The Heartbleed Bug is a serious vulnerability in OpenSSL (fwd)
Tim Tisdall
tisdall-DXT9u3ndKiSh7up9GtFB90EOCMrvLtNR at public.gmane.org
Wed Apr 9 14:29:14 UTC 2014
For anyone who wants to test their site: http://filippo.io/Heartbleed/
It seems to be limited, though.
On 8 April 2014 12:06, Digimer <lists-5ZoueyuiTZiw5LPnMra/2Q at public.gmane.org> wrote:
> CentOS, RHEL and Fedora updates came out last night, under 2 hours from
> the CVE to patch availability, I believe. Lots of folks pulled late nights
> yesterday...
>
> Note that anyon effected should replace their SSL certs. It's probably not
> a bad idea to update your passwords/keys of anything stored in memory, like
> LUKS encryption keys, SSL certs, etc.
>
>
> On 08/04/14 11:43 AM, D. Hugh Redelmeier wrote:
>
>> This bug is in all current Linux systems. It is serious.
>>
>> What should you do?
>> (1) Avoid things involving OpenSSL. You might not be using OpenSSL
>> anyway.
>> (2) Do updates in a day or so when the fixes ought to be out.
>>
>> More details:
>>
>> OpenSSL is a library used to for SSL and TLS, the crypto behind HTTPS
>> (secure web sites). And a bunch of other things.
>>
>> I think that Firefox and Chrome use a different implementation (NSS) and
>> should be safe. (Interestingly, Google announced recently that it
>> intends to migrate Chrome to OpenSSL.)
>>
>> OpenSSL typically would be used for server processes and a few clients
>> (mail server and client, web servers, OpenVPN, ...).
>>
>> Some things would be using GnuTLS instead of OpenSSL.
>>
>> Here are the not-yet-released Fedora updates:
>> https://admin.fedoraproject.org/updates/openssl/
>>
>> This is one Patch Tuesday we share with the Windows folk (and the last
>> one for WinXP).
>>
>> ---------- Forwarded message ----------
>> X-Spam-Level:
>> From: Edwin Chu <edwincheese-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
>> To: cryptography-of7zbby7T3pWk0Htik3J/w at public.gmane.org, cryptography-JWVWRpNfo5ceIZ0/mPfg9Q at public.gmane.org
>> Date: Mon, 7 Apr 2014 14:53:06 -0700
>> Subject: [Cryptography] The Heartbleed Bug is a serious vulnerability in
>> OpenSSL
>>
>> Hi
>>
>> A latest story for OpenSSL
>>
>> http://heartbleed.com/
>>
>> The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
>> cryptographic software library. This weakness allows stealing the
>> information protected, under normal conditions, by the SSL/TLS encryption
>> used to secure the Internet. SSL/TLS provides communication security and
>> privacy over the Internet for applications such as web, email, instant
>> messaging (IM) and some virtual private networks (VPNs).
>>
>> The Heartbleed bug allows anyone on the Internet to read the memory of the
>> systems protected by the vulnerable versions of the OpenSSL software. This
>> compromises the secret keys used to identify the service providers and to
>> encrypt the traffic, the names and passwords of the users and the actual
>> content. This allows attackers to eavesdrop communications, steal data
>> directly from the services and users and to impersonate services and
>> users.
>>
>>
>> ed
>> --
>> The Toronto Linux Users Group. Meetings: http://gtalug.org/
>> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
>> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>>
>>
>
> --
> Digimer
> Papers and Projects: https://alteeve.ca/w/
> What if the cure for cancer is trapped in the mind of a person without
> access to education?
>
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20140409/33545dec/attachment.html>
More information about the Legacy
mailing list