heartbleed
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
http://helpdesk.wisc.edu/page.php?id=39080
How to check for vulnerable versions of OpenSSL
TLS heartbeat read overrun (CVE-2014-0160)
Versions 1.0.1 to 1.0.1f are potentially vulnerable. Version 1.0.1g if the fixed version. Other versions of OpenSSL (1.0.0 branch, 0.9.8 branch) are not vulnerable.
A basic version check: openssl version -a
A more specific check: openssl version -a| grep -oE '1.0.1[a-g]{1}?|DOPENSSL_NO_HEARTBEATS'
This should return the version, assuming version 1.0.1x. If the OPENSSL_NO_HEARTBEATS flag shows up then it’s not vulnerable regardless of version.
Slackware64 14.0
Advisory http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.533622
- installpkg openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz
- installpkg openssl-1.0.1g-x86_64-1_slack14.0.txz
- openssl version -a
OpenSSL 1.0.1g 7 Apr 2014 built on: Tue Apr 8 08:41:12 CDT 2014 platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: "/etc/ssl"