Serious OpenSSL vulnerability
Patrick O'Callaghan
pocallaghan at gmail.com
Tue Apr 8 09:55:39 UTC 2014
https://www.openssl.org/news/secadv_20140407.txt
See also http://heartbleed.com/ and
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
This is potentially very serious and can cause leakage of private keys
and other information.
The current version of OpenSSL on Fedora (standard repos and Koji) is
1.0.1e, which has this vulnerability. An upgrade to 1.0.1g should be
provided urgently.
poc
More information about the users
mailing list