more news: https://www.openssl.org/news/
2014-04-14 3:35 GMT-03:00 Roberto Spadim <robe...@spadim.com.br>: > from what i know: > https://www.openssl.org/news/secadv_20140407.txt > > OpenSSL Security Advisory [07 Apr 2014] > ======================================== > > TLS heartbeat read overrun (CVE-2014-0160) > ========================================== > > A missing bounds check in the handling of the TLS heartbeat extension can be > used to reveal up to 64k of memory to a connected client or server. > > Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including > 1.0.1f and 1.0.2-beta1. > > Thanks for Neel Mehta of Google Security for discovering this bug and to > Adam Langley <a...@chromium.org> and Bodo Moeller <bmoel...@acm.org> for > preparing the fix. > > Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately > upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. > > 1.0.2 will be fixed in 1.0.2-beta2. > > > > 2014-04-14 3:21 GMT-03:00 Gayathri Manoj <gayathri.an...@gmail.com>: > > Hi All, >> >> Please let me know is this vulnerability will effect the products which >> are using openssl version less than openssl 1.0.1 >> >> Thanks, >> Gayathri >> > > > > -- > Roberto Spadim > SPAEmpresarial > Eng. Automação e Controle > -- Roberto Spadim SPAEmpresarial Eng. Automação e Controle
