[nSLUG] Re: Nasty zero day vulnerability in openssl CVE-2014-0160
mspencer at tallships.ca
Tue Apr 8 20:37:25 ADT 2014
> In case anyone has not heard of it yet, there is a nasty
> vulnerability in openssl requiring immediate patching.
But *do* read the details. Older Linux distros are likely to have a
version that doesn't support the heartbeat extension and thus doesn't
have the bug.
So if you're not a bleeding edge updater, Don't Panic. :-) E.g. one
report says Slackware 13.37 uses SSH 0.9.8, sans heartbeat. My even
older distro also uses 0.9.8.
Michael Spencer Nova Scotia, Canada .~.
mspencer at tallships.ca /( )\
More information about the nSLUG