ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


CVE 2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

ClearCenter response

Short response

This issue was fixed in the backported fixes of versions of openssl 1.0.1-16.el6_5.7 and later.

Long response

This bug was introduced in ClearOS version 6.5 and was fixed in updates shortly after the announcement of the bug. This issue does not exist in any previous or later version of ClearOS.

Resolution

If you are running ClearOS 6.5, please ensure that you are running the latest updates:

yum update

You may also validate your version by running:

rpm -qi openssl

You should validate that you are running openssl 1.0.1-16.el6_5.7 or later.

content/en_us/announcements_cve_cve-2014-0160.txt · Last modified: 2014/12/22 11:32 by dloper

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Aannouncements_cve_cve-2014-0160&1558461145