OpenSSL vuln
jill
lists at bespokess.com
Tue Apr 8 10:00:34 MST 2014
Patches have been released overnight for:
CentOS 6.x: http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
RHEL 6.x: https://access.redhat.com/security/cve/CVE-2014-0160 https://rhn.redhat.com/errata/RHSA-2014-0376.html
Debian 7/Wheezy, 6/Squeeze via the security repo (make sure you have http://security.debian.org/ enabled): https://security-tracker.debian.org/tracker/CVE-2014-0160
Ubuntu 12.04, 12.10, 13.04: http://www.ubuntu.com/usn/usn-2165-1/
apt-get update / yum upgrade should do it.
Patch, patch, patch your servers, gently down the tubes... merrily, merrily, merrily, merrily, re-issue your certs.
Jill
On 2014-04-07 20:56, der.hans wrote:
>
> Based on the following page:
>
> OpenSSL heartbeat is enabled even if you're not using it unless you
> disabled it at compile time.
>
> The vulnerability has been in place for two years ( version 1.0.1 up until
> 1.0.1g that was just released ).
>
> It can be exploited to reveal your private key without leaving a trace.
>
> IDS can probably be configured to detect the attack.
>
> http://heartbleed.com/
>
> ciao,
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20140408/2a34de03/attachment.html>
More information about the PLUG-discuss
mailing list