[Freeswitch-users] major openssl vulnerability.

R P Herrold herrold at owlriver.com
Tue Apr 8 02:20:59 MSD 2014

On Mon, 7 Apr 2014, Michael Jerris wrote:

> More information available at  http://heartbleed.com/ .  You should probably upgrade openssl to at least 1.0.1g and re-generate all keys and invalidate old keys.

* nod * looks material.  I mentioned side channel leakage [of 
which this is a variant], and the need to move to Perfect 
Forward Security in my post last week

The speculation in the heartbleed site as to CentOS 6 series 
PRIOR to the 6.5 updates, seems to be partiall ruled out by:

but the 6.5 update srouces, sadly, adds it, and so we can look 
for an openssl update there

-- Russ herrold

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list