The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,842 other followers

Heartbleed: Serious OpenSSL zero day vulnerability revealed | ZDNet

Posted by jpluimers on 2014/04/08

The fixed OpenSSL 1.01g is already available in source and for many platforms.

When do they become available anyone using OpenSSL 1.01 or 1.02 must deploy the patched version as fast as possible.

You also need to have all your certificates re-issued.

During the vulnerability period, your private keys may have been exposed, and there is no way to tell that they were not exposed.

Note the official binaries for Win32 1.01g are not available for yet (expect them soon), but the Indy team made Win32 and Win64 versions available.

Note that OpenSuSE did a backport of the patch to 1.01e for 12.3 and 13.1. Older openSuSE versions do not have updates for this issue, but you want to upgrade anything lower than 0.98 as they contain serious other vulnerabilities.

–jeroen

via

7 Responses to “Heartbleed: Serious OpenSSL zero day vulnerability revealed | ZDNet”

  1. […] mentioned by Jeroen, updated SSL builds for Indy are already available at fulgan.com (which is Indy’s binary […]

  2. Joseph said

    My desktop Linux distro pushed out a patch this morning. Linux package management is really a killer feature. If OpenSSL were a Windows component we might have to wait for a patch Tuesday. :-(

  3. Bruce McGee said

    Thanks for the heads up. Binaries are available now.

    http://opendec.wordpress.com/2014/04/08/openssl-1-0-0l-1-0-1g/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: