[Wolves] Fwd: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability

David Goodwin david at codepoets.co.uk
Tue Apr 8 18:33:36 UTC 2014

> It's a pretty serious bug, as it allows the attacker to reveal upto 
> 64KiB of  private memory, this could potentially include the SSL 
> private keys!
> The bug does only affect OpenSSL version 1.0.1 (and 1.0.2) but it 
> affects anything using OpenSSL, eg: Apache HTTPD, OpenVPN, etc.

Yes. Unfortunately it's the case that if you hadn't upgraded to Debian 
Wheezy (and were still on Squeeze) that you would have been safe. 
Annoyingly I upgraded my mail server less than a week ago :-(

Now to question which banks (if any) have been compromised/hit

See also : https://lwn.net/Articles/593683/


David Goodwin

More information about the Wolves mailing list