<p dir="ltr">Status of different versions:</p>
<p dir="ltr">OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable<br>
OpenSSL 1.0.1g is NOT vulnerable<br>
OpenSSL 1.0.0 branch is NOT vulnerable<br>
OpenSSL 0.9.8 branch is NOT vulnerable</p>
<p dir="ltr">What I find interesting is that older versions are safe, perhaps a disadvantage for doing updates ;) but again one may argue that the older version are not necessarily free of other known bugs. </p>
<p dir="ltr">Thanks for the share Phil. I hope this updates will have been ported to all the destro package source.... wew!</p>
<p dir="ltr">Cheers!</p>
<p dir="ltr">sent from Google nexus 4<br>
kindly excuse brevity and typos.</p>
<div class="gmail_quote">On 7 Apr 2014 23:26, "Phil Regnauld" <<a href="mailto:regnauld@nsrc.org">regnauld@nsrc.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<a href="http://heartbleed.com" target="_blank">http://heartbleed.com</a><br>
<br>
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL<br>
cryptographic software library. This weakness allows stealing the<br>
information protected, under normal conditions, by the SSL/TLS<br>
encryption used to secure the Internet. SSL/TLS provides communication<br>
security and privacy over the Internet for applications such as web,<br>
email, instant messaging (IM) and some virtual private networks (VPNs).<br>
<br>
The Heartbleed bug allows anyone on the Internet to read the memory<br>
of the systems protected by the vulnerable versions of the OpenSSL<br>
software. This compromises the secret keys used to identify the service<br>
providers and to encrypt the traffic, the names and passwords of the<br>
users and the actual content. This allows attackers to eavesdrop<br>
communications, steal data directly from the services and users and to<br>
impersonate services and users.<br>
<br>
<br>
<br>
_______________________________________________<br>
afnog mailing list<br>
<a href="http://afnog.org/mailman/listinfo/afnog" target="_blank">http://afnog.org/mailman/listinfo/afnog</a><br>
</blockquote></div>