What versions of the OpenSSL are affected? Status of different versions:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT vulnerable OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable On Tue, Apr 8, 2014 at 11:48 PM, Bogi <khan...@shaw.ca> wrote: > I do understand that it is half of the problem, but it is also important to > know that most servers do not use the vulnerable package, they use an older > one afaik. > > Cheers > Sam > > On April 8, 2014 Tuesday 23:42:45 Anand Singh wrote: > > Just remember that patching your local installation doesn't make you safe > > from this exploit (unless you were patching a Mageia 4 server for the > > benefit of your users). On the upside, Theo has a remote hole to patch. > > > > Anand. > > > > On Tuesday, April 8, 2014, Bogi <khan...@shaw.ca> wrote: > > > Good, I have got it patched yesterday :-) > > > And OpenSSH today .... > > > > > > :-) > > > > > > Mageia 4 > > > > > > Cheers > > > Sam > > > > > > On April 8, 2014 Tuesday 22:17:34 Dafydd Crosby wrote: > > > > Just thought I'd pass along a problem that was discovered in OpenSSL > - > > > > http://heartbleed.com > > > > Basically, there's a bug in OpenSSL 1.0.1-1.0.1f that lets you pull > all > > > > sorts of stuff from an OpenSSL-based connection that uses SSL > > > > heartbeats. > > > > It's bad enough that I called my parents to tell them to hold off on > > > > > > online > > > > > > > banking until they can confirm the bank's have got it patched. > > > > > > > > -David > > > _______________________________________________ > clug-talk mailing list > clug-talk@clug.ca > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying >
_______________________________________________ clug-talk mailing list clug-talk@clug.ca http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
