amuck-landowner

openssl

  1. HalfEatenPie

    OpenSSL Client Vulnerability

    tldr: experimental feature shipped with OpenSSH Client is enabled by default.  Vulnerability involved.  Fixing involves updating or   echo 'UseRoaming no' >> /etc/ssh/ssh_config This is unrelated to the OpenSSH Server. Original...
  2. C

    Upcoming OpenSSL Patch

    Apparently tomorrow the OpenSSL team is releasing a new update and are urging people to update as soon as it's made available. Apparently there's a serious bug fix involved. https://mta.openssl.org/pipermail/openssl-announce/2015-March/000020.html
  3. telephone

    OpenSSL to announce new "high" severity vulnerabilities on Thursday (2015-03-19)

    Link: [openssl-announce] Forthcoming OpenSSL releases --- Q. What is classified as a high severity issue?   A. "This includes issues affecting common configurations which are also likely to be exploitable. Examples include a server DoS, a significant leak of server memory, and remote code...
  4. R

    Open SSL Patches Nine Vulnerabilities

    And this is the link to the security advisory - http://www.openssl.org/news/secadv_20140806.txt
  5. clownjugglar

    OpenSSL crypto bypass flaw (TLS)

    Quote from ArsTechnica article: http://arstechnica.com/security/2014/06/still-reeling-from-heartbleed-openssl-suffers-from-crypto-bypass-flaw/ edit: Edit to note that Debian Wheezy, CentOS and Arch Linux have already been patched. For those interested, Debian Security mailing list post...
  6. drmike

    OpenSSL insecure and has been for two years.

    Should be new updates for OpenSSL pushed out today...  and other programs that depend on OpenSSL.. Source: http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
  7. texteditor

    Might wanna recompile or patch that OpenSSL, buddy (4/7/2014)

    http://heartbleed.com/ http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities https://access.redhat.com/security/cve/CVE-2014-0160 https://www.openssl.org/news/secadv_20140407.txt OpenSSL's TLS ~1.0.1 through 1.0.2+ has a leak in the heatbeat extension that can cause private key...
Top
amuck-landowner