NetBSD 7.0.2 is here! This release fixes a number of small bugs that cropped up since 7.0.1. Most notably, OpenSSL updates from 1.0.1s to 1.0.1u, fixing a number of CVEs in the process. The official announcment and binary builds are now up on the site!
Although not really a proper security advisory because the base system appears to be safe( see my previous article, DROWN: Vunerable? Not exactly! ), installing some packages can make your NetBSD installs vulnerable to DROWN. By default, Apache 2.2 and a number of other packages enable SSLv2 and v3 out of the box, and without the … Continue reading Security Advisory: NetBSD upgrades to OpenSSL 1.0.1s
Apology from the Writer: Excuse the kitschy title image, but it really seems like everyone already thinks of SSL as little locks on the intertubes, so I really just had to go along with it! Public disclosure of the DROWN attack is a little over a week old now, but for the end user it can … Continue reading DROWN: Vulnerable? Not exactly!