[kwlug-disc] Heartbleed OpenSSL bug

CrankyOldBugger crankyoldbugger at gmail.com
Tue Apr 8 12:09:02 EDT 2014


I just ran apt-get update && apt-get dist-upgrade on my Ubuntu 13.10 laptop
and saw both openSSL client and server in the mix, so, as stated by the OP,
fixes are out there...



On 8 April 2014 11:54, Adam Glauser <adamglauser at gmail.com> wrote:

> On Tue, Apr 8, 2014 at 11:40 AM, L.D. Paniak <ldpaniak at fourpisolutions.com
> > wrote:
>
>> As many of you already know, there is a critical flaw in OpenSSL
>> versions 1.0.1-1.0.1f (and 1.0.2beta) which allows for attackers to
>> access server (and client) memory.
>
>
> Regarding client software:
> You can check Cygwin systems as follows: `cygcheck -l | grep cygssl`
> Firefox and Chrome/Chromium use NSS instead of OpenSSL, so are not
> vulnerable.
>
> Also, there is a command-line tester tool you can use to check your sites.
> [1] There is also a web tester at http://filippo.io/Heartbleed/, though
> it seems to be having load problems (surprise!).
>
> Does anyone know if Android apps typically provide their own SSL
> implementation? That is, does each app need updating?
>
> [1] https://github.com/FiloSottile/Heartbleed
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140408/b9609de2/attachment.html>


More information about the kwlug-disc mailing list