[Freeswitch-users] major openssl vulnerability.
R P Herrold
herrold at owlriver.com
Tue Apr 8 02:20:59 MSD 2014
On Mon, 7 Apr 2014, Michael Jerris wrote:
> More information available at http://heartbleed.com/ . You should probably upgrade openssl to at least 1.0.1g and re-generate all keys and invalidate old keys.
* nod * looks material. I mentioned side channel leakage [of
which this is a variant], and the need to move to Perfect
Forward Security in my post last week
The speculation in the heartbleed site as to CentOS 6 series
PRIOR to the 6.5 updates, seems to be partiall ruled out by:
https://access.redhat.com/security/cve/CVE-2014-0160
but the 6.5 update srouces, sadly, adds it, and so we can look
for an openssl update there
-- Russ herrold
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list