Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

OpenSSL vunrability
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

OpenSSL vunrability

exussumexussum Member
edited April 2012 in General

http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html

Just though you guys may want to know.

It shouldnt effect too many people here (only effects 64 bit systems) but worth a post anyway

Comments

  • yomeroyomero Member

    Thanks for the info.
    Anyway, seems like a comples thing to exploit... or not?
    Since the freaking ubuntu/debian mantainers take a loooong time to update packages (see the php hash vulns), I wonder how much time this thing will take.

    Where says it's only in x64? This particular example is for x64.

  • exussumexussum Member

    from what i can see its expecting a 32 bit input. when the input is larger it has problems not 100% but looking through it, that's how it reads to me

  • rds100rds100 Member

    Debian has released a security advisory and an update - http://www.debian.org/security/2012/dsa-2454

  • yomeroyomero Member

    Wow, that was... fast :|

  • rds100rds100 Member
    edited April 2012

    Ubuntu also has updated openssl packages. Nothing for CentOS yet, as far as i can see.

  • marrcomarrco Member
    edited April 2012 
    apt-get update && apt-get upgrade
[...]
The following packages will be upgraded:
  libssl0.9.8 openssl
[..]
Get:1 http://security.debian.org/ squeeze/updates/main libssl0.9.8 i386 0.9.8o-4squeeze11 [3073 kB]
Get:2 http://security.debian.org/ squeeze/updates/main openssl i386 0.9.8o-4squeeze11 [1052 kB]

    so debian is ok too

  • flyfly Member

    freebsd still herp derping

Sign In or Register to comment.