Thanks Roberto for the details information.
On Mon, Apr 14, 2014 at 12:07 PM, Roberto Spadim <robe...@spadim.com.br>wrote: > more news: > https://www.openssl.org/news/ > > > 2014-04-14 3:35 GMT-03:00 Roberto Spadim <robe...@spadim.com.br>: > > from what i know: >> https://www.openssl.org/news/secadv_20140407.txt >> >> OpenSSL Security Advisory [07 Apr 2014] >> ======================================== >> >> TLS heartbeat read overrun (CVE-2014-0160) >> ========================================== >> >> A missing bounds check in the handling of the TLS heartbeat extension can be >> used to reveal up to 64k of memory to a connected client or server. >> >> Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including >> 1.0.1f and 1.0.2-beta1. >> >> Thanks for Neel Mehta of Google Security for discovering this bug and to >> Adam Langley <a...@chromium.org> and Bodo Moeller <bmoel...@acm.org> for >> preparing the fix. >> >> Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately >> upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. >> >> 1.0.2 will be fixed in 1.0.2-beta2. >> >> >> >> 2014-04-14 3:21 GMT-03:00 Gayathri Manoj <gayathri.an...@gmail.com>: >> >> Hi All, >>> >>> Please let me know is this vulnerability will effect the products which >>> are using openssl version less than openssl 1.0.1 >>> >>> Thanks, >>> Gayathri >>> >> >> >> >> -- >> Roberto Spadim >> SPAEmpresarial >> Eng. Automação e Controle >> > > > > -- > Roberto Spadim > SPAEmpresarial > Eng. Automação e Controle >
