Grave security-bug in SSL/TLS implementation of OpenSSL

Everything you need to know
Forum rules
The forums were migrated over to https://central.owncloud.org which is based on the forum software Discourse. The forums here is put into read-only mode starting from today.

More background information about this move and the reasoning behind it is available in this blogpost:

https://daniel.molkentin.net/2016/07/20 ... d-central/
RealRancor
ownCloud master
Posts: 17381
Joined: Sat May 26, 2012 3:00 pm
ownCloud version: 9.0.2
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 7.0.x

Grave security-bug in SSL/TLS implementation of OpenSSL

Postby RealRancor » Tue Apr 08, 2014 9:49 am

Hi,

this is nothing ownCloud related but in my opinion that grave to post it as an announcement in here.

At the moment there is a grave security bug in the SSL/TLS implementation of OpenSSL which is used in your webservers SSL implementation or in SSH.

An attacker is able to read stuff like passwords or private keys from the memory of vulnerable clients or server without authentication. Everything currently in your memory could be affected.

So update your client or server ASAP (better yesterday than tomorrow) and change sensitive data like passwords or private keys.

More infos are available here:

http://heartbleed.com/
*gone*

RealRancor
ownCloud master
Posts: 17381
Joined: Sat May 26, 2012 3:00 pm
ownCloud version: 9.0.2
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 7.0.x

Re: Grave security-bug in SSL/TLS implementation of OpenSSL

Postby RealRancor » Tue Apr 08, 2014 11:40 am

Just to make clear:

Everyone could be affected by this bug even if you don't run a server. All your requests to a vulnerable server can be read from the servers memory by an attacker. This could also contain passwords etc.
*gone*


Return to “Announcements”

Who is online

Users browsing this forum: No registered users and 3 guests