Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed"

• Previous message (by thread): Anternet
• Next message (by thread): Serious bug in ubiquitous OpenSSL library: "Heartbleed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I'm really surprised no one has mentioned this here yet...

FYI,

- - ferg



Begin forwarded message:

> From: Rich Kulawiec <rsk at gsp.org> Subject: Serious bug in
> ubiquitous OpenSSL library: "Heartbleed" Date: April 7, 2014 at
> 9:27:40 PM EDT
> 
> This reaches across many versions of Linux and BSD and, I'd
> presume, into some versions of operating systems based on them.
> OpenSSL is used in web servers, mail servers, VPNs, and many other
> places.
> 
> Writeup: Heartbleed: Serious OpenSSL zero day vulnerability
> revealed 
> http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed-7000028166/
>
>  Technical details: Heartbleed Bug http://heartbleed.com/
> 
> OpenSSL versions affected (from link just above):  OpenSSL 1.0.1
> through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT
> vulnerable (released today, April 7, 2014) OpenSSL 1.0.0 branch is
> NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable
> 


- -- 
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlNDg9gACgkQKJasdVTchbIrAAD9HzKaElH1Tk0oIomAOoSOvfJf
3Dvt4QB54os4/yewQQ8A/0dhFZ/YuEdA81dkNfR9KIf1ZF72CyslSPxPvkDcTz5e
=aAzE
-----END PGP SIGNATURE-----

• Previous message (by thread): Anternet
• Next message (by thread): Serious bug in ubiquitous OpenSSL library: "Heartbleed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]