OpenSSL release update that fixes High-severity bug

For discussions about security.
Post Reply
Message
Author
tomhewit

OpenSSL release update that fixes High-severity bug

#1 Post by tomhewit »

http://arstechnica.com/security/2016/01 ... s-traffic/

High-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic

Thursday's release also contained additional hardening against Logjam

People using OpenSSL version 1.0.2 should upgrade to 1.0.2f, while those still using version 1.0.1 should install 1.0.1r. Thursday's OpenSSL advisory also reminded users that support for version 1.0.1 will end at the end of this year, after which no security fixes will be available. Support for versions 0.9.8 and 1.0.0 ended in December.

User avatar
Semme
Posts: 8399
Joined: Sun 07 Aug 2011, 20:07
Location: World_Hub

#2 Post by Semme »

Yeah, if you're running a "server" you'd wanna address this.

Here's your client-side >> https://www.ssllabs.com/ssltest/viewMyClient.html

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#3 Post by 8Geee »

The ars-technica article states that only openSSL1.0.2 is affected. A reminder that openSSL 1.0.1 is unsupprted as of 12/31/2016, and that openSSL 1.0.0, and 0.9.8 are no longer supported as of 1/1/2016.

not yet in slacko5.7's (slackware14.0) updates... should be there soon.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#4 Post by 8Geee »

The 1.0.1r update became available today when checking Menu --> Setup --> Updates from Slackware in Slacko5.7.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

Post Reply