Heartbleed bug - does it affect pfs 2.1?
-
I did a look around the interface and I don't see any references to package versions or anything like that.. i'm sure this would have come up if it was but I might as well ask.
http://heartbleed.com/
OpenVPN uses openSSL as far as I know, so.. affected or not?
-
Yes. An update is coming soon.
-
@cmb:
Yes. An update is coming soon.
In the form of a firmware update or..? what version will be the patched version?
-
update here. https://forum.pfsense.org/index.php?topic=74796.msg408899#msg408899
-
Just a reference for anyone searching the forums, the official reference for the bug is CVE-2014-0160
-
If pfsense 2.1 uses openssl-1.0.0_10 it shouldn't be affected by this bug. Isn't it?
-
If pfsense 2.1 uses openssl-1.0.0_10 it shouldn't be affected by this bug. Isn't it?
2.1 and 2.1.1 have vulnerable openssl versions.
https://pfsense.org/security/advisories/pfSense-SA-14_04.openssl.asc