[nSLUG] Nasty zero day vulnerability in openssl CVE-2014-0160

George N. White III gnwiii at gmail.com
Fri Apr 11 07:31:42 ADT 2014


The early reports indicated the bug only affected html servers using https,
but now we know that clients can leak memory, including wget, curl, links,
and git <
https://isc.sans.edu/forums/diary./The+Other+Side+of+Heartbleed+-+Client+Vulnerabilities/17945>.
The heartbleed.com site now says:
"You might have networked appliances with logins secured by this buggy
implementation of the TLS. Furthermore you might have client side software
on your computer that could expose the data from your computer if you
connect to compromised services."




On Tue, Apr 8, 2014 at 8:29 PM, D G Teed <donald.teed at gmail.com> wrote:

> In case anyone has not heard of it yet, there is a nasty
> vulnerability in openssl requiring immediate patching.
>
> http://heartbleed.com/
>
> Read the site for more information.
>
> As the bug has been out for two years, it is also
> suggested to regenerate SSL keys including the private key.
>
>
>
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
>
>


-- 
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20140411/e19020fe/attachment.html>


More information about the nSLUG mailing list