=] you are wellcome
2014-04-14 3:48 GMT-03:00 Gayathri Manoj <gayathri.an...@gmail.com>: > Thanks Roberto for the details information. > > > On Mon, Apr 14, 2014 at 12:07 PM, Roberto Spadim <robe...@spadim.com.br>wrote: > >> more news: >> https://www.openssl.org/news/ >> >> >> 2014-04-14 3:35 GMT-03:00 Roberto Spadim <robe...@spadim.com.br>: >> >> from what i know: >>> https://www.openssl.org/news/secadv_20140407.txt >>> >>> OpenSSL Security Advisory [07 Apr 2014] >>> ======================================== >>> >>> TLS heartbeat read overrun (CVE-2014-0160) >>> ========================================== >>> >>> A missing bounds check in the handling of the TLS heartbeat extension can be >>> used to reveal up to 64k of memory to a connected client or server. >>> >>> Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including >>> 1.0.1f and 1.0.2-beta1. >>> >>> Thanks for Neel Mehta of Google Security for discovering this bug and to >>> Adam Langley <a...@chromium.org> and Bodo Moeller <bmoel...@acm.org> for >>> preparing the fix. >>> >>> Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately >>> upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. >>> >>> 1.0.2 will be fixed in 1.0.2-beta2. >>> >>> >>> >>> 2014-04-14 3:21 GMT-03:00 Gayathri Manoj <gayathri.an...@gmail.com>: >>> >>> Hi All, >>>> >>>> Please let me know is this vulnerability will effect the products which >>>> are using openssl version less than openssl 1.0.1 >>>> >>>> Thanks, >>>> Gayathri >>>> >>> >>> >>> >>> -- >>> Roberto Spadim >>> SPAEmpresarial >>> Eng. Automação e Controle >>> >> >> >> >> -- >> Roberto Spadim >> SPAEmpresarial >> Eng. Automação e Controle >> > > -- Roberto Spadim SPAEmpresarial Eng. Automação e Controle
