[NBLUG/talk] Updates for apps compiled against OpenSSL: mod_ssl, stunnel
ME
dugan at passwall.com
Fri Mar 21 14:23:00 PST 2003
New versions of mod_ssl and stunnel have been released to deal with the
recently published OpenSSL timing attack. If you use either of these, you
may want to consult your vendor for updates.
(If you got the mod_ssl from March 18, a new one was released again on
March 20. Now up to 2.8.14-1.3.27)
-ME
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t at -(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
Campus IT(/OS Security): Operating Systems Support Specialist Assistant
---------------------------- Original Message ----------------------------
Subject: Updates: OpenSSL, mod_ssl, stunnel
From: "ME" <dugan at passwall.com>
Date: Fri, March 21, 2003 2:13 pm
To: unix at SONOMA.EDU
--------------------------------------------------------------------------
Hello,
A timing attack was found to permit exposure of a key used by openSSL to a
third party. Though the requirements for such an attack are not trivial,
it is considered a "know security risk".
New versions of mod_ssl, and stunnel have been released. The lates version
of OpenSSL (0.9.6i and 0.9.7a) are not exposed to this known risk.
Upgrades are suggested.
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$)
P+$>+++ L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+
PGP++ t at -(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
Campus IT(/OS Security): Operating Systems Support Specialist Assistant
More information about the talk
mailing list