[wplug] Critical OpenSSL Bug "Heartbleed"
Brad Chamberlin
brad.chamberlin at gmail.com
Tue Apr 8 23:42:54 EDT 2014
https://www.ssllabs.com/ is now testing for this.
On Tue, Apr 8, 2014 at 9:59 PM, Martin James Gehrke
<martin at teamgehrke.com>wrote:
> Run the command:
>
> openssl version
>
> to get the version number of openssh. If the command shows e.g.:
>
> openssl version
> OpenSSL 1.0.1e 11 Feb 2013
>
> then your server might be vulnerable as the version is below 1.0.1g. But
> some Linux distributions patch packages, see below for instructions to find
> out if the package on your server has been patched.
>
> If your server uses a 0.9.8 release like it is used on Debian squeeze, then
> the server is not vulnerable as the heartbeat function has been implemented
> in OpenSSL 1.0.1 and later versions only.
>
> openssl version
> OpenSSL 0.9.8o 01 Jun 2010
>
>
> *
> http://www.howtoforge.com/find_out_if_server_is_affected_from_openssl_heartbleed_vulnerability_cve-2014-0160_and_how_to_fix
> <
> http://www.howtoforge.com/find_out_if_server_is_affected_from_openssl_heartbleed_vulnerability_cve-2014-0160_and_how_to_fix
> >*
>
>
> On Tue, Apr 8, 2014 at 4:25 PM, Bobbie Lynn Eicher
> <bobbie.eicher at gmail.com>wrote:
>
> > For anyone who hasn't seen the news yet, this is important.
> >
> > The short version is that they located a VERY serious bug in OpenSSL that
> > could reveal things like login credentials and encryption keys.
> >
> > A lot of people are going to need new passwords, and a lot of servers are
> > going to need new security certificates.
> >
> > http://heartbleed.com/
> >
> > A security researcher demonstrated on Yahoo Mail:
> >
> >
> http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/
> > _______________________________________________
> > wplug mailing list
> > wplug at wplug.org
> > http://www.wplug.org/mailman/listinfo/wplug
> >
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
More information about the wplug
mailing list