Re: heardbleed bug and openssl

X-Received	by 10.50.50.211 with SMTP id e19mr7883050igo.4.1397490535951; Mon, 14 Apr 2014 08:48:55 -0700 (PDT)
X-Received	by 10.140.50.83 with SMTP id r77mr71062qga.15.1397490535910; Mon, 14 Apr 2014 08:48:55 -0700 (PDT)
Path	csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.glorb.com!l13no6877706iga.0!news-out.google.com!du2ni6534qab.0!nntp.google.com!cm18no2907982qab.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail
Newsgroups	comp.os.linux.security
Date	Mon, 14 Apr 2014 08:48:55 -0700 (PDT)
In-Reply-To	<003ee7a0-e43e-491c-935a-d8f67cbe8f15@googlegroups.com>
Complaints-To	groups-abuse@google.com
Injection-Info	glegroupsg2000goo.googlegroups.com; posting-host=74.13.217.90; posting-account=k4TCzwoAAAAuS8wchLIKO8kJM4zWD6ZP
NNTP-Posting-Host	74.13.217.90
References	<003ee7a0-e43e-491c-935a-d8f67cbe8f15@googlegroups.com>
User-Agent	G2/1.0
MIME-Version	1.0
Message-ID	<2bd15321-3344-4d97-ab58-784b410ea490@googlegroups.com> (permalink)
Subject	Re: heardbleed bug and openssl
From	Steve Wolf <stevwolf58@gmail.com>
Injection-Date	Mon, 14 Apr 2014 15:48:55 +0000
Content-Type	text/plain; charset=ISO-8859-1
Xref	csiph.com comp.os.linux.security:484

Show key headers only | View raw

Thanks for the answers,

According to the article that was pointed out by Keith K, Im NOT susceptible.
---------------------------------------------------------
What versions of the OpenSSL are affected?

 Status of different versions:

 OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
 OpenSSL 1.0.1g is NOT vulnerable
 OpenSSL 1.0.0 branch is NOT vulnerable
 OpenSSL 0.9.8 branch is NOT vulnerable
 Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
----------------------------------------------------------------

If I read my version correctly I have 0.7
This is not 1.0.1 through 1.0.1f
Thus mine is not affected ?? Yet Jim says it is.

Am I reading something incorrectly. I dont know much about all this version info.
thanks.

Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar

Thread

heardbleed bug and openssl Steve Wolf <stevwolf58@gmail.com> - 2014-04-14 07:48 -0700
  Re: heardbleed bug and openssl Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2014-04-14 07:55 -0700
  Re: heardbleed bug and openssl Jim Beard <jdbeard@patriot.net> - 2014-04-14 15:05 +0000
    Re: heardbleed bug and openssl Aragorn <thorongil@telenet.be.invalid> - 2014-04-14 17:58 +0200
  Re: heardbleed bug and openssl Steve Wolf <stevwolf58@gmail.com> - 2014-04-14 08:48 -0700
    Re: heardbleed bug and openssl Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2014-04-14 10:29 -0700
      Re: heardbleed bug and openssl colinmarr0@gmail.com - 2014-04-14 10:48 -0700
        Re: heardbleed bug and openssl "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2014-04-14 14:08 -0400
        Re: heardbleed bug and openssl William Unruh <unruh@invalid.ca> - 2014-04-14 18:47 +0000
        Re: heardbleed bug and openssl Joe Beanfish <joebeanfish@nospam.duh> - 2014-04-15 13:36 +0000
      Re: heardbleed bug and openssl William Unruh <unruh@invalid.ca> - 2014-04-14 18:46 +0000
        Re: heardbleed bug and openssl Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2014-04-14 12:28 -0700
          Re: heardbleed bug and openssl William Unruh <unruh@invalid.ca> - 2014-04-14 21:18 +0000
            Re: heardbleed bug and openssl Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2014-04-14 14:48 -0700
    Re: heardbleed bug and openssl Jim Beard <jdbeard@patriot.net> - 2014-04-15 01:44 +0000
  Re: heardbleed bug and openssl William Unruh <unruh@invalid.ca> - 2014-04-14 17:10 +0000
  Re: heardbleed bug and openssl "Trevor Hemsley" <Trevor.Hemsley@mytrousers.ntlworld.com> - 2014-04-15 05:38 -0500

csiph-web