openerp-community team mailing list archive
-
openerp-community team
-
Mailing list archive
-
Message #05448
Re: Security issue : OpenSSL Security Advisory [07 Apr 2014]
http://heartbleed.com for more info
2014-04-08 14:31 GMT+02:00 Peter Langenberg <peter.langenberg@xxxxxxxxxxxxx>
:
> FYI ->
>
> https://www.openssl.org/news/secadv_20140407.txt
>
> OpenSSL Security Advisory [07 Apr 2014]
> ========================================
>
> TLS heartbeat read overrun (CVE-2014-0160)
> ==========================================
>
> A missing bounds check in the handling of the TLS heartbeat extension can be
> used to reveal up to 64k of memory to a connected client or server.
>
> Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
> 1.0.1f and 1.0.2-beta1.
>
> Thanks for Neel Mehta of Google Security for discovering this bug and to
> Adam Langley <agl@xxxxxxxxxxxx> and Bodo Moeller <bmoeller@xxxxxxx> for
> preparing the fix.
>
> Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
> upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
>
> 1.0.2 will be fixed in 1.0.2-beta2.
>
>
> Peter
>
>
References