[nSLUG] Re: Nasty zero day vulnerability in openssl CVE-2014-0160

Mike Spencer mspencer at tallships.ca
Tue Apr 8 20:37:25 ADT 2014


> In case anyone has not heard of it yet, there is a nasty
> vulnerability in openssl requiring immediate patching.
>
> http://heartbleed.com/

But *do* read the details.  Older Linux distros are likely to have a
version that doesn't support the heartbeat extension and thus doesn't
have the bug.

So if you're not a bleeding edge updater, Don't Panic. :-) E.g. one
report says Slackware 13.37 uses SSH 0.9.8, sans heartbeat. My even
older distro also uses 0.9.8.

FWIW,
- Mike

-- 
Michael Spencer                  Nova Scotia, Canada       .~. 
                                                           /V\ 
mspencer at tallships.ca                                     /( )\
http://home.tallships.ca/mspencer/                        ^^-^^






More information about the nSLUG mailing list