Hi,
Unfortunately a number of our servers were hacked over the weekend (they
were turned into zombies and used in a DoS attack on a number of ISPs).
After some investigation we've concluded that the attackers exploited
this vulnerability in Mongrel2
(https://github.com/zedshaw/mongrel2/issues/244)
(https://www.certifiedsecure.com/polarssl-advisory/).
We created a pull request (https://github.com/zedshaw/mongrel2/pull/250)
which includes a version of the polarssl dependency that is patched
against this vulnerability. Can someone with write permissions on the
project please integrated the pull request into the master branch?
It might be an idea to update the 'latest release' on the Mongrel2.org
website to include this patch.
Regards,
Dónal.
--
*Dónal McCarthy*
Technical Lead
Data Mining & Social Computing, TSSG
Telecommunications Software & Systems Group (TSSG),
ArcLabs Research and Innovation Building,
Waterford Institute of Technology,
Carriganore Campus, Carriganore,
Co. Waterford, Ireland
*Tel:* +353 (0)51 30 2977
*Fax:* +353 (0)51 341 100 <tel:+353-51-341-100>
*E-mail:* [email protected] <mailto:[email protected]>
*LinkedIn: *ie.linkedin.com/pub/donal-mccarthy/3/a06/646/
www.tssg.org <http://www.tssg.org>
TSSG Signature <http://www.tssg.org>
