New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
OpenSSL Vulnerability - To Be Patched on Thursday (July 9th, 2015)
A new vulnerability is being patched on Thursday July 9th, 2015. The only sources who know the current vulnerability are Google and Amazon. Affected versions are 1.01+. This is a high severity vulnerability.
https://grahamcluley.com/2015/07/mystery-high-severity-bug-openssl/
Comments
Seriously.. Another one... Sigh..
Secure your website, drop the S from https today!
And if you're using debian, set up Debian unattended-upgrades
but.. how does the vulnerability work ,_,
Hopefully they don't release that until the patch is out, or else it'd be a big shitstorm.
Tired of upgrading server due to this issue even if it's not running anything.
those things should be taken seriously like locking your home front door.
It's like keeping virus in empty house. Never will know when it can go crazy.
Yes I just auto upgrade now with unattended-upgrades. If something breaks (which has never happened) I will just restore a backup.
how about poweroff then.
No, I can't power off unused server maybe will use one day. Haha
Is this unrelated to the hacking team stuff?
popcorn.gif if it is
Haven't found anything that will connect it.
https://www.openssl.org/news/secadv_20150709.txt
Thx I was looking for this. So only client related..
Doesn't look to be affecting any 'stable'/lts releases of major distributions.
Bug was introduced too recently to have been merged into any non-beta distro channels. i.e any openssl merges during june.
This does not appear to affect Redhat, CentOS, or Ubuntu distributions.
https://ma.ttias.be/openssl-cve-2015-1793-man-middle-attack/
I was primed and ready to patch the **** out of everything too haha.
They made it sound much bigger.