[afnog] Time to update openssl
Seun Ojedeji
seun.ojedeji at gmail.com
Tue Apr 8 04:49:10 UTC 2014
Status of different versions:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
What I find interesting is that older versions are safe, perhaps a
disadvantage for doing updates ;) but again one may argue that the older
version are not necessarily free of other known bugs.
Thanks for the share Phil. I hope this updates will have been ported to all
the destro package source.... wew!
Cheers!
sent from Google nexus 4
kindly excuse brevity and typos.
On 7 Apr 2014 23:26, "Phil Regnauld" <regnauld at nsrc.org> wrote:
> http://heartbleed.com
>
> The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
> cryptographic software library. This weakness allows stealing the
> information protected, under normal conditions, by the SSL/TLS
> encryption used to secure the Internet. SSL/TLS provides communication
> security and privacy over the Internet for applications such as web,
> email, instant messaging (IM) and some virtual private networks (VPNs).
>
> The Heartbleed bug allows anyone on the Internet to read the memory
> of the systems protected by the vulnerable versions of the OpenSSL
> software. This compromises the secret keys used to identify the service
> providers and to encrypt the traffic, the names and passwords of the
> users and the actual content. This allows attackers to eavesdrop
> communications, steal data directly from the services and users and to
> impersonate services and users.
>
>
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20140408/ce8860fe/attachment.html>
More information about the afnog
mailing list