09Apr2014 (UTC +8) Here's a quick test on your localhost, & you don't even need to be root...
drexx@MACHINE:~$ echo -e "quit\n" | openssl s_client -connect google.com:443 -tlsextdebug 2>&1 | grep 'TLS server extension "heartbeat" (id=15), len=1' TLS server extension "heartbeat" (id=15), len=1 drexx@MACHINE:~$ date; Wed Apr 9 21:02:58 PHT 2014 drexx@MACHINE:~$ uname -a Linux MACHINE 3.11.0-19-generic #33~precise1-Ubuntu SMP Wed Mar 12 21:16:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA http://www.laggui.com ( Manila & California ) Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer PGP fingerprint = 0117 15C5 F3B1 6564 59EA 6013 1308 9A66 41A2 3F9B On Wed, Apr 9, 2014 at 10:42 AM, Rudel Saldivar <[email protected]> wrote: > > And I may add this link for the exact patch version since different package > revision exist for different versions of Ubuntu - > http://www.ubuntu.com/usn/usn-2165-1/ > > Ubuntu 13.10: > libssl1.0.0 1.0.1e-3ubuntu1.2 > Ubuntu 12.10: > libssl1.0.0 1.0.1c-3ubuntu2.7 > Ubuntu 12.04 LTS: > libssl1.0.0 1.0.1-4ubuntu5.12 > > As for CentOS 6, they haven't release a patch version but the latest > available in the update repo have the heartbeat feature disable, interim > workaround so upgrade when you can: > http://www.spinics.net/lists/centos-announce/msg04910.html > http://www.spinics.net/lists/centos-announce/msg04910.html > > > ----- > > -[ OpenSource, Open Ideas ]- > > > On Wed, Apr 9, 2014 at 8:42 AM, fooler mail <[email protected]> wrote: >> >> pluggers, >> >> action needed from you if you are not aware with this serious security >> hole... >> >> http://www.openssl.org/news/secadv_20140407.txt >> >> update/patch your openssl package... create a new private key using >> updated/patched openssl... create a new CSR based on that new private >> key and update your https site(s) with a new signed certificate (this >> includes self-signed certificate as well) _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
