advance notice: OpenSSL CVE-2014-0160 ("heartbleed")

To: security-announce%NetBSD.org@localhost
Subject: advance notice: OpenSSL CVE-2014-0160 ("heartbleed")
From: "S.P.Zeidler" <spz%NetBSD.org@localhost>
Date: Tue, 8 Apr 2014 12:52:32 +0000

Dear all,

this is advance notice of an OpenSSL bug that impacts NetBSD-6
(and NetBSD-current) as well as pkgsrc.

openssl-1.0.1g has the fix. NetBSD-current is updated as of 2:20UTC,
the NetBSD-6* fix has just hit the repository, updated binaries are
being built.

NetBSD-5 is not affected, but openssl pkgsrc packages on -5 may be.

The vulnerability is in libssl. For example https servers are
targettable with this vulnerability.

See https://www.openssl.org/news/secadv_20140407.txt for the
OpenSSL advisory.

A formal advisory will follow.

best regards,
        spz

Prev by Date: NetBSD Security Advisory 2014-003: posix_spawn unbounded kernel memory allocation
Next by Date: NetBSD Security Advisory 2014-004: OpenSSL information disclosure ("heartbleed")
Previous by Thread: NetBSD Security Advisory 2014-003: posix_spawn unbounded kernel memory allocation
Next by Thread: NetBSD Security Advisory 2014-004: OpenSSL information disclosure ("heartbleed")
Indexes:

Home | Main Index | Thread Index | Old Index