New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
It's time to update your OpenSSL libraries AGAIN
So... as the title says.
More info here - http://www.openssl.org/news/secadv_20140605.txt
Thanked by 1switsys
Comments
seems like updates did not hit centos repo yet. time to do mannual installation
Good that we use PolarSSL instead ....
Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1
the last update on cent brought it up to 1.0.1e-fips wonder if that is also vulnerable.
Not popular != not vulnerable.
debian wheezy did have an update, and it's 1.0.1e-something.
1.0.1e-2+deb7u10
from what I can see your only likely to be vulnerable to this if you did not update during heartbleed.
Also, it is a rather complicated setup which involves a lot of conditions. Sure, upgrade is needed, but very far from HB huge impact.
edit: it's now in at least some mirrors.
what do you mean AGAIN?...update is a very normal thing to do daily weekly monthly etc etc..dont tell me you are going to create a thread to update your antivirus AGAIN..
Agreed, however there is nonetheless a difference between a regular update and the frenzy a few weeks ago.
He tries to make the point openssl is insecure. I am not sure this is because it is insecure by design or the code is poorly written, or only by chance, after the hb bug people started to look closer maybe, it might be like with solus.
Thanks. Debian had the updated version, but like always, it doesn't like to restart the affected services.
rolls eyes
Centos has updated guys.
>
NSA backdoors
Or aliens.
Yeah that was my take on it. I saw the alert this morning and then read over some of the report. Don't think I'll be losing sleep over this one. If the first sign to you that something is wrong is the indication that a man in the middle attack is an active reality for you, and you need an OpenSSL error to tell you that, you probably aren't having a good day on average. Then again maybe the exploit adds more desire for people who actually are in the middle (read: shady providers) to perform MITM attacks I don't know. My mind just floats more toward virus infected local systems.