| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Apr 2014 00:52:29 -0700 From: Tim Heckman <tim+fd@...erduty.com> To: Douglas Held <risk@...glasheld.net> Cc: fulldisclosure@...lists.org, gb@...rau.lc Subject: Re: [FD] ldd for OS X WAS:Auditing systems for vulnerable 3rd-party OpenSSL (Gabriel Brezi) There are quite a few Homebrew[1] formula that depend on OpenSSL. They may be vulnerable to Heartbleed on OS X if 'brew update && brew upgrade' hasn't been ran and the machine rebooted. Attached at the bottom of this email[2] is the full list of the formula that depend on OpenSSL for one reason or another. Cheers! -Tim --- Tim Heckman Operations Engineer PagerDuty, Inc. [1] http://brew.sh/ [2] bind curl curl ejabberd elinks git imapfilter ircd-hybrid irssi ldns lftp liblacewing libssh2 libtorrent-rasterbar lynx midnight-commander mongodb monkeysphere mosquitto mutt mysql neon nginx nmap openconnect openlitespeed ori osslsigncode psqlodbc python python3 rtmpdump ruby-build ruby sipp spdylay strongswan stunnel subversion tomcat-native tor wget wrk zbackup On Wed, Apr 16, 2014 at 11:29 PM, Douglas Held <risk@...glasheld.net> wrote: > Hi Gabriel, > > In OS X there is no 'ldd' command. Instead, the synonym is: > > #!/bin/bash > /usr/bin/otool -L "$1" > > Also, I think you will find up to the latest OS X version (10.9.2 ?) the > bundled Openssl version is 0.9.8y. So, safe from Heartbleed unless the user > has installed a different openssl. > > Doug > risk@...glasheld.net > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists