Serious OpenSSL vulnerability
Patrick O'Callaghan
pocallaghan at gmail.com
Tue Apr 8 10:00:03 UTC 2014
On Tue, 2014-04-08 at 10:55 +0100, Patrick O'Callaghan wrote:
> https://www.openssl.org/news/secadv_20140407.txt
>
> See also http://heartbleed.com/ and
> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
>
> This is potentially very serious and can cause leakage of private keys
> and other information.
>
> The current version of OpenSSL on Fedora (standard repos and Koji) is
> 1.0.1e, which has this vulnerability. An upgrade to 1.0.1g should be
> provided urgently.
Correction: a patched version of 1.0.1e is available on Koji
http://koji.fedoraproject.org/koji/buildinfo?buildID=509741 Presumably
it will make its way to the repos.
poc
More information about the users
mailing list