Bug 190802 - Metasploit Update to 4.9.3 [Addresses CVE-2014-0224]
Summary: Metasploit Update to 4.9.3 [Addresses CVE-2014-0224]
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Danilo Egea Gondolfo
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-06-08 19:36 UTC by tanawts
Modified: 2014-06-08 21:26 UTC (History)
1 user (show)

See Also:

Attachments
Patch file to update from 4.9.2 to 4.9.3 (1.20 KB, text/plain)
2014-06-08 19:36 UTC, tanawts 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description tanawts 2014-06-08 19:36:50 UTC 
Created attachment 143540 [details]
Patch file to update from 4.9.2 to 4.9.3

This updates Metasploit to 4.9.3.
 
This addresses CVE-2014-0224 (OpenSSL SSL/TLS MITM vulnerability).  All components have been recompiled with non-vulnerable versions of OpenSSL, including:
Nginx - OpenSSL 1.0.1h
Nmap - OpenSSL 1.0.1h
PostgreSQL - OpenSSL 1.0.1h
Ruby - OpenSSL 1.0.1h on Linux, OpenSSL 1.0.0m on Windows
Meterpreter Windows - OpenSSL 0.9.8za
Comment 1 commit-hook freebsd_committer freebsd_triage 2014-06-08 21:21:51 UTC 
A commit references this bug:

Author: danilo
Date: Sun Jun  8 21:21:33 UTC 2014
New revision: 357074
URL: http://svnweb.freebsd.org/changeset/ports/357074

Log:
  - Update from 4.9.2 to 4.9.3

  PR:		ports/190802
  Submitted by:	tanawts@gmail.com

Changes:
  head/security/metasploit/Makefile
  head/security/metasploit/distinfo
Comment 2 Danilo Egea Gondolfo freebsd_committer freebsd_triage 2014-06-08 21:26:03 UTC 
Committed with minimal changes. Thanks!