The Heartbleed Bug (CVE-2014-0160)

Neel Metha from Google Security discovered incorrect memory handling in Open TLS Heartbeat extension. By which attacker can access upto 64K of memory of client or server and can expose Private key and other secret data.
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

For complete details, please visit references


Ubuntu / Security Notice USN-2165-1
OpenSSL Security Advisory (published 7th of April 2014, ~17:30 UTC)

No comments:

Post a Comment