[kwlug-disc] Heartbleed OpenSSL bug

hubert hubert at uhoreg.ca
Tue Apr 8 12:17:51 EDT 2014


On Tue, 08 Apr 2014 11:40:42 -0400, "L.D. Paniak" <ldpaniak at fourpisolutions.com> said:

> As many of you already know, there is a critical flaw in OpenSSL
> versions 1.0.1-1.0.1f (and 1.0.2beta) which allows for attackers to
> access server (and client) memory.  This version of OpenSSL is present
> in Ubuntu 12.04-present, Debian Wheezy, CentOS6.5 and newer BSDs among
> others and should be fixed ASAP - including regeneration of SSL keys
> and restarting of dependent services.  Patched openssl packages are
> available for Debian (not for Jessie?) and Ubuntu systems.

For Debian Jessie, you should be able to just download the 1.0.1g
package for sid from here: https://packages.debian.org/sid/libssl1.0.0




More information about the kwlug-disc mailing list