FreeBSD includes software from the OpenSSL project. A flaw in the OpenSSL handling of OCSP response verification could be exploited,to cause a denial of service attack.
The original topic from Security Advisory can be checked here.
It explains the problem and how to fix the source code of your current installation.
I used the second solution which is “To update your vulnerable system via a source code patch:” a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
1 2 3 4 5 6 7 8 9 | |
I’m using RELEASE-9.0 at the time of this writing, so I used the first method.
If you don’t have PGP installed yet, you will have to get GNUPG using the following commands,
1 2 3 4 5 6 | |
You also need to download the Security Officer PGP Key and import it.
1 2 | |
Now you have the Security Advisor publick key installed, you can go ahead and verify the downloaded patch using the gpg —verify command,
You made it that far, now apply the patch (in my case it was located in my home directory), b) Execute the following commands as root:
1 2 | |
Then buildworld and installworld (for more info consult the Handbook)
This will take a while, so go pray or read a book =)
1 2 3 | |
Now you need to restart your machine,
1
| |
That’s all folks.
P.S Consult the original topic: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:03.openssl.asc