Differences between revisions 2 and 3

heartbleed

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

http://helpdesk.wisc.edu/page.php?id=39080

How to check for vulnerable versions of OpenSSL

TLS heartbeat read overrun (CVE-2014-0160)

Versions 1.0.1 to 1.0.1f are potentially vulnerable. Version 1.0.1g if the fixed version. Other versions of OpenSSL (1.0.0 branch, 0.9.8 branch) are not vulnerable.

A basic version check: openssl version -a

A more specific check: openssl version -a| grep -oE '1.0.1[a-g]{1}?|DOPENSSL_NO_HEARTBEATS'

This should return the version, assuming version 1.0.1x. If the OPENSSL_NO_HEARTBEATS flag shows up then it’s not vulnerable regardless of version.

-  ⇤ ← Revision 2 as of 2014-04-09 11:51:44 → 
  Size: 822
  Editor: bl7-103-23
  Comment:
+   ← Revision 3 as of 2014-04-09 11:53:05 → ⇥
  Size: 868
  Editor: bl7-103-23
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 7:
+TLS heartbeat read overrun (CVE-2014-0160)