[Pkg-openssl-devel] Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)
Travis Cross
tc at travislists.com
Mon Apr 7 21:11:09 UTC 2014
Package: openssl
Version: 1.0.1f-1
Severity: grave
A serious flaw has been discovered in OpenSSL versions 1.0.1 through
1.0.1f. This bug can allow an attacker to read process memory on
vulnerable systems leading to exposure of the private key. Please
see:
http://www.openssl.org/news/secadv_20140407.txt
http://heartbleed.com/
Debian will need to patch OpenSSL in sid, jessie, and wheezy, and all
keys used with vulnerable processes will need to be replaced both in
Debian infrastructure and by all users of this package.
More information about the Pkg-openssl-devel
mailing list