[wplug] Critical OpenSSL Bug "Heartbleed"
Martin James Gehrke
martin at teamgehrke.com
Tue Apr 8 21:59:55 EDT 2014
Run the command:
openssl version
to get the version number of openssh. If the command shows e.g.:
openssl version
OpenSSL 1.0.1e 11 Feb 2013
then your server might be vulnerable as the version is below 1.0.1g. But
some Linux distributions patch packages, see below for instructions to find
out if the package on your server has been patched.
If your server uses a 0.9.8 release like it is used on Debian squeeze, then
the server is not vulnerable as the heartbeat function has been implemented
in OpenSSL 1.0.1 and later versions only.
openssl version
OpenSSL 0.9.8o 01 Jun 2010
*http://www.howtoforge.com/find_out_if_server_is_affected_from_openssl_heartbleed_vulnerability_cve-2014-0160_and_how_to_fix
<http://www.howtoforge.com/find_out_if_server_is_affected_from_openssl_heartbleed_vulnerability_cve-2014-0160_and_how_to_fix>*
On Tue, Apr 8, 2014 at 4:25 PM, Bobbie Lynn Eicher
<bobbie.eicher at gmail.com>wrote:
> For anyone who hasn't seen the news yet, this is important.
>
> The short version is that they located a VERY serious bug in OpenSSL that
> could reveal things like login credentials and encryption keys.
>
> A lot of people are going to need new passwords, and a lot of servers are
> going to need new security certificates.
>
> http://heartbleed.com/
>
> A security researcher demonstrated on Yahoo Mail:
>
> http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
More information about the wplug
mailing list