|
Posted by: thepinetree on 04/08/2014 04:02 PM
Updated by: thepinetree on 04/09/2014 09:22 PM
Expires: 01/01/2019 12:00 AM
:
Bug In OpenSSL Found and Patch Issued
Adamstown, MD....The OpenSSL Foundation announced yesterday that a vulnerability had been found and patched in the most widely used security library. The Heaetbeat vulnerability as it is known should be eliminated at servers are updated...
OpenSSL Security Advisory [07 Apr 2014]
========================================
TLS heartbeat read overrun (CVE-2014-0160)
==========================================
A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.
Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley and Bodo Moeller for
preparing the fix.
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
1.0.2 will be fixed in 1.0.2-beta2.
|
Comments - Make a comment |
The comments are owned by the poster. We are not responsible for its content. We value free speech but remember this is a public forum and we hope that people would use common sense and decency. If you see an offensive comment please email us at news@thepinetree.net
|
What's Related |
These might interest you as well
Local News
phpws Business Directory
Photo Albums
Web Pages
RSS News Feeds
|
|
|