While LibreSSL is still in heavy development, the OpenBSD project considers that it is suitable for use as a substitute. The OpenSSL vulnerability, which came to be known as Heartbleed, was discovered by security researchers in April.
The bug allowed anyone on the internet to read the memory of systems protected by the vulnerable versions of OpenSSL software. This compromised the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content and allowed attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
When OpenBSD began the process of forking the OpenSSL codebase, OpenBSD founder Theo de Raadt said, "We make no promises to anyone else at this point. The codebase we are starting from is very bad. We are first trying to make this fit for our own purposes, then more generally fit for purpose. Current OpenSSL does not meet that standard by any stretch of the imagination."
|
The release still includes MySQL as the database and has recent versions of the GNOME and KDE desktop environments.
OpenBSD is unique in one respect - every release has an accompanying song. The melody for 5.6 is here.
OpenBSD is a UNIX-like operating system that has a very good reputation for security; it runs some of the websites with the longest uptimes. The project also produces a version of SSH which is used very widely, on all operating systems.
Image shows the logo for OpenBSD version 5.6 and is courtesy the OpenBSD project.