[kwlug-disc] Heartbleed OpenSSL bug
hubert
hubert at uhoreg.ca
Tue Apr 8 12:17:51 EDT 2014
On Tue, 08 Apr 2014 11:40:42 -0400, "L.D. Paniak" <ldpaniak at fourpisolutions.com> said:
> As many of you already know, there is a critical flaw in OpenSSL
> versions 1.0.1-1.0.1f (and 1.0.2beta) which allows for attackers to
> access server (and client) memory. This version of OpenSSL is present
> in Ubuntu 12.04-present, Debian Wheezy, CentOS6.5 and newer BSDs among
> others and should be fixed ASAP - including regeneration of SSL keys
> and restarting of dependent services. Patched openssl packages are
> available for Debian (not for Jessie?) and Ubuntu systems.
For Debian Jessie, you should be able to just download the 1.0.1g
package for sid from here: https://packages.debian.org/sid/libssl1.0.0
More information about the kwlug-disc
mailing list