CVE-2014-0160 OpenSSL Heartbleed

20140506.pet.screenshot

Información del proyecto OpenSSL

OpenSSL Security Advisory [07 Apr 2014]
========================================

TLS heartbeat read overrun (CVE-2014-0160)
==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley and Bodo Moeller for
preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.

Fuente: http://www.openssl.org/news/secadv_20140407.txt

Se ha corregido en ambas ramas

Puppy-es OS Passaggio

Dando click al icono de “update” en el escritorio si no tienes todavia el nuevo sistema POU.

Puppy-es OS Badass

Ya esta integrado en el sistema POU

Fuente

253 total views, 1 views today

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Time limit is exhausted. Please reload CAPTCHA.