd-project-discloses-security-breach-via-stolen-ssh-key?utm_source=feedburnerGoogle+UK&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29&utm_content=Google+UKMore information here http://www.freebsd.org/news/2012-compromise.html
Does this affect pfsense, is there any action users need to take?
-
From FreeBSD:
If you are running a system that has had no third-party packages installed or updated on it between the 19th September and 11th November 2012, you have no reason to worry.
The Source, Ports and Documentation Subversion repositories have been audited, and we are confident that no changes have been made to them. Any users relying on them for updates have no reason to worry.
I'm only guessing, but I believe this means that the current stable release, 2.0.1, is safe.
http://www.freebsd.org/news/2012-compromise.html
-
A package set for the upcoming FreeBSD 9.1-RELEASE had been uploaded to the FTP distribution sites in preparation for 9.1-RELEASE. We are unable to verify the integrity of this package set, and therefore it has been removed and will be rebuilt. Please note that as these packages were for a future release, the standard "pkg_add -r" tools to install packages could not have downloaded these packages unless they were requested explicitly.
We can confirm that the freebsd-update binary upgrade mechanism is unaffected, as it uses an entirely separate infrastructure. We have also verified that the most recently-available portsnap snapshot matches the ports Subversion repository, and so can be fully trusted. Please note that as a precaution, newer portsnap snapshots are currently not being generated.
Looks like pfSense is safe. We will be watching for an update from the crew here however…
-
I can't speak for pfSense Admin but I seriously doubt it effects pfSense users.
Both my computers are FreeBSD 9.0-RELEASE-p3 boxes and it didn't effect me in any way. I use portsnap to install programs and freebsd-update to update them and neither of those were impacted by the breach. I wouldn't think my pfSense box would have been effected either.
-
Doesn't have any effect on anything we do or any of our users.
-
@cmb:
Doesn't have any effect on anything we do or any of our users.
Thanks just wanted to make sure.