Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.os.linux.security > #485

Re: heardbleed bug and openssl

From Aragorn <thorongil@telenet.be.invalid>
Newsgroups comp.os.linux.security
Subject Re: heardbleed bug and openssl
Followup-To comp.os.linux.security
Date 2014-04-14 17:58 +0200
Organization A noiseless patient Strider
Message-ID <lih0j0$76v$1@dont-email.me> (permalink)
References <003ee7a0-e43e-491c-935a-d8f67cbe8f15@googlegroups.com> <ligtg3$ca8$1@dont-email.me>

Followups directed to: comp.os.linux.security

Show all headers | View raw


On Monday 14 April 2014 17:05, Jim Beard conveyed the following to 
comp.os.linux.security...

> On Mon, 14 Apr 2014 07:48:01 -0700, Steve Wolf wrote:
> 
>> Can anyone tell me if the following is suceptable to the heart bleed
>> bug.
>> 
>> openssl-0.9.7a-43.18.el4
>> 
>> I dont know much about these things but they say its with version
>> OpenSSL version 1.0.1.
>> 
>> Can anyone tell me if this version of software is succepable to it.
> 
> IIRC, the g version is not susceptible (and versions before
> introduction of the vulnerability likewse), but the above is the e
> version and vulnerable.

Not quite.  Look at the version number, Jim. 

He's got 0.9.7.  The vulnerability was only introduced in 1.0.1.  1.0.0 
and 0.x.x versions are unaffected.

-- 
= Aragorn =

         http://www.linuxcounter.net - registrant #223157

Back to comp.os.linux.security | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

heardbleed bug and openssl Steve Wolf <stevwolf58@gmail.com> - 2014-04-14 07:48 -0700
  Re: heardbleed bug and openssl Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2014-04-14 07:55 -0700
  Re: heardbleed bug and openssl Jim Beard <jdbeard@patriot.net> - 2014-04-14 15:05 +0000
    Re: heardbleed bug and openssl Aragorn <thorongil@telenet.be.invalid> - 2014-04-14 17:58 +0200
  Re: heardbleed bug and openssl Steve Wolf <stevwolf58@gmail.com> - 2014-04-14 08:48 -0700
    Re: heardbleed bug and openssl Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2014-04-14 10:29 -0700
      Re: heardbleed bug and openssl colinmarr0@gmail.com - 2014-04-14 10:48 -0700
        Re: heardbleed bug and openssl "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2014-04-14 14:08 -0400
        Re: heardbleed bug and openssl William Unruh <unruh@invalid.ca> - 2014-04-14 18:47 +0000
        Re: heardbleed bug and openssl Joe Beanfish <joebeanfish@nospam.duh> - 2014-04-15 13:36 +0000
      Re: heardbleed bug and openssl William Unruh <unruh@invalid.ca> - 2014-04-14 18:46 +0000
        Re: heardbleed bug and openssl Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2014-04-14 12:28 -0700
          Re: heardbleed bug and openssl William Unruh <unruh@invalid.ca> - 2014-04-14 21:18 +0000
            Re: heardbleed bug and openssl Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2014-04-14 14:48 -0700
    Re: heardbleed bug and openssl Jim Beard <jdbeard@patriot.net> - 2014-04-15 01:44 +0000
  Re: heardbleed bug and openssl William Unruh <unruh@invalid.ca> - 2014-04-14 17:10 +0000
  Re: heardbleed bug and openssl "Trevor Hemsley" <Trevor.Hemsley@mytrousers.ntlworld.com> - 2014-04-15 05:38 -0500

csiph-web