-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Francis Kayiwa wrote:
> If you patched already that's cool, if not you should be asking
> yourself why you aren't using SSL? -oh wait. As you were. ;-)
GnuTLS is another suite for doing https and so on, but AFAIK didn't
suffer from this bug because
nnett<mailto:bennet...@appstate.edu>
Sent: 4/8/2014 3:01 PM
To: CODE4LIB@LISTSERV.ND.EDU<mailto:CODE4LIB@LISTSERV.ND.EDU>
Subject: Re: [CODE4LIB] Serious vulnerability in OpenSSL
There is this one for CentOS 6
http://people.centos.org/z00dax/disable_heartbeat/x86_64/Pa
There is this one for CentOS 6
http://people.centos.org/z00dax/disable_heartbeat/x86_64/Packages/
They are "disabled_heartbeat" versions, download your version and use
rpm -ivh --force your_version_here
to overwrite your current openssl executable.
The following were sent out from our campus
There are other options for testing you can run locally, e.g.
http://pastebin.com/WmxzjkXJ
I'm pretty sure it doesn't send anything it finds anywhere else, but more
folks on this list (a) understand python to verify that for themselves and
(b) can run it right now than with Go =)
AC
On Tue, A
There’s a nice “fork me on github” banner on the test site, so someone
motivated could at least check the (purported) code and set up their
own checker. So at least they have an implicit “you don’t need to trust
us” sign.
-Tod
On Apr 8, 2014, at 10:00 AM, Francis Kayiwa wrote:
> -BEGIN P
Thanks a lot, Becky, for those links. The beauty of Linux these days (at
least Ubuntu) is that operations like this can be as easy as pie. Some
things, of course, are still darn difficult, but many others are not.
Roy
On Tue, Apr 8, 2014 at 7:12 AM, Becky Yoose wrote:
> Thanks for forwarding th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/8/2014 10:27 AM, Chad Nelson wrote:
> Francis,
>
> Are you asking us to register our servers into a great big list of
> vulnerable machines?
Assumption here was.
Machine == vulnerable
Patch on confirmation but your point is well received.
./
Francis,
Are you asking us to register our servers into a great big list of
vulnerable machines?
Chad
On Tue, Apr 8, 2014 at 10:11 AM, Francis Kayiwa wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 4/8/2014 10:06 AM, Cary Gordon wrote:
> > Please read this page and its support
Thanks for forwarding this along, Cary. I've been patching this morning,
and am now in the process of determine needs for new certs. (sigh...)
If you need some guidance in patching your server, here are a couple of
links to start y'all out:
Ubuntu-related patch info - https://gist.github.com/code
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/8/2014 10:06 AM, Cary Gordon wrote:
> Please read this page and its supporting documents about the
> Heartbleed Bug.
>
> http://heartbleed.com/
>
> If you use OpenSSL, and most service providers do, you should patch
> your servers ASAP. OpenSSL
Please read this page and its supporting documents about the Heartbleed Bug.
http://heartbleed.com/
If you use OpenSSL, and most service providers do, you should patch your
servers ASAP. OpenSSL versions 1.0.1 through 1.0.1f (inclusive) are
vulnerable. Only version 1.0.1g or newer should be us
11 matches
Mail list logo