http://heartbleed.com for more info
2014-04-08 14:31 GMT+02:00 Peter Langenberg <[email protected]> : > FYI -> > > https://www.openssl.org/news/secadv_20140407.txt > > OpenSSL Security Advisory [07 Apr 2014] > ======================================== > > TLS heartbeat read overrun (CVE-2014-0160) > ========================================== > > A missing bounds check in the handling of the TLS heartbeat extension can be > used to reveal up to 64k of memory to a connected client or server. > > Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including > 1.0.1f and 1.0.2-beta1. > > Thanks for Neel Mehta of Google Security for discovering this bug and to > Adam Langley <[email protected]> and Bodo Moeller <[email protected]> for > preparing the fix. > > Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately > upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. > > 1.0.2 will be fixed in 1.0.2-beta2. > > > Peter > >
_______________________________________________ Mailing list: https://launchpad.net/~openerp-community Post to : [email protected] Unsubscribe : https://launchpad.net/~openerp-community More help : https://help.launchpad.net/ListHelp
