Grave security-bug in SSL/TLS implementation of OpenSSL

Everything you need to know

Grave security-bug in SSL/TLS implementation of OpenSSL

Postby Rancor » Tue Apr 08, 2014 8:49 am

Hi,

this is nothing ownCloud related but in my opinion that grave to post it as an announcement in here.

At the moment there is a grave security bug in the SSL/TLS implementation of OpenSSL which is used in your webservers SSL implementation or in SSH.

An attacker is able to read stuff like passwords or private keys from the memory of vulnerable clients or server without authentication. Everything currently in your memory could be affected.

So update your client or server ASAP (better yesterday than tomorrow) and change sensitive data like passwords or private keys.

More infos are available here:

http://heartbleed.com/
*mostly inactive*
Rancor
OwnCloud master
 
Posts: 7512
Joined: Sat May 26, 2012 2:00 pm
ownCloud version: 6.0.4
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 5.5.x

Re: Grave security-bug in SSL/TLS implementation of OpenSSL

Postby Rancor » Tue Apr 08, 2014 10:40 am

Just to make clear:

Everyone could be affected by this bug even if you don't run a server. All your requests to a vulnerable server can be read from the servers memory by an attacker. This could also contain passwords etc.
*mostly inactive*
Rancor
OwnCloud master
 
Posts: 7512
Joined: Sat May 26, 2012 2:00 pm
ownCloud version: 6.0.4
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 5.5.x


Return to Announcements

Who is online

Users browsing this forum: No registered users and 5 guests