search for: heartbleeds

For even more information about "Heartbleed". -Connie Sieh ---------- Forwarded message ---------- Date: Wed, 9 Apr 2014 12:27:54 -0500 From: The SANS Institute <NewsBites at sans.org> Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites are issued only when a security event demands global and immediate

Do we know if dovecot is vulnerable to the heartbleed SSL problem? I'm running dovecot-2.0.9 and openssl-1.01, the latter being intrinsically vulnerable. An on-line tool says that my machine is not affected on port 993 but it would be nice to know for sure if we were vulnerable for a while. (Naturally I've blocked it anyway!). Thanks John

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Earlier in the day today, we were made aware of a serious issue in openssl as shipped in CentOS-6.5 ( including updates issued since CentOS-6.5 was released ); This issue is addressed in detail at http://heartbleed.com/ Upstream have not released a patched version of openssl, although we are reliably informed that there is quite a bit of effort

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Earlier in the day today, we were made aware of a serious issue in openssl as shipped in CentOS-6.5 ( including updates issued since CentOS-6.5 was released ); This issue is addressed in detail at http://heartbleed.com/ Upstream have not released a patched version of openssl, although we are reliably informed that there is quite a bit of effort

Subject: Heartbleed Toolkit | Secure, Detect, & Repair Date: Thu, 10 Apr 2014 18:12:16 -0400 From: Red Hat <email at engage.redhat.com> View in a Web Browser <http://app.engage.redhat.com/e/es.aspx?s=1795&e=352069&elq=852ad1748d834dbeac7f2adf6f4b1679> "Follow us on Twitter"

On Sun, January 11, 2015 7:29 pm, Keith Keller wrote: > On 2015-01-12, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >> >> PS I guess I just mention it. I'm quite happy about CentOS (or RedHat if >> I >> look back). One day I realized how happy I am that I chose RedHat way >> back, - that was when all Debian (and its clones like Ubuntu,...) admins

I know I'm slightly OT here, asking about RHEL, but since Centos is now a part of RH, I'm hoping I won't be summarily ejected. I've seen several articles that listed Centos 6.x as vulnerable, but DID NOT LIST RHEL 6. I'd think that if Centos 6.x is vulnerable, then so would RHEL 6.x, since Centos is made from RHEL sources. Does anyone know for sure either way? thanks! --

Kostya, I took a quick stab at patching libFuzzer for Apple, but so far I'm thinking something else is incorrect. Patch is attached but when I went to reproduce the examples, the toy example went fine, but with PCRE and Heartbleed I noticed the coverage statistics were pretty poor, and didn't find anything. Admittedly I moved onto Heartbleed pretty quickly so PCRE probably isn't the

On Sun, January 11, 2015 8:29 pm, Eddie G. O'Connor Jr. wrote: > On 01/11/2015 09:24 PM, Valeri Galtsev wrote: >> On Sun, January 11, 2015 7:29 pm, Keith Keller wrote: >>> On 2015-01-12, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >>>> PS I guess I just mention it. I'm quite happy about CentOS (or RedHat >>>> if >>>> I

On Mon, Feb 2, 2015 at 8:02 PM, Kahlil Hodgson <kahlil.hodgson at dealmax.com.au> wrote: > On 3 February 2015 at 13:34, PatrickD Garvey <patrickdgarveyt at gmail.com> wrote: >> Now how about some specific sources you personally used to learn your >> craft that we can use likewise? > > So many places it makes my brain hurt just thinking about it. Google > and

On 01/11/2015 09:38 PM, Valeri Galtsev wrote: > On Sun, January 11, 2015 8:29 pm, Eddie G. O'Connor Jr. wrote: >> On 01/11/2015 09:24 PM, Valeri Galtsev wrote: >>> On Sun, January 11, 2015 7:29 pm, Keith Keller wrote: >>>> On 2015-01-12, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >>>>> PS I guess I just mention it. I'm quite

Hi all, Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, the boss finally agreed to let me buy some real certs... Until now, we've been using self-signed certs with the following dovecot config: ssl = required ssl_cert = </etc/ssl/ourCerts/imap.pem ssl_key = </etc/ssl/ourCerts/imap_key.pem Now, I've created new keys/certs and the CSR, got the new

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

On Sun, January 11, 2015 5:16 pm, Keith Keller wrote: > On 2015-01-11, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >> >> Indeed. Or another system altogether (sihg). I'm just extending your >> thought half a step farther ;-) > > Or going even farther, if you like CentOS but not systemd, do the work > to get CentOS working without it. Unhappy Debian

Hello Everyone I'm looking into the best way to have locked version repos for my CentOS systems. The systems are all set up with Chef and have a couple different recopies/roles. I'd like to have locked version repos for each role with tested RPMs. Then perhaps quarterly apply any updates. It would be nice to have something showing which updates are available for these locked repos.

On 01/11/2015 09:24 PM, Valeri Galtsev wrote: > On Sun, January 11, 2015 7:29 pm, Keith Keller wrote: >> On 2015-01-12, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >>> PS I guess I just mention it. I'm quite happy about CentOS (or RedHat if >>> I >>> look back). One day I realized how happy I am that I chose RedHat way >>> back, -

Hi all, The blog entry [1] suggest that one of the buildbots constantly fuzzes clang and clang-format. However, the actual bot [2] only tests the fuzzer itself over a well-known set of bugs in standard software (eg. Heartbleed [3] seems to be among them). Has there actually ever been a buildbot that fuzzes clang/LLVM itself? Another (obvious?) fuzzing candidate would be the LLVM's bitcode

After reading about the 2 major SSL (and TLS?) weaknesses discovered this year, I was wondering how it affects asterisk. Does the SIP authentication use TLS - or something that was recently broken? Is there a risk of exposing passwords? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL:

2017-02-01 17:45 GMT+01:00 Mehdi Amini <mehdi.amini at apple.com>: > >> On Feb 1, 2017, at 8:34 AM, Michael Kruse via llvm-dev <llvm-dev at lists.llvm.org> wrote: >> >> Hi all, >> >> The blog entry [1] suggest that one of the buildbots constantly fuzzes >> clang and clang-format. However, the actual bot [2] only tests the >> fuzzer itself

On 01/11/2015 08:50 PM, Eddie G. O'Connor Jr. wrote: > On 01/11/2015 09:38 PM, Valeri Galtsev wrote: >> On Sun, January 11, 2015 8:29 pm, Eddie G. O'Connor Jr. wrote: >>> On 01/11/2015 09:24 PM, Valeri Galtsev wrote: >>>> On Sun, January 11, 2015 7:29 pm, Keith Keller wrote: >>>>> On 2015-01-12, Valeri Galtsev <galtsev at