Your server talks spdy. Have you upgraded mod_spdy to 0.9.4.2? (for mod_spy you need an Apache HTTP Server 2.4.X, in squeeze there is only 2.2.16 ...)
> Gesendet: Freitag, 11. April 2014 um 17:26 Uhr > Von: daniel <dan...@noflag.org.uk> > An: debian-security@lists.debian.org > Cc: "- Noflag" <ad...@lists.noflag.org.uk> > Betreff: Re: [SECURITY] [DSA 2896-1] openssl security update > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Dear all, > > We are very concerned about the 'Heartbeat' security problem which has > been discovered with OpenSSL. Thanks to our out-of-date old-stable > version of debian, we are using: > > openssl 0.9.8o-4squeeze14 > > This page also claims debian 6 (which we use) is unaffected: > https://www.digitalocean.com/community/articles/how-to-protect-your-server-against-the-heartbleed-openssl-vulnerability > > as does the text of the DSA below. > > However, both of the heartbeat vulnerability checkers we have used have > told us that they were able to successfully exploit this vulnerability > against our site: > > http://filippo.io/Heartbleed/#noflag.org.uk > https://www.ssllabs.com/ssltest/analyze.html?d=noflag.org.uk > > What could be going on here? > > Thanks in advance for all your help, > > Daniel > > Salvatore Bonaccorso wrote: > > ------------------------------------------------------------------------- > > > > > Debian Security Advisory DSA-2896-1 secur...@debian.org > > http://www.debian.org/security/ Salvatore > > Bonaccorso April 07, 2014 > > http://www.debian.org/security/faq > > ------------------------------------------------------------------------- > > > > Package : openssl CVE ID : CVE-2014-0160 Debian Bug > > : 743883 > > > > A vulnerability has been discovered in OpenSSL's support for the > > TLS/DTLS Hearbeat extension. Up to 64KB of memory from either client > > or server can be recovered by an attacker This vulnerability might > > allow an attacker to compromise the private key and other sensitive > > data in memory. > > > > All users are urged to upgrade their openssl packages (especially > > libssl1.0.0) and restart applications as soon as possible. > > > > According to the currently available information, private keys should > > be considered as compromised and regenerated as soon as possible. > > More details will be communicated at a later time. > > > > The oldstable distribution (squeeze) is not affected by this > > vulnerability. > > > > For the stable distribution (wheezy), this problem has been fixed in > > version 1.0.1e-2+deb7u5. > > > > For the testing distribution (jessie), this problem has been fixed > > in version 1.0.1g-1. > > > > For the unstable distribution (sid), this problem has been fixed in > > version 1.0.1g-1. > > > > We recommend that you upgrade your openssl packages. > > > > Further information about Debian Security Advisories, how to apply > > these updates to your system and frequently asked questions can be > > found at: http://www.debian.org/security/ > > > > Mailing list: debian-security-annou...@lists.debian.org > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.19 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBCgAGBQJTSAmqAAoJEJhsX8U2K7jUaD0H/2FUZIr4qKST1NCAKrgjP53V > jQknF8erQrGhUrP1hKE2FckuKJljeUAv6rUEVJCiuEPWmCgL08Eoy1SZuIG2S72q > vRbfyYaIz2GKVoGdbkW0GMe963mLUhJ1H5PdcPrsApUZ9AcwQPYKGqLx4/TTrOsB > nbr19ELLQbZCfE8SsUuMDpy/bHeF3c9gb5iUhcnpow6KIjzYGKaJfhiV6HxVlkDX > krdkegdOUn2wKu/deLoARpMqyz6a7son8YcbQ71/XIogtGnxY0L4T9Nabj4NChB/ > ggIu+7x62teyb56vToySrXKF5HaqDE2Bna7cJSlD0ia64ME1yG/4joL93Jt10IY= > =kDpQ > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: https://lists.debian.org/534809aa.2000...@noflag.org.uk > > -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/trinity-f3090dbc-834c-45ec-8cca-501d4781f536-1397231562657@3capp-gmx-bs20
