LUG Castegnato - Linux Users Group Castegnato / i siti colpiti dal BUGS openSSL -- ATTENZIONE controllate bene

LUG Castegnato - Linux Users Group Castegnato

Linux User Group Castegnato - BS

Non hai eseguito l'accesso.

#1 12-04-2014 10:38:18

Ken Parker
Moderator
Registrato: 14-03-2008
Messaggi: 736
Sito web

i siti colpiti dal BUGS openSSL -- ATTENZIONE controllate bene

OpenSSL Security Advisory [07 Apr 2014]
========================================

TLS heartbeat read overrun (CVE-2014-0160)
==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.

Vulnerable OpenSSL versions are those from 1.0.1 to 1.0.1f inclusive. Version 1.0.1g and forward contain the fix. Other versions of OpenSSL not in the 1.0.1 release branch, such as 1.0.0 or 0.9.8 are not vulnerable.



http://www.cnet.com/how-to/which-sites- … bleed-bug/


Coltiva Linux, perchč Windows si pianta da solo

Non in linea

 

Footer forum

Powered by PunBB
© Copyright 2002–2008 PunBB