Security-Announce archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

advance notice: OpenSSL CVE-2014-0160 ("heartbleed")

Dear all,

this is advance notice of an OpenSSL bug that impacts NetBSD-6
(and NetBSD-current) as well as pkgsrc.

openssl-1.0.1g has the fix. NetBSD-current is updated as of 2:20UTC,
the NetBSD-6* fix has just hit the repository, updated binaries are
being built.

NetBSD-5 is not affected, but openssl pkgsrc packages on -5 may be.

The vulnerability is in libssl. For example https servers are
targettable with this vulnerability.

See for the
OpenSSL advisory.

A formal advisory will follow.

best regards,

Home | Main Index | Thread Index | Old Index