1. Security Vulnerability CVE-2014-0160 (Heartbleed)

             CVE-2014-0160 – Heartbleed got us all with pants down, there’s a new vulnerability found in a pretty recent version of openssl, it affects all versions starting 1.0.1 and fixed in 1.0.1g, it got a name debian vendors claim that the fixed version is 1.0.1e-2+deb7u5, but while I was writing this post openssl-1.0.1e-2+deb7u5 was gone and openssl-1.0.1e-2+deb7u6 replaced it, Debian announcement  did not update on this one.

    Here’s how you patch CVE-2014-0160 on debian/ubuntu:

    Debian:

    Squeeze – unaffected

    Wheezy  –

    apt-get update

    apt-get install openssl=1.0.1e-2+deb7u6

    Ubuntu:

    for example on 12.04

    apt-get update

    apt-get install openssl=1.0.1-4ubuntu5.12

    other versions – check yourself,

    when you finished fixing it, don’t forget to  /etc/init.d/ssh restart

    and keep security in your sources list!

    תגיות: , , , , , , ,