[ale] OpenSSL Broken, Upgrade Now

Jim Kinney jim.kinney at gmail.com
Wed Apr 16 08:36:17 EDT 2014


If I run ssh -v user at host  I see:

OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 51: Applying options for *
...

So is OpenSSH _using_ OpenSSL for encryption processes?


On Tue, Apr 15, 2014 at 1:07 PM, Jim Kinney <jim.kinney at gmail.com> wrote:

> Heartbleed bug also affects android phones with Jelly Bean version
>
>
> http://www.theguardian.com/technology/2014/apr/15/heartbleed-android-phones-vulnerable-data-shows
>
>
> On Mon, Apr 7, 2014 at 7:14 PM, David Tomaschik <david at systemoverlord.com>wrote:
>
>> TL;DR: Upgrade OpenSSL to >= 1.0.1g immediately, consider replacing keys.
>>  Not as bad as Debian OpenSSL bug, but worse than "goto fail;".
>>
>> "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
>> cryptographic software library. This weakness allows stealing the
>> information protected, under normal conditions, by the SSL/TLS encryption
>> used to secure the Internet. SSL/TLS provides communication security and
>> privacy over the Internet for applications such as web, email, instant
>> messaging (IM) and some virtual private networks (VPNs).
>>
>> The Heartbleed bug allows anyone on the Internet to read the memory of
>> the systems protected by the vulnerable versions of the OpenSSL software.
>> This compromises the secret keys used to identify the service providers and
>> to encrypt the traffic, the names and passwords of the users and the actual
>> content. This allows attackers to eavesdrop communications, steal data
>> directly from the services and users and to impersonate services and users."
>>
>> http://heartbleed.com
>>
>> --
>> David Tomaschik
>> OpenPGP: 0x5DEA789B
>> http://systemoverlord.com
>> david at systemoverlord.com
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
>
> --
> --
> James P. Kinney III
>
> Every time you stop a school, you will have to build a jail. What you gain
> at one end you lose at the other. It's like feeding a dog on his own tail.
> It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
>
>
> *http://heretothereideas.blogspot.com/
> <http://heretothereideas.blogspot.com/>*
>



-- 
-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain


*http://heretothereideas.blogspot.com/
<http://heretothereideas.blogspot.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140416/ddbd638b/attachment.html>


More information about the Ale mailing list