OpenSSL has a serious bug, allowing attackers to read the memory of affected systems.
Affected systems are as follows:
- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
Debian has released a fix referenced as DSA-2896.
The Jabber server has been updated to Prosody 0.9.4 today.
So better start encrypting! 🙂
I’ve added some content about what this is, finished configuring services (mostly), added the certificates and such.
Welcome to Ctrl-Q!
Nice to see you found this site.
More about what this is, will be added soon.