[Ukfreebsd] PCI vulnerability in OpenSSL 0.9.8e

O'Connor, Kevin KevinO'Connor at merseyfire.gov.uk
Wed Nov 7 11:02:31 GMT 2012 

Mervyn,

FreeBSD 7.1 went EOL 28th Feb 2011. This means that there has been no
security patches since then.
OpenSSL is currently 1.0.1_4

However I think if you try to run portsnap on that box to update the
installed software you will find lots of stuff might break.

Can I suggest you read the hand book on using freebsd-update to bring
the system up to 8.3 which will be supported until April 2014

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-upgra
ding.html


Regards

Kevin

-----Original Message-----
From: ukfreebsd-bounces at uk.freebsd.org
[mailto:ukfreebsd-bounces at uk.freebsd.org] On Behalf Of Mervyn Passmore
Sent: 07 November 2012 09:41
To: ukfreebsd at uk.freebsd.org
Subject: [Ukfreebsd] PCI vulnerability in OpenSSL 0.9.8e

My site has failed the PCI scan due to a' PCI vulnerability in OpenSSL
0.9.8e'. Their solution seems to be to upgrade to 0.9.8x but I was not
aware of having installed OpenSSL in the first place. Perhaps my Apache
2.2.22 did this or did it come with my FreeBSD 7.1?

 

Do I simply install the latest OpenSSL from my updated ports collection
or do I need to install a later version of Apache?  Help appreciated, 

Mervyn

 

_______________________________________________
Ukfreebsd mailing list
Ukfreebsd at uk.freebsd.org
http://mailman.uk.freebsd.org/mailman/listinfo/ukfreebsd
UK BSD Groups http://www.bsdgroups.org.uk Hosted by EXOnetric
http://www.exonetric.net
This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
If you have received this e-mail in error please notify the originator of the message. 

Any views expressed in this message are those of the individual sender, except where the sender specifies and with authority, states them to be the views of Merseyside Fire & Rescue Service, (MFRS).

Incoming and outgoing emails may be monitored in line with current legislation.

Steps have been taken to ensure that this email and attachments are free from any virus.  In keeping with good computing practice the recipient should ensure they are actually virus free.

http://www.merseyfire.gov.uk/

More information about the Ukfreebsd mailing list