l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2003 Mar 21 16:43

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] Updates for apps compiled against OpenSSL: mod_ssl, stunnel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Updates for apps compiled against OpenSSL: mod_ssl, stunnel



New versions of mod_ssl and stunnel have been released to deal with the
recently published OpenSSL timing attack. If you use either of these, you
may want to consult your vendor for updates.

(If you got the mod_ssl from March 18, a new one was released again on
March 20. Now up to 2.8.14-1.3.27)

-ME

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
  Campus IT(/OS Security): Operating Systems Support Specialist Assistant



---------------------------- Original Message ----------------------------
Subject: Updates: OpenSSL, mod_ssl, stunnel
From:    "ME" <dugan@passwall.com>
Date:    Fri, March 21, 2003 2:13 pm
To:      unix@SONOMA.EDU
--------------------------------------------------------------------------
Hello,

A timing attack was found to permit exposure of a key used by openSSL to a
third party. Though the requirements for such an attack are not trivial,
it is considered a "know security risk".

New versions of mod_ssl, and stunnel have been released. The lates version
of OpenSSL (0.9.6i and 0.9.7a) are not exposed to this known risk.

Upgrades are suggested.

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$)
P+$>+++ L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+
PGP++ t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
  Campus IT(/OS Security): Operating Systems Support Specialist Assistant





_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.