openssl

tldr: experimental feature shipped with OpenSSH Client is enabled by default.  Vulnerability involved.  Fixing involves updating or   echo 'UseRoaming no' >> /etc/ssh/ssh_config This is unrelated to the OpenSSH Server. Original...

Apparently tomorrow the OpenSSL team is releasing a new update and are urging people to update as soon as it's made available. Apparently there's a serious bug fix involved. https://mta.openssl.org/pipermail/openssl-announce/2015-March/000020.html

Link: [openssl-announce] Forthcoming OpenSSL releases --- Q. What is classified as a high severity issue?   A. "This includes issues affecting common configurations which are also likely to be exploitable. Examples include a server DoS, a significant leak of server memory, and remote code...

And this is the link to the security advisory - http://www.openssl.org/news/secadv_20140806.txt

Quote from ArsTechnica article: http://arstechnica.com/security/2014/06/still-reeling-from-heartbleed-openssl-suffers-from-crypto-bypass-flaw/ edit: Edit to note that Debian Wheezy, CentOS and Arch Linux have already been patched. For those interested, Debian Security mailing list post...

Should be new updates for OpenSSL pushed out today...  and other programs that depend on OpenSSL.. Source: http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/

http://heartbleed.com/ http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities https://access.redhat.com/security/cve/CVE-2014-0160 https://www.openssl.org/news/secadv_20140407.txt OpenSSL's TLS ~1.0.1 through 1.0.2+ has a leak in the heatbeat extension that can cause private key...