FYI
-------- Original Message -------- Subject: FLASH: Internet Storm Center Briefing on Today's OpenSSL Security Patches Date: Thu, 5 Jun 2014 14:37:10 +0000 From: SANS Institute sans@sans.org Reply-To: sans@sans.org
FLASH: Internet Storm Center Briefing on Today's OpenSSL Security Patches
Today, Thursday, June 05 at 12:00 PM EDT (16:00:00 UTC)
OpenSSL today released an critical update, patching 6 different vulnerabilities, one of which can lead to remote code execution. After heartbleed, system administrators are rightfully nervous about any new OpenSSL issues. In this webcast, we will discuss the impact of the vulnerabilities patched today, how to find out if you are vulnerable and which systems to patch first.
Register here: https://www.sans.org/webcasts/98445
********************
On Thu, Jun 05, 2014 at 09:51:09AM -0500, Steven Stern wrote:
OpenSSL today released an critical update, patching 6 different vulnerabilities, one of which can lead to remote code execution. After
Fedora has an update that should be rolling out soon.
On 05.06.2014, Matthew Miller wrote:
Fedora has an update that should be rolling out soon.
And while we are waiting: http://tinyurl.com/o3glbta
On Thu, Jun 05, 2014 at 09:00:50PM +0200, Heinz Diehl wrote:
On 05.06.2014, Matthew Miller wrote:
Fedora has an update that should be rolling out soon.
And while we are waiting: http://tinyurl.com/o3glbta
Updates for that issue (CVE-2014-3466) have been available for some time, I believe -- for example, gnutls-3.1.25-1.fc20.
On Thu, 5 Jun 2014 21:00:50 +0200 Heinz Diehl htd@fritha.org wrote:
On 05.06.2014, Matthew Miller wrote:
Fedora has an update that should be rolling out soon.
And while we are waiting: http://tinyurl.com/o3glbta
Thats talking about the gnutls bug a few days ago.
That update is already in fedora stable updates:
https://admin.fedoraproject.org/updates/FEDORA-2014-6891/gnutls-3.1.25-1.fc2... https://admin.fedoraproject.org/updates/FEDORA-2014-6881/gnutls-3.1.20-5.fc1...
kevin
On 05.06.2014, Kevin Fenzi wrote:
https://admin.fedoraproject.org/updates/FEDORA-2014-6881/gnutls-3.1.20-5.fc1...
Is the patch backported to that version? The bug is fixed in 3.1.25, but not in 3.1.20.
On Thu, 5 Jun 2014 21:26:21 +0200 Heinz Diehl htd@fritha.org wrote:
On 05.06.2014, Kevin Fenzi wrote:
https://admin.fedoraproject.org/updates/FEDORA-2014-6881/gnutls-3.1.20-5.fc1...
Is the patch backported to that version? The bug is fixed in 3.1.25, but not in 3.1.20.
Yes. The maintainer decided that backporting to the older version was better than updating a stable release. (I don't know off hand the changes between 3.1.20 and 3.1.25).
kevin
-
Heinz Diehl -
Kevin Fenzi -
Matthew Miller -
Paul W. Frields -
SternData