Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

OpenSSL vunrability

exussumexussum Member
edited April 2012 in General

http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html

Just though you guys may want to know.

It shouldnt effect too many people here (only effects 64 bit systems) but worth a post anyway

Comments

  • yomeroyomero Member

    Thanks for the info.
    Anyway, seems like a comples thing to exploit... or not?
    Since the freaking ubuntu/debian mantainers take a loooong time to update packages (see the php hash vulns), I wonder how much time this thing will take.

    Where says it's only in x64? This particular example is for x64.

  • exussumexussum Member

    from what i can see its expecting a 32 bit input. when the input is larger it has problems not 100% but looking through it, that's how it reads to me

  • rds100rds100 Member

    Debian has released a security advisory and an update - http://www.debian.org/security/2012/dsa-2454

  • yomeroyomero Member

    Wow, that was... fast :|

  • rds100rds100 Member
    edited April 2012

    Ubuntu also has updated openssl packages. Nothing for CentOS yet, as far as i can see.

  • marrcomarrco Member
    edited April 2012 
    apt-get update && apt-get upgrade
[...]
The following packages will be upgraded:
  libssl0.9.8 openssl
[..]
Get:1 http://security.debian.org/ squeeze/updates/main libssl0.9.8 i386 0.9.8o-4squeeze11 [3073 kB]
Get:2 http://security.debian.org/ squeeze/updates/main openssl i386 0.9.8o-4squeeze11 [1052 kB]

    so debian is ok too

  • flyfly Member

    freebsd still herp derping

Sign In or Register to comment.