Displaying 20 results from an estimated 60 matches for "heartbleed".
2014 Apr 09
1
FLASH NewsBites - Heartbleed Open SSL Vulnerability (fwd)
For even more information about "Heartbleed".
-Connie Sieh
---------- Forwarded message ----------
Date: Wed, 9 Apr 2014 12:27:54 -0500
From: The SANS Institute <NewsBites at sans.org>
Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability
FLASH NewsBites - Heartbleed Open SSL Vulnerability
FLASH NewsBites are issued onl...
2014 Apr 08
3
Heartbleed openssl vulnerability?
Do we know if dovecot is vulnerable to the heartbleed SSL problem?
I'm running dovecot-2.0.9 and openssl-1.01, the latter being
intrinsically vulnerable. An on-line tool says that my machine is not
affected on port 993 but it would be nice to know for sure if we were
vulnerable for a while. (Naturally I've blocked it anyway!).
Thanks
John
2014 Apr 08
2
CVE-2014-0160 CentOS 6 openssl heartbleed workaround
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Earlier in the day today, we were made aware of a serious
issue in openssl as shipped in CentOS-6.5 ( including updates issued
since CentOS-6.5 was released ); This issue is addressed in detail at
http://heartbleed.com/
Upstream have not released a patched version of openssl, although we
are reliably informed that there is quite a bit of effort ongoing
to release a patched package soon.
As an interim workaround, we are releasing packages that disable the
exploitable code using the published workaround( tls...
2014 Apr 08
2
CVE-2014-0160 CentOS 6 openssl heartbleed workaround
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Earlier in the day today, we were made aware of a serious
issue in openssl as shipped in CentOS-6.5 ( including updates issued
since CentOS-6.5 was released ); This issue is addressed in detail at
http://heartbleed.com/
Upstream have not released a patched version of openssl, although we
are reliably informed that there is quite a bit of effort ongoing
to release a patched package soon.
As an interim workaround, we are releasing packages that disable the
exploitable code using the published workaround( tls...
2014 Apr 11
0
Fwd, from upstream: Heartbleed Toolkit | Secure, Detect, & Repair
Subject: Heartbleed Toolkit | Secure, Detect, & Repair
Date: Thu, 10 Apr 2014 18:12:16 -0400
From: Red Hat <email at engage.redhat.com>
View in a Web Browser
<http://app.engage.redhat.com/e/es.aspx?s=1795&e=352069&elq=852ad1748d834dbeac7f2adf6f4b1679>
"Follow us on Twitte...
2015 Jan 12
2
Design changes are done in Fedora
...gt;> could have been stolen from it... I realized then that that level big
>> flop
>> never happened to RedHat. I couldn't even point to something that would
>> constitute big flop RedHat of then. One only criticizes something while
>> one cares about it ;-)
>
> Heartbleed was pretty scary, no? I'd consider that at least as bad as
> the predictable number generator issue.
>
Well, heratbleed and shellshock were pretty much global: all systems (not
only Linuxes, not to say particular Linux distributions - my FreeBSD boxes
were affected too) using openssl or...
2014 Apr 14
2
HeartBleed in RHEL
I know I'm slightly OT here, asking about RHEL, but since Centos is now a
part of RH, I'm hoping I won't be summarily ejected.
I've seen several articles that listed Centos 6.x as vulnerable, but
DID NOT LIST RHEL 6.
I'd think that if Centos 6.x is vulnerable, then so would RHEL 6.x,
since Centos is made from RHEL sources.
Does anyone know for sure either way?
thanks!
--
2015 Jul 10
2
[LLVMdev] DataFlowSanitizer only for Linux
Kostya,
I took a quick stab at patching libFuzzer for Apple, but so far I'm
thinking something else is incorrect. Patch is attached but when I went to
reproduce the examples, the toy example went fine, but with PCRE and
Heartbleed I noticed the coverage statistics were pretty poor, and didn't
find anything. Admittedly I moved onto Heartbleed pretty quickly so PCRE
probably isn't the best judge. But here's a sample log from the Heartbleed
session (they were all similar):
$ cat fuzz-11.log
Seed: 3157140177
Set...
2015 Jan 12
4
Design changes are done in Fedora
...evel big
>>>> flop
>>>> never happened to RedHat. I couldn't even point to something that
>>>> would
>>>> constitute big flop RedHat of then. One only criticizes something
>>>> while
>>>> one cares about it ;-)
>>> Heartbleed was pretty scary, no? I'd consider that at least as bad as
>>> the predictable number generator issue.
>>>
>> Well, heratbleed and shellshock were pretty much global: all systems
>> (not
>> only Linuxes, not to say particular Linux distributions - my FreeBSD...
2015 Feb 03
3
Another Fedora decision
...ep you busy for a long while.
>
> Off the top of my head:
>
Thank you.
The CentOS wiki pages found by a title page search are:
http://wiki.centos.org/HelpOnConfiguration/SecurityPolicy
http://wiki.centos.org/HowTos/Security
http://wiki.centos.org/Security
http://wiki.centos.org/Security/Heartbleed
http://wiki.centos.org/Security/POODLE
http://wiki.centos.org/Security/Shellshock
with translations for the zh and zh-tw languages.
2015 Jan 12
1
Design changes are done in Fedora
...; flop
>>>>> never happened to RedHat. I couldn't even point to something that
>>>>> would
>>>>> constitute big flop RedHat of then. One only criticizes something
>>>>> while
>>>>> one cares about it ;-)
>>>> Heartbleed was pretty scary, no? I'd consider that at least as bad as
>>>> the predictable number generator issue.
>>>>
>>> Well, heratbleed and shellshock were pretty much global: all systems
>>> (not
>>> only Linuxes, not to say particular Linux distri...
2014 Apr 18
4
Changing SSL certificates - switching from self-signed to RapidSSL
Hi all,
Ok, been wanting to do this for a while, and I after the Heartbleed
fiasco, the boss finally agreed to let me buy some real certs...
Until now, we've been using self-signed certs with the following dovecot
config:
ssl = required
ssl_cert = </etc/ssl/ourCerts/imap.pem
ssl_key = </etc/ssl/ourCerts/imap_key.pem
Now, I've created new keys/certs and t...
2014 Apr 08
0
CentOS-announce Digest, Vol 110, Issue 5
...ounce-request at centos.org
You can reach the person managing the list at
centos-announce-owner at centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CVE-2014-0160 CentOS 6 openssl heartbleed workaround
(Karanbir Singh)
2. CESA-2014:0376 Important CentOS 6 openssl Update (Karanbir Singh)
----------------------------------------------------------------------
Message: 1
Date: Tue, 08 Apr 2014 03:11:01 +0100
From: Karanbir Singh <kbsingh at centos.org>
Subject: [CentOS-an...
2015 Jan 12
2
Design changes are done in Fedora
On Sun, January 11, 2015 5:16 pm, Keith Keller wrote:
> On 2015-01-11, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:
>>
>> Indeed. Or another system altogether (sihg). I'm just extending your
>> thought half a step farther ;-)
>
> Or going even farther, if you like CentOS but not systemd, do the work
> to get CentOS working without it. Unhappy Debian
2015 Apr 10
4
Locked version repos
...s. I'd like to have locked version repos for each
role with tested RPMs. Then perhaps quarterly apply any updates. It
would be nice to have something showing which updates are available for
these locked repos. I'd also want to be able to just push single update
RPMs into the repo (think heartbleed)
I've had a look at spacewalk and katello, but they seem a bit
complicated. Katello seems closer to what I'm looking for with its
versioned "Content Views", but I don't see how I could selectively
include some new packages in it. It seems like it only handles making
new s...
2015 Jan 12
0
Design changes are done in Fedora
...ave been stolen from it... I realized then that that level big
>>> flop
>>> never happened to RedHat. I couldn't even point to something that would
>>> constitute big flop RedHat of then. One only criticizes something while
>>> one cares about it ;-)
>> Heartbleed was pretty scary, no? I'd consider that at least as bad as
>> the predictable number generator issue.
>>
> Well, heratbleed and shellshock were pretty much global: all systems (not
> only Linuxes, not to say particular Linux distributions - my FreeBSD boxes
> were affected...
2017 Feb 01
3
Fuzzing bitcode reader
Hi all,
The blog entry [1] suggest that one of the buildbots constantly fuzzes
clang and clang-format. However, the actual bot [2] only tests the
fuzzer itself over a well-known set of bugs in standard software (eg.
Heartbleed [3] seems to be among them). Has there actually ever been a
buildbot that fuzzes clang/LLVM itself?
Another (obvious?) fuzzing candidate would be the LLVM's bitcode
reader. I ran afl-fuzz on it and it found lots of failed assertions
within seconds. Isn't fuzzing done on a regular basis as...
2014 Jun 10
2
SSL/TLS weakness impact on Asterisk authentication
After reading about the 2 major SSL (and TLS?) weaknesses discovered this year, I was wondering how it affects asterisk.
Does the SIP authentication use TLS - or something that was recently broken? Is there a risk of exposing passwords?
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2017 Feb 01
2
Fuzzing bitcode reader
....llvm.org> wrote:
>>
>> Hi all,
>>
>> The blog entry [1] suggest that one of the buildbots constantly fuzzes
>> clang and clang-format. However, the actual bot [2] only tests the
>> fuzzer itself over a well-known set of bugs in standard software (eg.
>> Heartbleed [3] seems to be among them).
>
> Isn’t it this stage? http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer/builds/2755/steps/stage2%2Fasan%2Bassertions%20check-fuzzer/logs/stdio
To me it looks like just the compilation and the unit+regression tests
("ninja check-fuzzer",...
2015 Jan 12
0
Design changes are done in Fedora
...gt;> never happened to RedHat. I couldn't even point to something that
>>>>>> would
>>>>>> constitute big flop RedHat of then. One only criticizes something
>>>>>> while
>>>>>> one cares about it ;-)
>>>>> Heartbleed was pretty scary, no? I'd consider that at least as bad as
>>>>> the predictable number generator issue.
>>>>>
>>>> Well, heratbleed and shellshock were pretty much global: all systems
>>>> (not
>>>> only Linuxes, not to say par...