[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- From: Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 8 Apr 2014 09:51:28 +0000
- Content-disposition: inline
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:In-Reply-To:MIME-Version:References:Message-ID:To:From:Date; bh=qhra2S5OnUfd/0GaNA3IzkKc2zP+OEGopnuRX392sjo=; b=EegjlmuK6nQWD+CJfSd06tV06APOd21irL2dnuyH36m1IzIHvc8fS8kwuX8qWa5wklkmJTr+da7j1rrYYrqHtLYGdiSZirXshQYgTcYz5KCkqOymDFcy1TJ8nZ8/HcqytawDJFD8R+pYVSzYqiOsSqCpTw7SFUBlOAZvYOYn9pI=;
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1396950688; bh=+PU7p7Wg32L0mJhxQ2JKVOxUP9pDkBwFgzo9PPUjUwY=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=dLT7k2yYQog9+ETINyItA14o913t7YjYMhwx61mtQKqyq0WnKumAnNJqqqxoN9jJV G+iNKPuTnjkrIm0CeX6meK4391/cDQkSF7hA7gdeTmd2sO9hQexIVb3w9W4S3AmEig 4+y0696Mgx9/d9W7cqKlntmefP3P/OjzhLg18j14=
On Tue, Apr 08, 2014 at 09:27:38AM +0000, Rob Beard wrote:
> I've spent the morning updating our Debian servers at work, but there's
> something I wasn't entirely clear about. According to the Ars article the
> Private Keys can be recovered, am I right in thinking this would affect SSL
> keys, TLS keys on e-mail servers and keys used on OpenVPN?
That's what I understand, yes. Anything that uses OpenSSL version 1.0.1
(up to 1.0.1f)) is vulnerable.
Martijn.
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq