[Infowarrior] - Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
Richard Forno
rforno at infowarrior.org
Mon Apr 7 21:50:00 CDT 2014
Begin forwarded message:
> From: Rich Kulawiec <rsk at gsp.org>
> Subject: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
> Date: April 7, 2014 at 9:27:40 PM EDT
>
> This reaches across many versions of Linux and BSD and, I'd presume,
> into some versions of operating systems based on them. OpenSSL is
> used in web servers, mail servers, VPNs, and many other places.
>
> Writeup:
> Heartbleed: Serious OpenSSL zero day vulnerability revealed
> http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed-7000028166/
>
> Technical details:
> Heartbleed Bug
> http://heartbleed.com/
>
> OpenSSL versions affected (from link just above):
>
> OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
> OpenSSL 1.0.1g is NOT vulnerable (released today, April 7, 2014)
> OpenSSL 1.0.0 branch is NOT vulnerable
> OpenSSL 0.9.8 branch is NOT vulnerable
>
> Note that you can discern your OpenSSL version via:
>
> openssl version
>
> ---rsk
>
More information about the Infowarrior
mailing list