Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: heartbleed OpenSSL bug CVE-2014-0160

From: Joerg Mertin <smurphy () solsys org>
Date: Tue, 08 Apr 2014 10:23:26 +0200
Ubuntu already has released:
http://www.ubuntu.com/usn/usn-2165-1/

My server updated during the night :}

On Monday 07 April 2014 23:09:58 David H wrote:

RHEL update just released, hopefully CentOS soon:
https://rhn.redhat.com/errata/RHSA-2014-0376.html


On Mon, Apr 7, 2014 at 8:10 PM, Kirils Solovjovs <

kirils.solovjovs () kirils com> wrote:

We are doomed.

Description: http://www.openssl.org/news/vulnerabilities.html
Article dedicated to the bug: http://heartbleed.com/
Tool to check if TLS heartbeat extension is supported:
http://possible.lv/tools/hb/

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64kB of memory to a connected client or
server.

1.0.1[ abcdef] affected.


P.S. Happy Monday!

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


-- 
A day without sunshine is like a day without Anita Bryant.
------------------------------------------------------------------------
Joerg Mertin in Clermont/France
Web: http://www.solsys.org
PGP: Public Key Server - Get "0x159DC660F946126F"


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: