Server patched for 'Heartbleed' SSL vulnerability

Status
Not open for further replies.

Monsta_AU

...can I interest you in some vintage blades?
Staff member
Forum Administrator
Grand Society
Joined
Feb 2, 2011
Location
Guildford.nsw.au
Not sure if you have heard, but there is a current vulnerability with OpenSSL that allows an attacker to gain the private keys of a server. That's a VeryBadThing®

There is a tester at http://filippo.io/Heartbleed/

I have now patched all servers in my control, and we are running the correct version of OpenSSL with the backported patch in place -

Code:
# rpm -q --changelog openssl | grep -B 1 CVE-2014-0160
* Mon Apr 07 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-16.7
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

I believe being open about the environment this site runs on is important to the trust that users have. This announcement is made in that spirit.
 
Status
Not open for further replies.
Top