[170748] in North American Network Operators' Group
RE: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
daemon@ATHENA.MIT.EDU (David Hubbard)
Tue Apr 8 01:14:47 2014
Date: Tue, 8 Apr 2014 01:13:24 -0400
From: David Hubbard <dhubbard@dino.hostasaurus.com>
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
RHEL and CentOS both have patches out as of a couple hours
ago, so run those updates! CentOS' mirrors do not all have
it yet, so if you are updating, make sure you get the
1.0.1e-16.el6_5.7 version and not older.
David
-----Original Message-----
From: Paul Ferguson [mailto:fergdawgster@mykolab.com]=20
Sent: Tuesday, April 08, 2014 1:07 AM
To: NANOG
Subject: Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I'm really surprised no one has mentioned this here yet...
FYI,
- - ferg
Begin forwarded message:
> From: Rich Kulawiec <rsk@gsp.org> Subject: Serious bug in ubiquitous=20
> OpenSSL library: "Heartbleed" Date: April 7, 2014 at 9:27:40 PM EDT
>=20
> This reaches across many versions of Linux and BSD and, I'd presume,=20
> into some versions of operating systems based on them.
> OpenSSL is used in web servers, mail servers, VPNs, and many other=20
> places.
>=20
> Writeup: Heartbleed: Serious OpenSSL zero day vulnerability revealed=20
> http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability
> -revealed-7000028166/
>
> Technical details: Heartbleed Bug http://heartbleed.com/
>=20
> OpenSSL versions affected (from link just above): OpenSSL 1.0.1=20
> through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT=20
> vulnerable (released today, April 7, 2014) OpenSSL 1.0.0 branch is NOT
> vulnerable OpenSSL 0.9.8 branch is NOT vulnerable
>=20
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlNDg9gACgkQKJasdVTchbIrAAD9HzKaElH1Tk0oIomAOoSOvfJf
3Dvt4QB54os4/yewQQ8A/0dhFZ/YuEdA81dkNfR9KIf1ZF72CyslSPxPvkDcTz5e
=3DaAzE
-----END PGP SIGNATURE-----
