Our response to the OpenSSL 'heartbleed' vulnerability
@mbloch wrote: Here's how we're responding to the OpenSSL vulnerability announced at http://heartbleed.com/ This is a very serious security vulnerability in software that is deployed on almost every...
View ArticleOur response to the OpenSSL 'heartbleed' vulnerability
@ichilton wrote: There was a slight typo in one of the links to the advisory above - you can find it here: http://heartbleed.com Read full topic
View ArticleOur response to the OpenSSL 'heartbleed' vulnerability
@cdelarrinaga wrote: Thank you for the advisory. I assume generating fresh keys with a vulnerable version of OpenSSL is not helpful? So the action recommended for Symbiosis users is to do so using an...
View ArticleOur response to the OpenSSL 'heartbleed' vulnerability
@pcherry wrote: Symbiosis uses the ordinary Debian security updates, and so you can just run apt-get update followed by apt-get upgrade to upgrade everything. That should restart (at least) the...
View ArticleOur response to the OpenSSL 'heartbleed' vulnerability
@cdelarrinaga wrote: As of this morning - apt-get update/upgrade take openssl to OpenSSL 1.0.1e 11 Feb 2013 not to 'g' . Presumably this means either waiting for an official update for wheezy or...
View ArticleOur response to the OpenSSL 'heartbleed' vulnerability
@dwilko wrote: It should be a patched version of 1.0.1e, if the installed package is 1.0.1e-2+deb7u5 then it's not vulnerable. http://www.debian.org/security/2014/dsa-2896 You need to make sure you...
View ArticleOur response to the OpenSSL 'heartbleed' vulnerability
@cdelarrinaga wrote: dwilko: 1.0.1e-2+deb7u5 the update gave me 1.0.1e-2+deb7u6 apt-cache policy opensslopenssl: Installed: 1.0.1e-2+deb7u6 Candidate: 1.0.1e-2+deb7u6 Version table: ***...
View ArticleOur response to the OpenSSL 'heartbleed' vulnerability
@dwilko wrote: Then it should be fine, I mean to say u5 and up. If I recall correctly u6 tries to advise you on which services you need to restart for the patch to take affect, I have found it doesn't...
View ArticleOur response to the OpenSSL 'heartbleed' vulnerability
@mbloch wrote: I am writing a follow-up post at the moment on how to handle your data after patching heartbleed. Just waiting for a bit of feedback from the rest of the team. Read full topic
View ArticleOur response to the OpenSSL 'heartbleed' vulnerability
@mbloch wrote: Here it is: Heartbleed: after you've patched, what next? Security A few customers have got in touch to ask what they should do after patching their servers against the heartbleed...
View Article
More Pages to Explore .....