OpenSSL Security Bug

Posted at April 8, 2014 at 7:20 pm by admin

OpenSSL exploit and vulnerability has recently been discovered.  It is highly recommended that servers running the vulnerable version of OpenSSL (1.0.1 and 1.0.2beta) are upgraded immediately.

OpenSSL Security Advisory [07 Apr 2014]
TLS heartbeat read overrun (CVE-2014-0160)
A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.
Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <> and Bodo Moeller <> for
preparing the fix.
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
1.0.2 will be fixed in 1.0.2-beta2.

You can leave a response, or trackback from your own site.

Leave a Reply