Grave security-bug in SSL/TLS implementation of OpenSSL

Everything you need to know
Forum rules
Do not hijack announcements while appending your questions to them.
Select suitable forum for questions related to server, desktop clients and mobile apps.

Grave security-bug in SSL/TLS implementation of OpenSSL

Postby RealRancor » Tue Apr 08, 2014 9:49 am

Hi,

this is nothing ownCloud related but in my opinion that grave to post it as an announcement in here.

At the moment there is a grave security bug in the SSL/TLS implementation of OpenSSL which is used in your webservers SSL implementation or in SSH.

An attacker is able to read stuff like passwords or private keys from the memory of vulnerable clients or server without authentication. Everything currently in your memory could be affected.

So update your client or server ASAP (better yesterday than tomorrow) and change sensitive data like passwords or private keys.

More infos are available here:

http://heartbleed.com/
*inactive*
RealRancor
OwnCloud master
 
Posts: 8599
Joined: Sat May 26, 2012 3:00 pm

Re: Grave security-bug in SSL/TLS implementation of OpenSSL

Postby RealRancor » Tue Apr 08, 2014 11:40 am

Just to make clear:

Everyone could be affected by this bug even if you don't run a server. All your requests to a vulnerable server can be read from the servers memory by an attacker. This could also contain passwords etc.
*inactive*
RealRancor
OwnCloud master
 
Posts: 8599
Joined: Sat May 26, 2012 3:00 pm


Return to Announcements

Who is online

Users browsing this forum: Google Feedfetcher and 5 guests