lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3128119.aFPjlLjmmd@pandora>
Date: Tue, 08 Apr 2014 10:23:26 +0200
From: Joerg Mertin <smurphy@...sys.org>
To: fulldisclosure@...lists.org
Subject: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160

Ubuntu already has released:
http://www.ubuntu.com/usn/usn-2165-1/

My server updated during the night :}

On Monday 07 April 2014 23:09:58 David H wrote:
> RHEL update just released, hopefully CentOS soon:
> https://rhn.redhat.com/errata/RHSA-2014-0376.html
> 
> 
> On Mon, Apr 7, 2014 at 8:10 PM, Kirils Solovjovs <
> 
> kirils.solovjovs@...ils.com> wrote:
> > We are doomed.
> > 
> > Description: http://www.openssl.org/news/vulnerabilities.html
> > Article dedicated to the bug: http://heartbleed.com/
> > Tool to check if TLS heartbeat extension is supported:
> > http://possible.lv/tools/hb/
> > 
> > A missing bounds check in the handling of the TLS heartbeat extension
> > can be used to reveal up to 64kB of memory to a connected client or
> > server.
> > 
> > 1.0.1[ abcdef] affected.
> > 
> > 
> > P.S. Happy Monday!
> > 
> > _______________________________________________
> > Sent through the Full Disclosure mailing list
> > http://nmap.org/mailman/listinfo/fulldisclosure
> > Web Archives & RSS: http://seclists.org/fulldisclosure/
> 
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/

-- 
A day without sunshine is like a day without Anita Bryant.
------------------------------------------------------------------------
Joerg Mertin in Clermont/France
Web: http://www.solsys.org
PGP: Public Key Server - Get "0x159DC660F946126F"


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ