Serious bug in ubiquitous OpenSSL library: "Heartbleed"
Paul S.
contact at winterei.se
Wed Apr 9 12:21:50 UTC 2014
If you built anything against the vulnerable library (esp static linked
stuff), you'll need to rebuild those too.
On 4/8/2014 午後 09:18, David Hubbard wrote:
> Don't forget to restart every daemon that was using the old library as
> well, or just reboot.
>
> -----Original Message-----
> From: Peter Kristolaitis [mailto:alter3d at alter3d.ca]
> Sent: Tuesday, April 08, 2014 1:19 AM
> To: nanog at nanog.org
> Subject: Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
>
> Not just run the updates -- all private keys should be changed too, on
> the assumption that they've been compromised already. THAT is going to
> be the crappy part of this.
>
> - Pete
>
>
> On 4/8/2014 1:13 AM, David Hubbard wrote:
>> RHEL and CentOS both have patches out as of a couple hours ago, so run
>> those updates! CentOS' mirrors do not all have it yet, so if you are
>> updating, make sure you get the
>> 1.0.1e-16.el6_5.7 version and not older.
>>
>> David
>>
>> -----Original Message-----
>> From: Paul Ferguson [mailto:fergdawgster at mykolab.com]
>> Sent: Tuesday, April 08, 2014 1:07 AM
>> To: NANOG
>> Subject: Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> I'm really surprised no one has mentioned this here yet...
>>
>> FYI,
>>
>> - - ferg
>>
>>
>>
>> Begin forwarded message:
>>
>>> From: Rich Kulawiec <rsk at gsp.org> Subject: Serious bug in ubiquitous
>>> OpenSSL library: "Heartbleed" Date: April 7, 2014 at 9:27:40 PM EDT
>>>
>>> This reaches across many versions of Linux and BSD and, I'd presume,
>>> into some versions of operating systems based on them.
>>> OpenSSL is used in web servers, mail servers, VPNs, and many other
>>> places.
>>>
>>> Writeup: Heartbleed: Serious OpenSSL zero day vulnerability revealed
>>> http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerabilit
>>> y
>>> -revealed-7000028166/
>>>
>>> Technical details: Heartbleed Bug http://heartbleed.com/
>>>
>>> OpenSSL versions affected (from link just above): OpenSSL 1.0.1
>>> through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT
>>> vulnerable (released today, April 7, 2014) OpenSSL 1.0.0 branch is
>>> NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable
>>>
>> - --
>> Paul Ferguson
>> VP Threat Intelligence, IID
>> PGP Public Key ID: 0x54DC85B2
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.22 (MingW32)
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iF4EAREIAAYFAlNDg9gACgkQKJasdVTchbIrAAD9HzKaElH1Tk0oIomAOoSOvfJf
>> 3Dvt4QB54os4/yewQQ8A/0dhFZ/YuEdA81dkNfR9KIf1ZF72CyslSPxPvkDcTz5e
>> =aAzE
>> -----END PGP SIGNATURE-----
>>
>>
>>
>>
>
>
>
>
More information about the NANOG
mailing list