[nSLUG] Nasty zero day vulnerability in openssl CVE-2014-0160

Ben Armstrong synrg at sanctuary.nslug.ns.ca
Tue Apr 8 20:59:28 ADT 2014


On 04/08/2014 08:37 PM, Mike Spencer wrote:
> So if you're not a bleeding edge updater, Don't Panic. :-) E.g. one
> report says Slackware 13.37 uses SSH 0.9.8, sans heartbeat. My even
> older distro also uses 0.9.8.

The downside of that is that 0.9.8 can only do TLS 1.0, which is much
weaker than TLS 1.2. You should look into upgrading to a version of your
distro that doesn't have such out of date software, as it is more likely
to be vulnerable to certain kinds of attack (just not this one).

Ben




More information about the nSLUG mailing list