search

michaellukashov / Far-NetBox

SFTP/SCP/FTP/FTPS/WebDAV/S3 client for Far Manager 3 (http://farmanager.com/)
https://forum.farmanager.com/viewtopic.php?t=6317
GNU General Public License v2.0
161 stars 52 forks source link

Вылезла чужая ошибка с TLS - в OpenSSL 1.0.1f #106

Closed VictorVG closed 10 years ago

VictorVG commented 10 years ago

http://www.openssl.org/news/secadv_20140407.txt:

"OpenSSL Security Advisory [07 Apr 2014]

TLS heartbeat read overrun (CVE-2014-0160)

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley agl@chromium.org and Bodo Moeller bmoeller@acm.org for preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2."

пока не понял стоит ли с ней возится, посему кладу это нам для информации пока не станет понятно надо ли задрав хвост бежать за фантиком на верёвочке...:)

VictorVG commented 10 years ago

Всё, либы обновлены, памятка не нужна.