Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday January 01 1970, @12:00AM   Printer-friendly
from the check-your-distro-now dept.

An advisory (link: https://www.openssl.org/news/secadv_20140407.txt ) has been released concerning an implementation bug in several versions of the widely used OpenSSL software.

"A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1."

The advisory states that 1.0.1 users can resolve the issue by upgrading to 1.0.1g or recompiling using the -DOPENSSL_NO_HEARTBEATS switch. Users of 1.0.2 will need to wait for the next beta release to get this closed.

This website (link: http://heartbleed.com/ ) has been created to spread accurate details of the bug, which was determined to have been seen in releases of OpenSSL dating back to December 2011. Many websites and services are affected, including Mojang's decision to completely shut down the account authentication servers for Minecraft while the patch is being put in place.

Display Options Threshold/Breakthrough Reply to Article Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.