[kwlug-disc] Heartbleed OpenSSL bug

L.D. Paniak ldpaniak at fourpisolutions.com
Tue Apr 8 11:40:42 EDT 2014


As many of you already know, there is a critical flaw in OpenSSL
versions 1.0.1-1.0.1f (and 1.0.2beta) which allows for attackers to
access server (and client) memory.  This version of OpenSSL is present
in Ubuntu 12.04-present, Debian Wheezy, CentOS6.5 and newer BSDs among
others and should be fixed ASAP - including regeneration of SSL keys and
restarting of dependent services.  Patched openssl packages are
available for Debian (not for Jessie?) and Ubuntu systems.

Links:
http://heartbleed.com/
http://askubuntu.com/questions/444702/how-to-patch-cve-2014-0160-in-openssl
http://www.ubuntu.com/usn/usn-2165-1/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743883




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140408/e8a22fc5/attachment.bin>


More information about the kwlug-disc mailing list