Grave security-bug in SSL/TLS implementation of OpenSSL

Everything you need to know
Forum rules
Do not hijack announcements while appending your questions to them.
Select suitable forum for questions related to server, desktop clients and mobile apps.

Grave security-bug in SSL/TLS implementation of OpenSSL

Postby Rancor » Tue Apr 08, 2014 9:49 am

Hi,

this is nothing ownCloud related but in my opinion that grave to post it as an announcement in here.

At the moment there is a grave security bug in the SSL/TLS implementation of OpenSSL which is used in your webservers SSL implementation or in SSH.

An attacker is able to read stuff like passwords or private keys from the memory of vulnerable clients or server without authentication. Everything currently in your memory could be affected.

So update your client or server ASAP (better yesterday than tomorrow) and change sensitive data like passwords or private keys.

More infos are available here:

http://heartbleed.com/
*inactive*
Rancor
OwnCloud master
 
Posts: 8449
Joined: Sat May 26, 2012 3:00 pm
ownCloud version: 7.0.1
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 5.5.x

Re: Grave security-bug in SSL/TLS implementation of OpenSSL

Postby Rancor » Tue Apr 08, 2014 11:40 am

Just to make clear:

Everyone could be affected by this bug even if you don't run a server. All your requests to a vulnerable server can be read from the servers memory by an attacker. This could also contain passwords etc.
*inactive*
Rancor
OwnCloud master
 
Posts: 8449
Joined: Sat May 26, 2012 3:00 pm
ownCloud version: 7.0.1
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 5.5.x


Return to Announcements

Who is online

Users browsing this forum: Google Feedfetcher and 4 guests