Infrastructure | iii threetreeslight

April 9, 2014

OpenSSLのバグ対応

まずこちら。 OpenSSLの重大バグが発覚。インターネットの大部分に影響の可能性 早急に対応しましょう。 公式 OpenSSL Security Advisory [07 Apr 2014] TLS heartbeat read overrun (CVE-2014-0160) A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley agl@chromium. ... Read more